summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* x509: fix thread-safety in gnutls_x509_trust_list_verify_crt2Daiki Ueno2022-01-171-2/+4
| | | | | | | | | | | | This function previously used gnutls_x509_trust_list_get_issuer without GNUTLS_TL_GET_COPY flag, which is required when the function is called from multi-threaded application and PKCS #11 trust store is in use. Reported and the change suggested by Remi Gacogne in: https://gitlab.com/gnutls/gnutls/-/issues/1277 Signed-off-by: Daiki Ueno <ueno@gnu.org>
* fips: add build option to embed FIPS module info in library configDaiki Ueno2022-01-171-0/+10
| | | | | | | | This adds a couple of configure options, --with-fips140-module-name and --with-fips140-module-version, which packagers can use to embed FIPS module information in the library. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* global: add API to retrieve library configuration at run timeDaiki Ueno2022-01-163-0/+46
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* build: hide maintainer tool invocation behind AM_V_GENDaiki Ueno2022-01-163-4/+8
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'wip/dueno/gost-pkcs12' into 'master'Daiki Ueno2022-01-141-1/+1
|\ | | | | | | | | | | | | pkcs12: use the correct MAC algorithm for GOST key generation Closes #1225 See merge request gnutls/gnutls!1514
| * pkcs12: use the correct MAC algorithm for GOST key generationDaiki Ueno2022-01-131-1/+1
| | | | | | | | | | | | | | According to the latest TC-26 requirements, the MAC algorithm used for PBKDF2 should always be HMAC_GOSTR3411_2012_512. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip/dueno/build-fixes2' into 'master'Daiki Ueno2022-01-123-3/+13
|\ \ | |/ |/| | | | | Minor build fixes before the 3.7.3 release See merge request gnutls/gnutls!1511
| * x509: fix potential wrong usage of memcpyDaiki Ueno2022-01-121-1/+3
| | | | | | | | | | | | | | | | | | | | Spotted by GCC analyzer: common.c:552:17: warning: use of NULL 'out.data' where non-null expected [CWE-476] [-Wanalyzer-null-argument] 552 | memcpy(output_data, out.data, (size_t) out.size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * cert-auth: suppress false-positive warnings with GCC analyzerDaiki Ueno2022-01-122-2/+10
| | | | | | | | | | | | | | | | | | | | When compiled with gcc -fanalyzer, it reports: cert.c: In function '_gnutls_pcert_to_auth_info': cert.c:85:17: error: dereference of NULL 'info' [CWE-476] [-Werror=analyzer-null-dereference] 85 | if (info->raw_certificate_list != NULL) { Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip/dueno/cpuid' into 'master'Daiki Ueno2022-01-121-16/+41
|\ \ | |/ |/| | | | | accelerated: fix CPU feature detection for Intel CPUs See merge request gnutls/gnutls!1487
| * accelerated: fix CPU feature detection for Intel CPUsDaiki Ueno2021-12-221-15/+39
| | | | | | | | | | | | | | | | | | | | | | This fixes read_cpuid_vals to correctly read the CPUID quadruple, as well as to set the bit the ustream CRYPTOGAMS uses to identify Intel CPUs. Suggested by Rafael Gieschke in: https://gitlab.com/gnutls/gnutls/-/issues/1282 Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * padlock: reset _gnutls_x86_cpuid_s only after padlock check succeedsDaiki Ueno2021-12-221-1/+2
| | | | | | | | | | | | | | Otherwise it clears _gnutls_x86_cpuid_s which may already hold valid CPUID detected for Intel and AMD CPUs. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip/dueno/pkcs12' into 'master'Daiki Ueno2022-01-122-4/+4
|\ \ | | | | | | | | | | | | certtool: --to-p12: use modern algorithms by default See merge request gnutls/gnutls!1499
| * | gnutls_pkcs12_generate_mac: use SHA256 by defaultDaiki Ueno2022-01-111-1/+1
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | _gnutls_pkcs_generate_key: use HMAC-SHA256 for PBKDF2Daiki Ueno2022-01-071-1/+1
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | pkcs12: determine iteration count for MAC at build timeDaiki Ueno2022-01-071-1/+1
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | pkcs7: determine iteration count for PBKDF2 at build timeDaiki Ueno2022-01-071-1/+1
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | fips: plumb service indicator to symmetric key crypto operationsDaiki Ueno2022-01-084-142/+460
| | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>
* | | fips: plumb service indicator to public key crypto operationsDaiki Ueno2022-01-083-193/+486
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This installs service indicator state transitions in certain public key operations in gnutls_crypto_pk_st, namely: * fallible operations - encrypt - sign - generate_keys - derive * infallible operations - decrypt, decrypt2 - verify other operations, such as generate_params, are not considered as crypto operation. Note that fallible operations above mean that those return value could indicate error, while infallible operations do not have distinction between errors and failures: decrypt/verify failures are treated as a successful completion of the operation. Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>
* | | fips: add functions to inspect thread-local FIPS operation stateDaiki Ueno2022-01-074-65/+317
|/ / | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Drop unquoted angle brackets in gtk-doc comment.Andreas Metzler2022-01-061-1/+1
|/ | | | Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* Merge branch 'wip/dueno/nettle-hash' into 'master'Daiki Ueno2021-12-221-1/+3
|\ | | | | | | | | wrap_nettle_hash_fast: avoid calling _update with zero-length input See merge request gnutls/gnutls!1503
| * wrap_nettle_hash_fast: avoid calling _update with zero-length inputDaiki Ueno2021-12-221-1/+3
| | | | | | | | | | | | | | As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip/dueno/hash-copy-doc' into 'master'Daiki Ueno2021-12-221-2/+6
|\ \ | |/ |/| | | | | gnutls_{hash,hmac}_copy: mention the functions do not always work See merge request gnutls/gnutls!1502
| * gnutls_{hash,hmac}_copy: mention the functions do not always workDaiki Ueno2021-12-221-2/+6
| | | | | | | | | | | | | | | | It is known that some built-in accelerated implementation, such as AF_ALG, does not support copying hash/hmac contexts. This expands the documentation to suggest checking the return value of those functions. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'ktls_api' into 'master'Daiki Ueno2021-12-178-182/+222
|\ \ | | | | | | | | | | | | ktls: API See merge request gnutls/gnutls!1477
| * | ktls: flagsFrantisek Krenzelok2021-12-166-36/+51
| | | | | | | | | | | | | | | | | | ktls enum flags API Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
| * | KTLS: APIFrantisek Krenzelok2021-12-158-177/+202
| | | | | | | | | | | | | | | | | | | | | ktls is enabled by default, we can check if inicialization was succesfull with gnutls_transport_is_ktls_enabled Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
* | | use sha384_digest in lib/accelerated/aarch64/sha-aarch64.c sha384Alexander Sosedkin2021-12-161-1/+1
|/ / | | | | | | | | | | Mirrors https://gitlab.com/gnutls/gnutls/-/merge_requests/1466 Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
* | X509 CT: defer filling in the length fieldDaiki Ueno2021-12-141-26/+16
| | | | | | | | | | | | | | This eliminates the need of precalculating the payload size, to make it easier to adapt to new format. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | X509 CT: use size_t for array index instead of unsignedDaiki Ueno2021-12-091-5/+5
|/ | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* devel: Suppress new API functionsAnder Juaristi2021-12-041-0/+6
| | | | Signed-off-by: Ander Juaristi <a@juaristi.eus>
* x509 CT: implement new public APIAnder Juaristi2021-12-044-0/+654
| | | | | | | | | | | | | | | | | | | | This commit implements import and export functions for the X.509 Certificate Transparency Signed Certificate Timestamp (SCT) extension (RFC 6962). A new constant GNUTLS_X509EXT_OID_CT_SCT is introduced with the value "1.3.6.1.4.1.11129.2.4.2". The following new public API functions are introduced: - gnutls_x509_ext_ct_scts_init - gnutls_x509_ext_ct_scts_deinit - gnutls_x509_ext_ct_import_scts - gnutls_x509_ext_ct_export_scts - gnutls_x509_ct_sct_get_version - gnutls_x509_ct_sct_get Signed-off-by: Ander Juaristi <a@juaristi.eus>
* Merge branch 'wip/dueno/config-allowlisting' into 'master'Daiki Ueno2021-11-2910-146/+1076
|\ | | | | | | | | | | | | priority: support allowlisting in configuration file Closes #1172 See merge request gnutls/gnutls!1427
| * priority: support allowlisting in configuration fileDaiki Ueno2021-11-2910-199/+934
| | | | | | | | | | | | | | | | | | | | | | | | This adds a new mode of interpreting the [overrides] section. If "override-mode" is set to "allowlisting" in the [global] section, all the algorithms (hashes, signature algorithms, curves, and versions) are initially marked as insecure/disabled. Then the user can enable them by specifying allowlisting keywords such as "secure-hash" in the [overrides] section. Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
| * priority: refactor config file parsingDaiki Ueno2021-11-246-57/+252
| | | | | | | | | | | | | | | | | | | | | | | | This adds the following refactoring: - avoid side-effects during parsing the config file, by separating application phase; the parsed configuration can be applied globally with cfg_apply, after validation - make _gnutls_*_mark_{disabled,insecure} take an ID instead of the name Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | sockets: fixed compiler warning on Windows x32Evgeny Grin2021-11-261-0/+2
| | | | | | | | Signed-off-by: Evgeny Grin <k2k@narod.ru>
* | sockets: fixed building for Windows with compilers without VLA supportEvgeny Grin2021-11-261-3/+6
|/ | | | Signed-off-by: Evgeny Grin <k2k@narod.ru>
* locks: deprecate gnutls_global_set_mutexDaiki Ueno2021-11-171-15/+6
| | | | | | | As the library now uses static mutexes, rwlocks, and onces, it doesn't make much sense to only replace dynamic mutex usage. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* locks: use once execution for on-demand initialization of globalsDaiki Ueno2021-11-177-31/+87
| | | | | | | | | | This makes sure that the global variables are initialized only once. Most of those variables are initialized at ELF constructor, though a couple of occasions they are initialized on-demand: the global keylog file pointer and TPM2 TCTI context. To properly protect the initialization this patch uses gl_once provided by Gnulib. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* locks: rework rwlock primitivesDaiki Ueno2021-11-173-79/+142
| | | | | | | Remove GNUTLS_STATIC_RWLOCK_*LOCK macros and respect return values of rwlock primitives. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* pkcs11: switch to using static mutexDaiki Ueno2021-11-172-12/+3
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* verify-tofu: switch to using static mutex for lockingDaiki Ueno2021-11-172-12/+4
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* locks: replace custom mutex wrappers with "glthread/lock.h"Daiki Ueno2021-11-176-144/+58
| | | | | | | As Gnulib provides portability wrappers of mutex implementations, we don't need to provide similar wrappers by ourselves. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Port openconnect TPM2 codeNikos Mavrogiannopoulos2021-11-1311-6/+1435
| | | | | | | | | | This introduces transparent loading of TPM2 keys which are in PEM form by gnutls_privkey_import_x509_raw() and higher level functions which wrap it. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Co-authored-by: David Woodhouse <dwmw2@infradead.org> Co-authored-by: Daiki Ueno <ueno@gnu.org>
* priority: rework config reloading logic and lockingDaiki Ueno2021-11-053-105/+140
| | | | | | | | | | | | | | | The previous reloading logic relied on the existence of [priority] section (in the initial loading) as an indicator whether the file is loaded. This didn't work well in the following cases: - when the section didn't exist initially and then is added later - when the section existed initially and then is removed later To handle these cases, this change adds a new flag system_priority_file_loaded which can be used together with the mtime check. This also adds an rwlock to protect global configuration. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Revert "priority: fix potential race in reloading system-wide config"Daiki Ueno2021-11-031-15/+6
| | | | | | | | This reverts commit 890c6937a3cfb4a0704bc815324221ec4cb89840. Considering the entire logic around reloading the config file, the fix was suboptimal. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* priority: fix potential race in reloading system-wide configDaiki Ueno2021-10-301-6/+15
| | | | | | | | | | | | | _gnutls_update_system_priorities is called from gnutls_priority_set* functions every time when the SYSTEM keyword is used and updates a global variable system_wide_priority_strings if the configuration changes. Although the critical path is protected with mtime check, it should also hold a lock to avoid occasional race condition in multi-thread programs. This also clears system_wide_priority_strings_init upon unloading and before reloading the config file (thanks to Alexander Sosedkin). Signed-off-by: Daiki Ueno <ueno@gnu.org>
* priority: filter out ciphersuites with prf blocked by insecure-hashAlexander Sosedkin2021-10-211-0/+13
| | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
* priority: refactor ciphersuite filteringAlexander Sosedkin2021-10-211-13/+16
| | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>