From 05c5943dcfc36e0e573b5bba446dc09b9f7cd63b Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 8 Jan 2019 18:06:17 +0100
Subject: alert: map GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM to
 illegal_parameter

This alert is more appropriate according to the tlsfuzzer test:
https://github.com/tomato42/tlsfuzzer/commit/4b6a4aa8b00cf3f3bcb2388d1bfdad985610ed1d

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/alert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/alert.c b/lib/alert.c
index b9aa7bd9ba..a7770da676 100644
--- a/lib/alert.c
+++ b/lib/alert.c
@@ -223,6 +223,7 @@ int gnutls_error_to_alert(int err, int *level)
 	case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
 	case GNUTLS_E_ILLEGAL_SRP_USERNAME:
 	case GNUTLS_E_PK_INVALID_PUBKEY:
+	case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
 		ret = GNUTLS_A_ILLEGAL_PARAMETER;
 		_level = GNUTLS_AL_FATAL;
 		break;
@@ -247,7 +248,6 @@ int gnutls_error_to_alert(int err, int *level)
 		_level = GNUTLS_AL_FATAL;
 		break;
 	case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
-	case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
 	case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
 	case GNUTLS_E_NO_CIPHER_SUITES:
 	case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
-- 
cgit v1.2.1


From 62d1d56f5d0531027dac9be07df39f38c5619373 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 8 Jan 2019 18:09:29 +0100
Subject: tlsfuzzer: update to the latest upstream for the TLS 1.2 CV tests

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 tests/suite/tls-fuzzer/tlsfuzzer  | 2 +-
 tests/suite/tls-fuzzer/tlslite-ng | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer
index cd624f68c6..b9dec4fde7 160000
--- a/tests/suite/tls-fuzzer/tlsfuzzer
+++ b/tests/suite/tls-fuzzer/tlsfuzzer
@@ -1 +1 @@
-Subproject commit cd624f68c671f339b3a1e0ef90db984760bcfea5
+Subproject commit b9dec4fde7bedfac90850b86c2c3f644349f6c33
diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng
index d00ad94272..3696909715 160000
--- a/tests/suite/tls-fuzzer/tlslite-ng
+++ b/tests/suite/tls-fuzzer/tlslite-ng
@@ -1 +1 @@
-Subproject commit d00ad94272be90172ecc5c422c923d679c234164
+Subproject commit 3696909715ba73ee807d3959a26d36b56f718ba3
-- 
cgit v1.2.1


From 86eecda9a9719ce4c72f80159741ccf588487bc7 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 2 Jan 2019 13:21:49 +0100
Subject: tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2

This extends commit 51d21634 to cover the optional TLS 1.2 cases,
which RFC 8446 4.2.3 suggests: "Implementations that advertise support
for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to
accept a signature using that scheme even when TLS 1.2 is negotiated".

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/tls-sig.c                           | 17 +++++++++++++++++
 tests/suite/tls-fuzzer/gnutls-cert.json |  6 ++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index 75f88e5fbd..f512127ced 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -271,6 +271,7 @@ _gnutls_handshake_verify_data12(gnutls_session_t session,
 	gnutls_datum_t dconcat;
 	int ret;
 	const version_entry_st *ver = get_version(session);
+	const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign_algo);
 
 	_gnutls_handshake_log
 	    ("HSK[%p]: verify TLS 1.2 handshake data: using %s\n", session,
@@ -283,6 +284,12 @@ _gnutls_handshake_verify_data12(gnutls_session_t session,
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
+	if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
+		_gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
+				      session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+	}
+
 	ret =
 	    _gnutls_session_sign_algo_enabled(session, sign_algo);
 	if (ret < 0)
@@ -356,11 +363,18 @@ _gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
 {
 	int ret;
 	gnutls_datum_t dconcat;
+	const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign_algo);
 
 	ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
+	if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
+		_gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
+				      session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+	}
+
 	dconcat.data = session->internals.handshake_hash_buffer.data;
 	dconcat.size = session->internals.handshake_hash_buffer_prev_len;
 
@@ -567,6 +581,9 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
 
 	gnutls_sign_algorithm_set_client(session, sign_algo);
 
+	if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == 0))
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
 	_gnutls_debug_log("sign handshake cert vrfy: picked %s\n",
 			  gnutls_sign_algorithm_get_name(sign_algo));
 
diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json
index f9de174699..c2b28c5569 100644
--- a/tests/suite/tls-fuzzer/gnutls-cert.json
+++ b/tests/suite/tls-fuzzer/gnutls-cert.json
@@ -37,13 +37,11 @@
                          "-p", "@PORT@"]
           },
          {"name" : "test-rsa-pss-sigs-on-certificate-verify.py",
-	  "comment" : "FIXME: We shouldn't allow rsa_pss_pss* schemes as there is only RSA key #645",
+	  "comment": "tlsfuzzer doesn't know ed25519 scheme which we advertise",
           "arguments" : ["-k", "tests/clientX509Key.pem",
                          "-c", "tests/clientX509Cert.pem",
                          "-e", "check CertificateRequest sigalgs",
-			 "-e", "rsa_pss_pss_sha256 in CertificateVerify with rsa key",
-			 "-e", "rsa_pss_pss_sha384 in CertificateVerify with rsa key",
-			 "-e", "rsa_pss_pss_sha512 in CertificateVerify with rsa key",
+                         "--illegpar",
                          "-n", "100",
                          "-p", "@PORT@"]
           },
-- 
cgit v1.2.1


From 14958c77578b1d8cad6044e08b04be654c27c263 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Tue, 8 Jan 2019 19:37:49 +0000
Subject: Avoid calling sign_algorithm_get_name() when we already have pointer
 to the algorithm.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/tls-sig.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index f512127ced..19357c06a1 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -275,7 +275,7 @@ _gnutls_handshake_verify_data12(gnutls_session_t session,
 
 	_gnutls_handshake_log
 	    ("HSK[%p]: verify TLS 1.2 handshake data: using %s\n", session,
-	     gnutls_sign_algorithm_get_name(sign_algo));
+	     se->name);
 
 	ret =
 	    _gnutls_pubkey_compatible_with_sig(session,
-- 
cgit v1.2.1