| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds interoperability tests for:
* PSK with elliptic curve DHE
* RSA,RSA-PSS,secp256r1,ed25519 server certificate
* RSA,RSA-PSS,secp256r1,ed25519 client certificate
* X25519,SECP256R1 key share exchange
* key share with HRR
Relates #328
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Made the check local when parsing a certificate request, as we may
receive multiple requests when post-handshake authentication is
in place. Furthermore check whether this extension has been received
as this is a mandatory one. In addition handle a memory leak when
multiple peer certificates are set.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
This patch allows a client to enable post-handshake
authentication, perform re-key and restrict the sent key shares.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
|
| |
According to TLS1.3 spec:
The server's certificate_list MUST always be non-empty. A client
will send an empty certificate_list if it does not have an
appropriate certificate to send in response to the server's
authentication request.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
That is, if we are performing PSK under TLS1.3, don't bother
checking whether the certificate is compatible with the ciphersuite;
there isn't any.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
That eliminates duplicate code in server hello parsing.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Previously the computed binder values was not compatible with any
TLS1.3 draft, and was not interoperating with openssl or tlslite.
Resolves #427
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
RSA-PSK ciphersuites: only use under TLS1.2
See merge request gnutls/gnutls!624
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
TLS1.3 handles the receiving of pre-shared keys extension as
invalid when the psk_ke_modes extension is not received as well.
As such, when we ignore the psk_ke_modes for some reason (e.g.,
no credentials) we need to indicate that it was received. We
use the invalid mode flag for that reason, allowing the handshake
to fail later for the right reason (e.g., no credentials error rather
than illegal extension).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
|
|
| |
That is, when specified disable TLS1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
tests: updated sni-hostname check for TLS1.3
Closes #344
See merge request gnutls/gnutls!623
|
| | |
| |
| |
| |
| |
| |
| | |
As --sni-hostname does not imply --verify-hostname a hostname mismatch
still triggers an error.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| |
| |
| |
| |
| | |
Add pointer to --verify-hostname to --sni-hostname description.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |/
|
|
|
|
|
|
|
|
| |
This enables testing various scenarios, by allowing to specify the
hostname to be used for certificate validation when connecting to
a remote host (e.g., localhost but with a certificate for example.com).
Resolves #344
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
That is, prevent re-using a static PIN if it has already been
known to be wrong. Introduced tests of that behavior.
Resolves #425
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Fix re-handshake failure when interrupted by application data
Closes #426
See merge request gnutls/gnutls!620
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On certain cases when re-handshake is interrupted by application
data, _gnutls_epoch_new() will be called twice. Make sure that
this does not lead to an error. We also rename the function to
clarify its purpose _gnutls_epoch_setup_next().
Resolves #426
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Relates: #426
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
It was a legacy variable for error printing that was never
used uniformly.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
That also makes macros from eagain-common.h functioning under cmocka.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
tls13/finished: addressed memory leak in receiving finished packet
See merge request gnutls/gnutls!619
|
| |/
|
|
|
|
|
| |
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7518
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It is used only in DTLS where multiple handshake states may be
active.
Resolves #421
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
Disable TLS1.3 under certain priority strings
See merge request gnutls/gnutls!617
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reason is that these ciphersuites cannot be negotiated using TLS1.3.
There is a different strategy followed for these.
* NULL ciphersuites: they are not something normally enabled and used
for debugging purposes mostly. When set both in client and server side
only TLS1.2 can be used.
* SRP ciphersuites: they are used on client side when the client is actually
performing a username-password authentication with SRP. On server side we
can have indeed a server support SRP and non-SRP. In that case we limit
both on TLS1.2. That an unfortunate restriction, but is not a regression
and IMHO these servers would most likely be phased out as very few would
want to stick to TLS1.2 connections for SRP; or we may have an SRP update
for TLS1.3 which could lift that limitation in the future.
* ANON ciphersuites: they are used in certain client/server setups where very
basic level of security is required, and in opportunistic encryption scenarios.
There is a difference in the handling of these cases. In the case of Anon-only
server/clients they provide the session with anonymous credentials structure; in
the case of opportunistic encryption they provide both certificate and anonymous
credentials. Thus we allow the protocol (TLS1.3) be in the priorities, but if we
see no certificate or PSK credentials we disable TLS1.3 negotiation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This addresses a memory leak found via oss-fuzz. It also
sets the right index on the selected PSK, and returns the
right server error code on incorrect key file.
Addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7465
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
| |
That also improves the if-checks.
Issue and reproducer discovered via oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This amends 62ea232f180b980a0d4b6462c468706db6cc4700, and
removes invalid NULL checks, as well as corrects the key
set for server side.
This is verified against openssl master, but does not include
automated test suite; it will be tested as part of #328
Resolves #419
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Relates: #359
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
TLS1.3: add support for PSK key exchange
Closes #414 and #125
See merge request gnutls/gnutls!615
|
