summaryrefslogtreecommitdiff
path: root/lib/gnutls_int.h
Commit message (Collapse)AuthorAgeFilesLines
* Fix warn_unused_result for clang < 4tmp-fix-travisTim Rühsen2019-06-021-1/+3
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Add nonnull, nonnull_all and warn_unusd_result attributes in lib/gnutls_int.hTim Rühsen2019-05-281-11/+27
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* tests: prf-early fixes the global versionNikos Mavrogiannopoulos2019-05-241-0/+2
| | | | | | | | This allows having fixed data in the hello message involved. That required exposing the variable holding the global gnutls version number for testing. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Always pass in and check Q in TLS 1.3Simo Sorce2019-05-231-0/+1
| | | | | | | In FIPS mode do an extra check that we did have Q, but it is always passed into the tls13 derive function from the callers. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add plumbing to handle Q parameter in DH exchangesSimo Sorce2019-05-231-2/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Merge branch 'tmp-keyupdate-fixes' into 'master'Nikos Mavrogiannopoulos2019-05-231-1/+2
|\ | | | | | | | | | | | | Fix handling of malformed KeyUpdate messages Closes #699 See merge request gnutls/gnutls!1005
| * tls13/key_update: increase handling limit from 1 to 8Daiki Ueno2019-05-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | The limit was too small when testing the capability of handling multiple KeyUpdate messages with tlsfuzzer. This requires a change in the rate limit logic, as previously it doesn't count the KeyUpdate messages despite the name of KEY_UPDATES_PER_SEC. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | priority: add new option to allow small records (>= 64)Daiki Ueno2019-05-221-0/+5
|/ | | | | | | | | | | | There is a mismatch in the lower limit of record sizes in RFC 8449 (64) and our default (512). If the server advertises a smaller limit than our default, the client has no way to keep communicating with the server. This patch adds a new priority string option %ALLOW_SMALL_RECORDS to set the limit to 64. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* ext/record_size_limit: distinguish sending and receiving limitstmp-record-sizesDaiki Ueno2019-05-141-7/+13
| | | | | | | | | | | | | | | | The previous behavior was that both sending and receiving limits are negotiated to be the same value. It was problematic when: - client sends a record_size_limit with a large value in CH - server sends a record_size_limit with a smaller value in EE - client updates the limit for both sending and receiving, upon receiving EE - server sends a Certificate message larger than the limit With this patch, each peer maintains the sending / receiving limits separately so not to confuse with the contradicting settings. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Add or clean header guards in lib/Tim Rühsen2019-05-071-3/+3
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* handshake: generate early exporter secretDaiki Ueno2019-04-191-1/+1
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* handshake: remove unnecessary HSK_CRT_SENT flagDaiki Ueno2019-04-031-1/+0
| | | | | | | Previously, while the flag HSK_CRT_SENT was checked in _gnutls13_send_certificate_verify, the flag was never set anywhere. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Merge branch 'tmp-increase-nr-of-tickets' into 'master'Nikos Mavrogiannopoulos2019-03-261-7/+0
|\ | | | | | | | | | | | | handshake: increase the default number of tickets we send to 2 Closes #596 See merge request gnutls/gnutls!942
| * handshake: increase the default number of tickets we send to 2tmp-increase-nr-of-ticketsNikos Mavrogiannopoulos2019-03-201-7/+0
| | | | | | | | | | | | | | | | | | | | | | This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. That's because 2 tickets allow for 2 new connections (if one is using each ticket once as recommended), which in turn lead to 4 new and so on. Resolves: #596 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Improved estimation of wait in gnutls_session_get_data2tmp-improve-session-resumptionNikos Mavrogiannopoulos2019-03-191-2/+6
|/ | | | | | | | | | | | | Previously we would wait an arbitrary value of 50ms for the server to send session tickets. This change makes the client wait for the estimated single trip time + 60 ms for the server to calculate the session tickets. This improves the chance to obtain tickets from internet servers during the call of gnutls_session_get_data2(). Resolves: #706 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Protected _gnutls_epoch_get from _gnutls_epoch_gc on false startNikos Mavrogiannopoulos2019-03-021-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_record_send2: try to ensure integrity of operations on false and ↵Nikos Mavrogiannopoulos2019-03-021-0/+3
| | | | | | | | | | early start This adds a double check in the sanity check of gnutls_record_send2() for the initial_negotiation_completed value, making sure that the check will be successful even in parallel operation of send/recv. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* ext/record_size_limit: don't confuse with negotiated/user-supplied maximumDaiki Ueno2019-02-141-5/+9
| | | | | | | | As documented in gnutls_int.h, max_record_send_size is for tracking the user-supplied maximum, while max_record_recv_size for the protocol negotiated maximum. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* ext/max_record: server shouldn't send it with record_size_limitDaiki Ueno2019-02-141-2/+3
| | | | | | | | | Otherwise, the connection will be disconnected by the client, as suggested in RFC: A client MUST treat receipt of both "max_fragment_length" and "record_size_limit" as a fatal error, and it SHOULD generate an "illegal_parameter" alert. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Enforce the certificate key usage restrictions on all casesNikos Mavrogiannopoulos2019-02-061-2/+2
| | | | | | | | | | | | | | | That is, we require a signing certificate when negotiating TLS1.3, or when sending a client certificate (on all cases). Before we would not perform any checks under TLS1.3 or when client certificates are sent, assuming that the certificates used will always be signing ones. However if the user sets up incorrectly a decryption certificate we would use it for signing. This fix makes sure that an error is returned early when these scenarios are detected. Resolves: #690 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Fix typos in lib/tmp-fix-typos-in-libTim Rühsen2019-01-041-2/+2
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Implemented support for raw public-key functionality (RFC7250).Tom Vrancken2018-12-151-2/+32
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Fix gnutls_handshake_set_timeout() for values < 1000tmp-fix-timeoutTim Rühsen2018-12-061-1/+3
| | | | | | | handshake-timeout.c now tests for <1000ms timeout and for >=1000ms timeout. The test duration decreased from 45s to 1.2s. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Constant time/cache PKCS#1 RSA decryptiontmp-fix-CVE-2018-16868Simo Sorce2018-11-301-0/+4
| | | | | | | | | | | This patch tries to make the code have the same time and memory access aptterns across all branches of the decryption function so that timining or cache side channels are minimized or neutralized. To do so it uses a new nettle rsa decryption function that is side-channel silent. Signed-off-by: Simo Sorce <simo@redhat.com>
* anti_replay: moved new add function into anti_replay structureNikos Mavrogiannopoulos2018-11-151-1/+0
| | | | | | | | | | The new function was not sharing anything with the existing gnutls_db_* backend, and moving it to anti_replay structure is more clean and allows for deviations from the old API conventions (e.g., now we can pass pointers for efficiency and pass the expiration time as part of the call). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* TLS 1.3: implement anti-replay measure using ClientHello recordingDaiki Ueno2018-11-121-0/+3
| | | | | | | This implements ClientHello recording outlined in section 8.2 of RFC 8446. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* db: introduce gnutls_db_set_add_functionDaiki Ueno2018-11-121-0/+1
| | | | | | | This adds a way to store an entry if it is not found in the database, so that the implementation can provide atomic test-and-set. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tls13/session_ticket: record timestamp in ticketDaiki Ueno2018-11-121-0/+1
| | | | | | | This is needed for implementing freshness checks outlined in 8.3 of RFC 8446. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* handshake: handle early dataDaiki Ueno2018-11-111-4/+14
| | | | | | | | | | | This plumbers early data handling in the handshake processes, which consists of: - traffic key updates taking into account of client_early_traffic_secret - early data buffering in both server and client - the EndOfEarlyData message handling - making use of max_early_data_size extension in NewSessionTicket Signed-off-by: Daiki Ueno <dueno@redhat.com>
* handshake: record transcript hash for ClientHelloDaiki Ueno2018-11-111-0/+1
| | | | | | | This is necessary to compute client_early_traffic_secret and early_exporter_master_secret in TLS 1.3. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Unconditionally include nettle/memxor.htmp-remove-gl-memxorTim Rühsen2018-11-101-5/+0
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* tls13/session_ticket: calculate ticket_age in millisecondsDaiki Ueno2018-10-261-1/+1
| | | | | | | | Previously we calculated ticket age from the current wall clock in seconds, multiplying by 1000. This is conceptually wrong, because ticket age is designed to be in milliseconds. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* _gnutls_timespec_cmp: new inline functionDaiki Ueno2018-10-251-0/+12
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tls13/session_ticket: rename tls13_ticket_t type to tls13_ticket_stDaiki Ueno2018-10-251-3/+3
| | | | | | This is consistent with the coding guideline. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Merge branch 'tmp_cleanup_and_fixes' into 'master'Nikos Mavrogiannopoulos2018-10-231-2/+2
|\ | | | | | | | | | | | | Cleanup and fixes Closes #453 See merge request gnutls/gnutls!779
| * Renamed fields in priority_st to improve code readability. Fixes #453.Tom Vrancken2018-10-181-2/+2
| | | | | | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* | handshake: send missing extension alertNikos Mavrogiannopoulos2018-10-161-2/+5
|/ | | | | | | When a key share extension is not seen under TLS1.3, send the missing extension alert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_init: added flag for automatic re-authenticationNikos Mavrogiannopoulos2018-10-161-1/+3
| | | | | | | | | This introduces the GNUTLS_AUTO_REAUTH gnutls_init() flag and makes re-authentication under TLS simpler to enable and use. Resolves #571 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added session ticket key rotation with TOTPAnder Juaristi2018-09-191-2/+34
| | | | | | | | | | | This introduces session ticket key rotation on server side. The key set with gnutls_session_ticket_enable_server() is used as a master key to generate time-based keys for tickets. The rotation relates to the gnutls_db_set_cache_expiration() period. Resolves #184 Signed-off-by: Ander Juaristi <a@juaristi.eus>
* Remove gnulib work-around '#undef strdup'Tim Rühsen2018-08-241-6/+0
| | | | | | | The 'issue' should be fixed already. Even if not, it has to addressed in gnulib. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Implemented RFC7250 certificate type negotiation extensions.Tom Vrancken2018-08-201-7/+25
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* ext/record_size_limit: new extensionDaiki Ueno2018-08-201-0/+4
| | | | | | | | | | | This implements the record_size_limit extension as defined in RFC 8449. Although it obsoletes the max_record_size extension, for compatibility reasons GnuTLS still sends it on certain occasions. For example, when the new size is representable as the codepoint defined for max_record_size. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* gnutls_session_resumption_requested: fixed behavior under TLS1.3Nikos Mavrogiannopoulos2018-08-201-1/+4
| | | | | | | | | This makes gnutls_session_resumption_requested() functional under TLS1.3 and introduces a unit test of the function. Resolves #546 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* resume: keep persistent session identifiersNikos Mavrogiannopoulos2018-08-071-0/+2
| | | | | | | | | | | | With the introduction of session ticket support (TLS1.2) and TLS1.3, session identifiers have no persistency on server or client side. Improve the situation by introducing persistent session identifiers on server side in a backwards compatible way. Resolves #484 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* buffers: handle very short fragmentation of handshake messagesDaiki Ueno2018-08-061-0/+1
| | | | | | | | | | | | If the received record doesn't even complete the handshake header (i.e., the record size < 4), keep it in a temporary buffer and let the caller receive more records. Once enough amount of data is received, move the already received records back to record_buffer and proceed to the normal processing. Fixes: #272 Signed-off-by: Daiki Ueno <dueno@redhat.com>
* TLS 1.3: ignore "early_data" extensionDaiki Ueno2018-08-061-0/+10
| | | | | | | | | | As 0-RTT is still not implemented in GnuTLS, the server responds with 1-RTT, by skipping decryption failure up to max_early_data_size, as suggested in 4.2.10 Early Data Detection. Resolves #512 Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tls1.3: server returns early on handshake when no cert is provided by clientNikos Mavrogiannopoulos2018-08-031-4/+12
| | | | | | | | | | | | Under TLS1.3 the server knows the negotiated keys early, if no client certificate is sent. In that case, the server is not only able to transmit the session ticket immediately after its finished message, but is also able to transmit data, similarly to false start. Resolves #481 Resolves #457 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls13_recv_async_handshake: process multiple and split handshake messagestmp-fix-multi-async-msgNikos Mavrogiannopoulos2018-07-121-1/+2
| | | | | | | | | | | | | | It is permitted to concatenate multiple async handshake messages in a single record message as well as split large messages (NST) into multiple records. Modified _gnutls13_recv_async_handshake() to process them correctly, instead of assuming that they are formatted as one message per record. Resolves #510 Resolves #504 Relates #511 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* key update: corrected generation of keysNikos Mavrogiannopoulos2018-06-271-2/+2
| | | | | | Resolves #485 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status