From 0e131a654f9a5bf97fae21236e4e30320f360fd6 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 1 Jun 2020 17:23:59 +0200 Subject: serv: omit upper bound of --maxearlydata option definition It turned out that AutoGen treats numbers that exceed INT_MAX in a platform dependent way. In this case, 4294967295 (UINT_MAX) is treated as is on 64-bit platforms, while it is interpreted as "-1" on 32-bit platforms. This causes a problem when the program documentation is compiled under multilib environment. Reported by Ivan Molodetskikh in: https://bugzilla.redhat.com/show_bug.cgi?id=1841844 and the cause was identified by Anderson Toshiyuki Sasaki. Signed-off-by: Daiki Ueno --- src/serv-args.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/serv-args.def b/src/serv-args.def index 996fbe36ba..a584085e26 100644 --- a/src/serv-args.def +++ b/src/serv-args.def @@ -51,7 +51,7 @@ flag = { flag = { name = maxearlydata; arg-type = number; - arg-range = "1->4294967295"; + arg-range = "1->"; descrip = "The maximum early data size to accept"; doc = ""; }; -- cgit v1.2.1 From b875af8d74fef8fd63704628c4818546765492fd Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 2 Jun 2020 05:34:29 +0200 Subject: gnutls_aead_cipher_init: fix potential memleak When _gnutls_aead_cipher_init() fails, the function returns without freeing the allocted handle. This was once fixed in commit 502be130493e8ce802cdf60fffdbb5f1885352a5 but regressed after a code reorganization in commit 2eef509ce5f2d250f8dcaeffa46444dd2b694e91. Reported by Miroslav Lichvar. Signed-off-by: Daiki Ueno --- lib/crypto-api.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 8524f5ed4f..f289ebcd03 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -755,6 +755,7 @@ int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t *handle, { api_aead_cipher_hd_st *h; const cipher_entry_st *e; + int ret; if (is_cipher_algo_forbidden(cipher)) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); @@ -763,15 +764,21 @@ int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t *handle, if (e == NULL || e->type != CIPHER_AEAD) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - *handle = gnutls_calloc(1, sizeof(api_aead_cipher_hd_st)); - if (*handle == NULL) { + h = gnutls_calloc(1, sizeof(api_aead_cipher_hd_st)); + if (h == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - h = *handle; + ret = _gnutls_aead_cipher_init(h, cipher, key); + if (ret < 0) { + gnutls_free(h); + return ret; + } - return _gnutls_aead_cipher_init(h, cipher, key); + *handle = h; + + return ret; } /** -- cgit v1.2.1 From 188e8ca7ba62d35e0808b48ca9a9712511694d7d Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 2 Jun 2020 05:38:28 +0200 Subject: gnutls_cipher_init: fix potential memleak Upon failure this function returns without freeing memory allocated internally. This makes sure that it is released and do not touch the output handle argument. Signed-off-by: Daiki Ueno --- lib/crypto-api.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/crypto-api.c b/lib/crypto-api.c index f289ebcd03..caf8d713a3 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -70,20 +70,30 @@ gnutls_cipher_init(gnutls_cipher_hd_t * handle, if (e == NULL || (e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - *handle = gnutls_calloc(1, sizeof(api_cipher_hd_st)); - if (*handle == NULL) { + h = gnutls_calloc(1, sizeof(api_cipher_hd_st)); + if (h == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - h = *handle; ret = _gnutls_cipher_init(&h->ctx_enc, e, key, iv, 1); + if (ret < 0) { + gnutls_free(h); + return ret; + } - if (ret >= 0 && _gnutls_cipher_type(e) == CIPHER_BLOCK) + if (_gnutls_cipher_type(e) == CIPHER_BLOCK) { ret = _gnutls_cipher_init(&h->ctx_dec, e, key, iv, 0); + if (ret < 0) { + gnutls_free(h); + return ret; + } + } + + *handle = h; return ret; } -- cgit v1.2.1 From eb6ca40995581e912e37a4bf04af699290eab425 Mon Sep 17 00:00:00 2001 From: KrenzelokFrantisek Date: Thu, 4 Jun 2020 16:59:33 +0200 Subject: tests: updated tlsfuzzer tests to latest version excluded some tests from test-certificate-malformed.py Signed-off-by: KrenzelokFrantisek --- tests/suite/tls-fuzzer/gnutls-cert.json | 2 ++ tests/suite/tls-fuzzer/tlsfuzzer | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json index 7a5af26e53..6f5874c095 100644 --- a/tests/suite/tls-fuzzer/gnutls-cert.json +++ b/tests/suite/tls-fuzzer/gnutls-cert.json @@ -91,6 +91,8 @@ "-c", "tests/clientX509Cert.pem", "-e", "fuzz empty certificate - overall 7, certs 4, cert 1", "-e", "fuzz empty certificate - overall 8, certs 5, cert 2", + "-e", "sanity - empty client cert", + "-e", "Correct cert followed by an empty one", "-p", "@PORT@"] } ] diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer index ca536d11ac..54a1350ae9 160000 --- a/tests/suite/tls-fuzzer/tlsfuzzer +++ b/tests/suite/tls-fuzzer/tlsfuzzer @@ -1 +1 @@ -Subproject commit ca536d11ac14da2deacbde95f3f0a70a5ce42112 +Subproject commit 54a1350ae9fa1981062679acb2966e697140c3d1 -- cgit v1.2.1 From f9a12a1c0e19354b37a4733ef5b9e2b4bd7ca244 Mon Sep 17 00:00:00 2001 From: Vitezslav Cizek Date: Tue, 9 Jun 2020 13:54:04 +0200 Subject: configure: improve nettle, gmp, and hogweed soname detection Some linkers might optimize away the libraries passed on the command line if they aren't actually needed, such as gnu ld with --as-needed. The ldd output then won't list the shared libraries and the detection will fail. Make sure nettle and others are really used. Signed-off-by: Vitezslav Cizek --- configure.ac | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 74278d5689..37f9862624 100644 --- a/configure.ac +++ b/configure.ac @@ -710,7 +710,10 @@ AM_CONDITIONAL(NEED_SIV, [test "$ac_cv_func_nettle_siv_cmac_aes128_set_key" != " save_LIBS=$LIBS LIBS="$LIBS $GMP_LIBS" AC_MSG_CHECKING([gmp soname]) -AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], +AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include ],[ + mpz_t n; + mpz_init(n);])], [gmp_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libgmp\.so'`], [gmp_so=none]) if test -z "$gmp_so"; then @@ -723,7 +726,10 @@ LIBS=$save_LIBS save_LIBS=$LIBS LIBS="$LIBS $NETTLE_LIBS" AC_MSG_CHECKING([nettle soname]) -AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], +AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include ],[ + struct sha256_ctx ctx; + sha256_init(&ctx);])], [nettle_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libnettle\.so'`], [nettle_so=none]) if test -z "$nettle_so"; then @@ -736,7 +742,10 @@ LIBS=$save_LIBS save_LIBS=$LIBS LIBS="$LIBS $HOGWEED_LIBS" AC_MSG_CHECKING([hogweed soname]) -AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], +AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include ],[ + struct rsa_private_key priv; + nettle_rsa_private_key_init(&priv);])], [hogweed_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libhogweed\.so'`], [hogweed_so=none]) if test -z "$hogweed_so"; then -- cgit v1.2.1 From 4ca6854f6f570e1165b53244c5219fafa1ae1634 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 8 Jun 2020 06:45:24 +0200 Subject: configure.ac: prefer the latest version of build infrastructure AM_GNU_GETTEXT_REQUIRE_VERSION tells autopoint to copy the latest possible build infrastructure installed on the system, rather than the fixed version from the archive.dir.tar.xz. This makes the bootstrapping slightly faster and allows us not to stick with the ancient gettext version. Signed-off-by: Daiki Ueno --- configure.ac | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index 37f9862624..a616a34018 100644 --- a/configure.ac +++ b/configure.ac @@ -347,6 +347,9 @@ AM_CONDITIONAL([GTK_DOC_USE_LIBTOOL], false) AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION([0.19]) +m4_ifdef([AM_GNU_GETTEXT_REQUIRE_VERSION],[ +AM_GNU_GETTEXT_REQUIRE_VERSION([0.19]) +]) AC_C_BIGENDIAN -- cgit v1.2.1 From c22dfaef4780bc1968c5d4400f725892f57c9507 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 9 Jun 2020 10:41:18 +0200 Subject: tests: check_for_datefudge: don't exit the test programs This makes check_for_datefudge not to immediately exit the program, but to return non-zero to allow the tests by themselves to control the behavior when "datefudge" is not found. Signed-off-by: Daiki Ueno --- tests/cert-reencoding.sh | 2 +- tests/cert-tests/alt-chain | 2 +- tests/cert-tests/cert-critical | 2 +- tests/cert-tests/cert-non-digits-time | 2 +- tests/cert-tests/certtool | 2 +- tests/cert-tests/certtool-eddsa | 2 +- tests/cert-tests/certtool-rsa-pss | 2 +- tests/cert-tests/certtool-verify-profiles | 2 +- tests/cert-tests/crl | 2 +- tests/cert-tests/crq | 2 +- tests/cert-tests/inhibit-anypolicy | 2 +- tests/cert-tests/krb5-test | 2 +- tests/cert-tests/md5-test | 2 +- tests/cert-tests/name-constraints | 2 +- tests/cert-tests/othername-test | 2 +- tests/cert-tests/pkcs1-pad | 2 +- tests/cert-tests/pkcs7 | 2 +- tests/cert-tests/pkcs7-cat | 2 +- tests/cert-tests/pkcs7-constraints | 2 +- tests/cert-tests/pkcs7-constraints2 | 2 +- tests/cert-tests/pkcs7-eddsa | 2 +- tests/cert-tests/pkcs7-list-sign | 2 +- tests/cert-tests/rsa-pss-pad | 2 +- tests/cert-tests/sha3-test | 2 +- tests/cert-tests/smime | 2 +- tests/cert-tests/template-exts-test | 2 +- tests/cert-tests/template-test | 2 +- tests/cert-tests/tlsfeature-test | 2 +- tests/certtool-pkcs11.sh | 2 +- tests/gnutls-cli-debug.sh | 2 +- tests/gnutls-cli-invalid-crl.sh | 2 +- tests/gnutls-cli-self-signed.sh | 2 +- tests/ocsp-tests/ocsp-load-chain | 2 +- tests/ocsp-tests/ocsp-must-staple-connection | 2 +- tests/ocsp-tests/ocsp-test | 2 +- tests/ocsp-tests/ocsp-tls-connection | 2 +- tests/pkcs7-cat.sh | 2 +- tests/rsa-md5-collision/rsa-md5-collision.sh | 2 +- tests/scripts/common.sh | 7 ++++++- tests/server-multi-keys.sh | 2 +- tests/server-weak-keys.sh | 2 +- tests/suite/testcompat-oldgnutls.sh | 2 +- tests/suite/testcompat-openssl.sh | 2 +- tests/suite/testcompat-polarssl.sh | 2 +- tests/suite/testcompat-tls13-openssl.sh | 2 +- tests/system-override-profiles.sh | 2 +- tests/system-override-tls.sh | 2 +- tests/tls13/prf-early.sh | 2 +- 48 files changed, 53 insertions(+), 48 deletions(-) diff --git a/tests/cert-reencoding.sh b/tests/cert-reencoding.sh index aadd6fd1bd..240d336778 100755 --- a/tests/cert-reencoding.sh +++ b/tests/cert-reencoding.sh @@ -57,7 +57,7 @@ export TZ="UTC" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge eval "${GETPORT}" # Port for gnutls-serv diff --git a/tests/cert-tests/alt-chain b/tests/cert-tests/alt-chain index b715416cc0..a2261b3809 100755 --- a/tests/cert-tests/alt-chain +++ b/tests/cert-tests/alt-chain @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge OLD_CA_FILE="${srcdir}/data/alt-chain-old-ca.pem" NEW_CA_FILE="${srcdir}/data/alt-chain-new-ca.pem" diff --git a/tests/cert-tests/cert-critical b/tests/cert-tests/cert-critical index 74f335cb87..f923b29fa4 100755 --- a/tests/cert-tests/cert-critical +++ b/tests/cert-tests/cert-critical @@ -36,7 +36,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge "2017-2-28" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-root.pem diff --git a/tests/cert-tests/cert-non-digits-time b/tests/cert-tests/cert-non-digits-time index 28880b87ac..9c25c396de 100755 --- a/tests/cert-tests/cert-non-digits-time +++ b/tests/cert-tests/cert-non-digits-time @@ -32,7 +32,7 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -check_for_datefudge +skip_if_no_datefudge # Check whether certificates with non-digits time fields are accepted datefudge -s "2019-12-19" \ diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool index 3494aaacbe..0fd29beea9 100755 --- a/tests/cert-tests/certtool +++ b/tests/cert-tests/certtool @@ -171,7 +171,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify-chain diff --git a/tests/cert-tests/certtool-eddsa b/tests/cert-tests/certtool-eddsa index c097fbf6c6..7e07822507 100755 --- a/tests/cert-tests/certtool-eddsa +++ b/tests/cert-tests/certtool-eddsa @@ -124,7 +124,7 @@ rm -f "${TMPFILE}" "${TMPFILE2}" rm -f "${KEYFILE}" -check_for_datefudge +skip_if_no_datefudge # Test certificate chain using Ed25519 datefudge "2017-7-6" \ diff --git a/tests/cert-tests/certtool-rsa-pss b/tests/cert-tests/certtool-rsa-pss index aed79ff2e2..654bf34869 100755 --- a/tests/cert-tests/certtool-rsa-pss +++ b/tests/cert-tests/certtool-rsa-pss @@ -210,7 +210,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-rsa-pss.pem" --infile "${srcdir}/data/cert-rsa-pss.pem" diff --git a/tests/cert-tests/certtool-verify-profiles b/tests/cert-tests/certtool-verify-profiles index a7ebd711ea..a4d738627e 100755 --- a/tests/cert-tests/certtool-verify-profiles +++ b/tests/cert-tests/certtool-verify-profiles @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge echo "Checking chain with insecure leaf" datefudge -s "2019-12-19" \ diff --git a/tests/cert-tests/crl b/tests/cert-tests/crl index 62b320b2bf..f4f97d757b 100755 --- a/tests/cert-tests/crl +++ b/tests/cert-tests/crl @@ -171,7 +171,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2020-01-20 10:00:00" ${VALGRIND} \ "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \ diff --git a/tests/cert-tests/crq b/tests/cert-tests/crq index 89099cfc0a..1d64dee27e 100755 --- a/tests/cert-tests/crq +++ b/tests/cert-tests/crq @@ -40,7 +40,7 @@ OUTFILE2=out2.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge ${VALGRIND} "${CERTTOOL}" --inder --crq-info --infile "${srcdir}/data/csr-invalid.der" >"${OUTFILE}" 2>&1 rc=$? diff --git a/tests/cert-tests/inhibit-anypolicy b/tests/cert-tests/inhibit-anypolicy index 7e82a20014..ba5e1100f6 100755 --- a/tests/cert-tests/inhibit-anypolicy +++ b/tests/cert-tests/inhibit-anypolicy @@ -36,7 +36,7 @@ SUBCAFILE=inhibit-subca.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2017-04-22" \ "${CERTTOOL}" --generate-self-signed \ diff --git a/tests/cert-tests/krb5-test b/tests/cert-tests/krb5-test index 3eca7d7e31..a6e092cc90 100755 --- a/tests/cert-tests/krb5-test +++ b/tests/cert-tests/krb5-test @@ -34,7 +34,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge if ! test -z "${VALGRIND}"; then ORIG_VALGRIND=${VALGRIND} diff --git a/tests/cert-tests/md5-test b/tests/cert-tests/md5-test index a9635cc1d8..15d6280b1c 100755 --- a/tests/cert-tests/md5-test +++ b/tests/cert-tests/md5-test @@ -34,7 +34,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Test MD5 signatures diff --git a/tests/cert-tests/name-constraints b/tests/cert-tests/name-constraints index f23462117e..3b2370d49a 100755 --- a/tests/cert-tests/name-constraints +++ b/tests/cert-tests/name-constraints @@ -36,7 +36,7 @@ TMPFILE=constraints.$$.pem.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2016-04-22" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken -e --infile "${srcdir}/data/name-constraints-ip.pem" diff --git a/tests/cert-tests/othername-test b/tests/cert-tests/othername-test index 38032fee1c..00f93b22dd 100755 --- a/tests/cert-tests/othername-test +++ b/tests/cert-tests/othername-test @@ -33,7 +33,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Note that in rare cases this test may fail because the # time set using datefudge could have changed since the generation diff --git a/tests/cert-tests/pkcs1-pad b/tests/cert-tests/pkcs1-pad index 33663a6a0b..c75ab9e09d 100755 --- a/tests/cert-tests/pkcs1-pad +++ b/tests/cert-tests/pkcs1-pad @@ -34,7 +34,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge TMPFILE1=pkcs1-pad.$$.tmp TMPFILE2=pkcs1-pad-2.$$.tmp diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index 35d438107e..23db9e017e 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -38,7 +38,7 @@ TMPFILE=tmp-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != "1" then diff --git a/tests/cert-tests/pkcs7-cat b/tests/cert-tests/pkcs7-cat index 0f5b82df12..6543397431 100755 --- a/tests/cert-tests/pkcs7-cat +++ b/tests/cert-tests/pkcs7-cat @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2016-10-1" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken --p7-verify --inder --infile "${srcdir}/data/pkcs7-cat.p7" --load-ca-certificate "${srcdir}/data/pkcs7-cat-ca.pem" rc=$? diff --git a/tests/cert-tests/pkcs7-constraints b/tests/cert-tests/pkcs7-constraints index 8e5b5345d1..6964d26f09 100755 --- a/tests/cert-tests/pkcs7-constraints +++ b/tests/cert-tests/pkcs7-constraints @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge FILE="signing" diff --git a/tests/cert-tests/pkcs7-constraints2 b/tests/cert-tests/pkcs7-constraints2 index 389071e27b..7d1816a33a 100755 --- a/tests/cert-tests/pkcs7-constraints2 +++ b/tests/cert-tests/pkcs7-constraints2 @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge FILE="signing" diff --git a/tests/cert-tests/pkcs7-eddsa b/tests/cert-tests/pkcs7-eddsa index 1fd767bd73..6f235c512b 100755 --- a/tests/cert-tests/pkcs7-eddsa +++ b/tests/cert-tests/pkcs7-eddsa @@ -36,7 +36,7 @@ OUTFILE2=out2-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge KEY="${srcdir}/../certs/ed25519.pem" CERT="${srcdir}/../certs/cert-ed25519.pem" diff --git a/tests/cert-tests/pkcs7-list-sign b/tests/cert-tests/pkcs7-list-sign index 1c4e930e5b..5ca04d8005 100755 --- a/tests/cert-tests/pkcs7-list-sign +++ b/tests/cert-tests/pkcs7-list-sign @@ -37,7 +37,7 @@ OUTFILE2=out2-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Test signing FILE="signing-with-cert-list" ${VALGRIND} "${CERTTOOL}" --p7-sign --load-certificate "${srcdir}/data/pkcs7-chain.pem" --load-privkey "${srcdir}/data/pkcs7-chain-endcert-key.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" diff --git a/tests/cert-tests/rsa-pss-pad b/tests/cert-tests/rsa-pss-pad index d9a05e4e0f..2c87c750fc 100755 --- a/tests/cert-tests/rsa-pss-pad +++ b/tests/cert-tests/rsa-pss-pad @@ -33,7 +33,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Note that in rare cases this test may fail because the # time set using datefudge could have changed since the generation diff --git a/tests/cert-tests/sha3-test b/tests/cert-tests/sha3-test index dc3cf8f6ba..a4300672c3 100755 --- a/tests/cert-tests/sha3-test +++ b/tests/cert-tests/sha3-test @@ -33,7 +33,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Note that in rare cases this test may fail because the # time set using datefudge could have changed since the generation diff --git a/tests/cert-tests/smime b/tests/cert-tests/smime index dd5514f687..f5e68401cf 100755 --- a/tests/cert-tests/smime +++ b/tests/cert-tests/smime @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # test the --smime-to-p7 functionality ${VAGRLIND} "${CERTTOOL}" --smime-to-p7 --infile "${srcdir}/data/pkcs7.smime" --outfile ${OUTFILE} diff --git a/tests/cert-tests/template-exts-test b/tests/cert-tests/template-exts-test index 32e90f91e3..276ba2f798 100755 --- a/tests/cert-tests/template-exts-test +++ b/tests/cert-tests/template-exts-test @@ -33,7 +33,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge datefudge -s "2007-04-22" \ "${CERTTOOL}" --generate-self-signed \ diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test index f7ebefb664..091021315b 100755 --- a/tests/cert-tests/template-test +++ b/tests/cert-tests/template-test @@ -34,7 +34,7 @@ TMPFILE=tmp-tt.pem.$$.tmp . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge echo "Running test for ${ac_cv_sizeof_time_t}-byte time_t" diff --git a/tests/cert-tests/tlsfeature-test b/tests/cert-tests/tlsfeature-test index aadbffc26a..fb26f6225b 100755 --- a/tests/cert-tests/tlsfeature-test +++ b/tests/cert-tests/tlsfeature-test @@ -34,7 +34,7 @@ export TZ="UTC" . ${srcdir}/../scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # # Test certificate generation diff --git a/tests/certtool-pkcs11.sh b/tests/certtool-pkcs11.sh index 9a599e6146..daba535a4d 100755 --- a/tests/certtool-pkcs11.sh +++ b/tests/certtool-pkcs11.sh @@ -68,7 +68,7 @@ exit_error () { exit 1 } -check_for_datefudge +skip_if_no_datefudge # $1: token # $2: PIN diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 0ab6069b8f..3351764216 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -48,7 +48,7 @@ SERV="${SERV} -q" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem diff --git a/tests/gnutls-cli-invalid-crl.sh b/tests/gnutls-cli-invalid-crl.sh index d7383a555b..1a82bfafd3 100755 --- a/tests/gnutls-cli-invalid-crl.sh +++ b/tests/gnutls-cli-invalid-crl.sh @@ -47,7 +47,7 @@ SERV="${SERV} -q" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge echo "Checking whether connecting to a server but with an invalid CRL provided, returns the expected error" diff --git a/tests/gnutls-cli-self-signed.sh b/tests/gnutls-cli-self-signed.sh index 07cd5824b8..fbb5375bf0 100755 --- a/tests/gnutls-cli-self-signed.sh +++ b/tests/gnutls-cli-self-signed.sh @@ -45,7 +45,7 @@ SERV="${SERV} -q" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge echo "Checking whether connecting to a self signed certificate returns the expected error" diff --git a/tests/ocsp-tests/ocsp-load-chain b/tests/ocsp-tests/ocsp-load-chain index 04de48f7ed..0822bc3d99 100755 --- a/tests/ocsp-tests/ocsp-load-chain +++ b/tests/ocsp-tests/ocsp-load-chain @@ -31,7 +31,7 @@ export TZ="UTC" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge datefudge -s "2017-06-19" \ "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken diff --git a/tests/ocsp-tests/ocsp-must-staple-connection b/tests/ocsp-tests/ocsp-must-staple-connection index 490cc032f0..49c355dda3 100755 --- a/tests/ocsp-tests/ocsp-must-staple-connection +++ b/tests/ocsp-tests/ocsp-must-staple-connection @@ -53,7 +53,7 @@ fi . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge eval "${GETPORT}" # Port for gnutls-serv diff --git a/tests/ocsp-tests/ocsp-test b/tests/ocsp-tests/ocsp-test index 3730175208..bc2641a22e 100755 --- a/tests/ocsp-tests/ocsp-test +++ b/tests/ocsp-tests/ocsp-test @@ -32,7 +32,7 @@ export TZ="UTC" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge # Note that in rare cases this test may fail because the # time set using datefudge could have changed since the generation diff --git a/tests/ocsp-tests/ocsp-tls-connection b/tests/ocsp-tests/ocsp-tls-connection index bcc77ec2d9..870f4ff78b 100755 --- a/tests/ocsp-tests/ocsp-tls-connection +++ b/tests/ocsp-tests/ocsp-tls-connection @@ -54,7 +54,7 @@ export TZ="UTC" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge eval "${GETPORT}" # Port for gnutls-serv diff --git a/tests/pkcs7-cat.sh b/tests/pkcs7-cat.sh index 2f3b0b0b35..a7a53a431a 100755 --- a/tests/pkcs7-cat.sh +++ b/tests/pkcs7-cat.sh @@ -34,7 +34,7 @@ fi . ${srcdir}/scripts/common.sh -check_for_datefudge +skip_if_no_datefudge #try verification datefudge -s "2010-10-10" \ diff --git a/tests/rsa-md5-collision/rsa-md5-collision.sh b/tests/rsa-md5-collision/rsa-md5-collision.sh index a935804dc0..e319544b73 100755 --- a/tests/rsa-md5-collision/rsa-md5-collision.sh +++ b/tests/rsa-md5-collision/rsa-md5-collision.sh @@ -31,7 +31,7 @@ if ! test -x "${CERTTOOL}"; then fi . ${srcdir}/scripts/common.sh -check_for_datefudge +skip_if_no_datefudge # Disable leak detection ASAN_OPTIONS="detect_leaks=0" diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh index 95f8a5298e..6ae19fa586 100644 --- a/tests/scripts/common.sh +++ b/tests/scripts/common.sh @@ -80,7 +80,12 @@ check_for_datefudge() { TSTAMP=`datefudge -s "2006-09-23" "${top_builddir}/tests/datefudge-check" || true` if test "$TSTAMP" != "1158969600" || test "$WINDOWS" = 1; then - echo $TSTAMP + return 1 + fi +} + +skip_if_no_datefudge() { + if ! check_for_datefudge; then echo "You need datefudge to run this test" exit 77 fi diff --git a/tests/server-multi-keys.sh b/tests/server-multi-keys.sh index 3138fb6888..7737ec9b83 100755 --- a/tests/server-multi-keys.sh +++ b/tests/server-multi-keys.sh @@ -46,7 +46,7 @@ SERV="${SERV} -q" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge echo "Checking whether server can utilize multiple keys" diff --git a/tests/server-weak-keys.sh b/tests/server-weak-keys.sh index 31c51a80bc..1fa14711fb 100755 --- a/tests/server-weak-keys.sh +++ b/tests/server-weak-keys.sh @@ -46,7 +46,7 @@ SERV="${SERV} -q" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge echo "Checking whether a client will refuse weak but trusted keys" diff --git a/tests/suite/testcompat-oldgnutls.sh b/tests/suite/testcompat-oldgnutls.sh index 2ec96b20c2..937bf57050 100755 --- a/tests/suite/testcompat-oldgnutls.sh +++ b/tests/suite/testcompat-oldgnutls.sh @@ -54,7 +54,7 @@ LDPATH=/usr/local/OLDGNUTLS/lib/x86_64-linux-gnu:/usr/local/OLDGNUTLS/usr/lib/x8 . "${srcdir}/../scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge . "${srcdir}/testcompat-common" diff --git a/tests/suite/testcompat-openssl.sh b/tests/suite/testcompat-openssl.sh index bfc59c09ac..b932a599c9 100755 --- a/tests/suite/testcompat-openssl.sh +++ b/tests/suite/testcompat-openssl.sh @@ -54,7 +54,7 @@ export TZ="UTC" # Check for datefudge . "${srcdir}/../scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge timeout 1800 datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl" diff --git a/tests/suite/testcompat-polarssl.sh b/tests/suite/testcompat-polarssl.sh index 1af0099dca..2197a94bf7 100755 --- a/tests/suite/testcompat-polarssl.sh +++ b/tests/suite/testcompat-polarssl.sh @@ -42,7 +42,7 @@ fi # Check for datefudge . "${srcdir}/../scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge cat /proc/cpuinfo|grep "model name"|grep "VIA Esther" >/dev/null 2>&1 if test $? = 0; then diff --git a/tests/suite/testcompat-tls13-openssl.sh b/tests/suite/testcompat-tls13-openssl.sh index 128873ab23..bc198a02b6 100755 --- a/tests/suite/testcompat-tls13-openssl.sh +++ b/tests/suite/testcompat-tls13-openssl.sh @@ -49,7 +49,7 @@ fi . "${srcdir}/../scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge . "${srcdir}/testcompat-common" diff --git a/tests/system-override-profiles.sh b/tests/system-override-profiles.sh index 88ec631798..516ce57e71 100755 --- a/tests/system-override-profiles.sh +++ b/tests/system-override-profiles.sh @@ -41,7 +41,7 @@ fi . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge CERT="${srcdir}/certs/cert-ecc256.pem" KEY="${srcdir}/certs/ecc256.pem" diff --git a/tests/system-override-tls.sh b/tests/system-override-tls.sh index 6114d76282..54bc190dd9 100755 --- a/tests/system-override-tls.sh +++ b/tests/system-override-tls.sh @@ -40,7 +40,7 @@ fi . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge CERT="${srcdir}/certs/cert-ecc256.pem" KEY="${srcdir}/certs/ecc256.pem" diff --git a/tests/tls13/prf-early.sh b/tests/tls13/prf-early.sh index b19da4cb65..7f62aba8d8 100755 --- a/tests/tls13/prf-early.sh +++ b/tests/tls13/prf-early.sh @@ -23,7 +23,7 @@ builddir="${builddir:-.}" . "${srcdir}/scripts/common.sh" -check_for_datefudge +skip_if_no_datefudge datefudge -s 2019-04-12 "${builddir}/tls13/prf-early" "$@" exit $? -- cgit v1.2.1 From 7f4934b6f3419e09b96233e49f837c9ba0932a6d Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 9 Jun 2020 10:44:57 +0200 Subject: tests/cert-test/invalid-sig: use datefudge to test expired certs Suggested by Andreas Metzler in: https://gitlab.com/gnutls/gnutls/-/issues/1021 Signed-off-by: Daiki Ueno --- tests/cert-tests/invalid-sig | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig index bcebf995cb..58134a4d09 100755 --- a/tests/cert-tests/invalid-sig +++ b/tests/cert-tests/invalid-sig @@ -33,14 +33,16 @@ if ! test -x "${CERTTOOL}"; then exit 77 fi +. ${srcdir}/../scripts/common.sh + #check whether a different PKCS #1 signature than the advertized in certificate is tolerated ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (1) failed" - exit ${rc} + exit 1 fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -48,9 +50,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig2.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (2) failed" - exit ${rc} + exit 1 fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -58,9 +60,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig3.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (3) failed" - exit ${rc} + exit 1 fi #check whether different parameters in tbsCertificate than the outer signature is tolerated @@ -68,9 +70,9 @@ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig4.pem" rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (4) failed" - exit ${rc} + exit 1 fi #check whether different RSA-PSS parameters in tbsCertificate than the outer signature is tolerated @@ -78,19 +80,24 @@ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/invalid-sig5.p rc=$? # We're done. -if test "${rc}" = "0"; then +if test $rc = 0; then echo "Verification of invalid signature (5) failed" - exit ${rc} + exit 1 fi -#this was causing a double free; verify that we receive the expected error code -${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" -rc=$? - -# We're done. -if test "${rc}" != "1"; then - echo "Verification of invalid signature (6) failed" - exit ${rc} +if check_for_datefudge; then + #this was causing a double free; verify that we receive the expected error code + datefudge -s 2020-01-01 \ + ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" + rc=$? + + # We're done. + if test $rc != 1; then + echo "Verification of invalid signature (6) failed" + exit 1 + fi +else + echo "Verification of invalid signature (6) skipped" fi exit 0 -- cgit v1.2.1 From acdc676350280390833b3256e1823d1218ffda9b Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Sun, 17 May 2020 14:50:47 -0700 Subject: refine tests for ancient servers which support both SSL 3.0 and TLS 1.0, but both only with %NO_EXTENSIONS This is a follow-up to !1221. See #958 and https://gitlab.com/openconnect/openconnect/-/issues/145 for a real-world example of ancient Cisco servers with these deficiencies. With !1221 only, gnutls-cli-debug reports that these ancient servers only support SSL 3.0 (but without extensions). Information after this point is largely erroneous: $ gnutls-cli-debug ***vpn.***.com GnuTLS debug client 3.6.12 Checking ***vpn.***.com:443 whether the server accepts default record size (512 bytes)... no whether %ALLOW_SMALL_RECORDS is required... no for SSL 3.0 (RFC6101) support... yes for SSL 3.0 with extensions... no With this additional change, gnutls-cli-debug correctly reports that such a server also supports TLS 1.0 (but again with extensions disabled). Below I've marked some of the significant fields that have changed: $ gnutls-cli-debug ***vpn.***.com GnuTLS debug client 3.6.12 Checking ***vpn.***.com:443 whether the server accepts default record size (512 bytes)... no whether %ALLOW_SMALL_RECORDS is required... no for SSL 3.0 (RFC6101) support... yes for SSL 3.0 with extensions... no whether we need to disable TLS 1.2... yes whether we need to disable TLS 1.1... yes # This is now correct: whether we need to disable TLS 1.0... no # This is now correct: whether %NO_EXTENSIONS is required... yes # This is now correct: for TLS 1.0 (RFC2246) support... yes for TLS 1.1 (RFC4346) support... no fallback from TLS 1.1 to... failed for TLS 1.2 (RFC5246) support... no # This is now correct: for known TLS or SSL protocols support... yes TLS1.2 neg fallback from TLS 1.6 to... failed (server requires fallback dance) for inappropriate fallback (RFC7507) support... no for HTTPS server name... ****** for certificate chain order... sorted for Safe renegotiation support (SCSV)... no for version rollback bug in RSA PMS... no for version rollback bug in Client Hello... no whether the server ignores the RSA PMS version... no whether small records (512 bytes) are tolerated on handshake... yes whether cipher suites not in SSL 3.0 spec are accepted... yes whether a bogus TLS record version in the client hello is accepted... yes whether the server understands TLS closure alerts... partially whether the server supports session resumption... yes for anonymous authentication support... no for ephemeral Diffie-Hellman support... no for RFC7919 Diffie-Hellman support... no for AES-GCM cipher (RFC5288) support... no for AES-CCM cipher (RFC6655) support... no for AES-CCM-8 cipher (RFC6655) support... no for AES-CBC cipher (RFC3268) support... no for CAMELLIA-GCM cipher (RFC6367) support... no for CAMELLIA-CBC cipher (RFC5932) support... no # This is now correct: for 3DES-CBC cipher (RFC2246) support... yes # This is now correct: for ARCFOUR 128 cipher (RFC2246) support... yes for CHACHA20-POLY1305 cipher (RFC7905) support... no for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support... no for MD5 MAC support... yes for SHA1 MAC support... yes for SHA256 MAC support... no for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support... no Signed-off-by: Daniel Lenski --- src/cli-debug.c | 3 +++ src/tests.c | 26 +++++++++++++++++++++----- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/src/cli-debug.c b/src/cli-debug.c index ece03a2729..c98c0c6f4a 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -85,6 +85,9 @@ static const TLS_TEST tls_tests[] = { test_send_record_with_allow_small_records, "yes", "no", "dunno"}, #ifdef ENABLE_SSL3 {"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"}, + /* The following test will disable extensions if the server + * does support SSL 3.0, but only incompletely and without + * extensions. */ {"for SSL 3.0 with extensions", test_ssl3_with_extensions, "yes", "no", "dunno"}, {"for SSL 3.0 with cipher suites not in SSL 3.0 spec", test_ssl3_unknown_ciphersuites, "yes", "no", "dunno"}, diff --git a/src/tests.c b/src/tests.c index 8cc06347c1..c7f2662efe 100644 --- a/src/tests.c +++ b/src/tests.c @@ -635,8 +635,16 @@ test_code_t test_ssl3_with_extensions(gnutls_session_t session) gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = test_do_handshake(session); - if (ret == TEST_SUCCEED) - ssl3_ok = 1; + if (ssl3_ok != 0 && ret != TEST_SUCCEED) { + /* We need to disable extensions before trying TLS 1.0, because + * it also may not work with extensions. There are known servers + * which partially support both SSL 3.0 and TLS 1.0, but *both* + * only with disabled extensions: + * https://gitlab.com/gnutls/gnutls/-/issues/958#note_309267384 + */ + tls_ext_ok = 0; + strcat(rest, ":%NO_EXTENSIONS"); + } return ret; } @@ -645,7 +653,7 @@ test_code_t test_ssl3_unknown_ciphersuites(gnutls_session_t session) { int ret; sprintf(prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:%%NO_EXTENSIONS:" + ALL_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%s", rest); _gnutls_priority_set_direct(session, prio_str); @@ -1040,7 +1048,8 @@ test_code_t test_record_padding(gnutls_session_t session) if (ret == TEST_SUCCEED) { tls1_ok = 1; strcat(rest, ":%COMPAT"); - } + } else + ret = TEST_IGNORE2; /* neither succeeded */ } return ret; @@ -1050,6 +1059,12 @@ test_code_t test_no_extensions(gnutls_session_t session) { int ret; +#ifdef ENABLE_SSL3 + /* If already disabled by test_ssl3_with_extensions */ + if (ssl3_ok != 0 && tls_ext_ok == 0) + return TEST_FAILED; +#endif + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); @@ -1071,7 +1086,8 @@ test_code_t test_no_extensions(gnutls_session_t session) if (ret == TEST_SUCCEED) { tls_ext_ok = 0; strcat(rest, ":%NO_EXTENSIONS"); - } + } else + ret = TEST_IGNORE2; /* neither succeeded */ } return ret; -- cgit v1.2.1 From bb31aa5a55416831fe2dc59135929af1c612878d Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 12 Jun 2020 11:32:58 +0200 Subject: build: avoid -Wenum-conversion warnings with GCC 10 Signed-off-by: Daiki Ueno --- lib/algorithms.h | 13 +++++++++++++ lib/algorithms/sign.c | 2 +- lib/crypto-api.c | 4 ++-- lib/hash_int.c | 2 +- lib/nettle/pk.c | 8 ++++---- lib/tls-sig.c | 4 ++-- lib/tls13-sig.c | 4 ++-- lib/tls13/finished.c | 2 +- lib/x509/pkcs12.c | 4 ++-- lib/x509/pkcs7.c | 2 +- src/certtool.c | 6 +++--- tests/slow/hash-large.c | 2 +- 12 files changed, 33 insertions(+), 20 deletions(-) diff --git a/lib/algorithms.h b/lib/algorithms.h index 9cdb3abf7a..7a051b6365 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -174,11 +174,24 @@ inline static int _gnutls_mac_get_key_size(const mac_entry_st * e) return e->key_size; } +inline static gnutls_digest_algorithm_t +_gnutls_mac_to_dig(gnutls_mac_algorithm_t mac) +{ + if (unlikely(mac >= GNUTLS_MAC_AEAD)) + return GNUTLS_DIG_UNKNOWN; + + return (gnutls_digest_algorithm_t)mac; +} + +#define MAC_TO_DIG(mac) _gnutls_mac_to_dig(mac) + /* Functions for digests. */ #define _gnutls_x509_digest_to_oid _gnutls_x509_mac_to_oid #define _gnutls_digest_get_name _gnutls_mac_get_name #define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len +#define DIG_TO_MAC(dig) (gnutls_mac_algorithm_t)(dig) + /* Security against pre-image attacks */ inline static int _gnutls_digest_is_secure(const mac_entry_st * e) { diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 0d8d1a89c9..2728a54478 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -797,7 +797,7 @@ _gnutls_sign_get_hash_strength(gnutls_sign_algorithm_t sign) if (unlikely(se == NULL)) return 0; - me = mac_to_entry(se->hash); + me = hash_to_entry(se->hash); if (unlikely(me == NULL)) return 0; diff --git a/lib/crypto-api.c b/lib/crypto-api.c index caf8d713a3..00ecdd31b2 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -563,7 +563,7 @@ int gnutls_hash_init(gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm) { - if (is_mac_algo_forbidden(algorithm)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algorithm))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); *dig = gnutls_malloc(sizeof(digest_hd_st)); @@ -659,7 +659,7 @@ int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm, const void *ptext, size_t ptext_len, void *digest) { - if (is_mac_algo_forbidden(algorithm)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algorithm))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); return _gnutls_hash_fast(algorithm, ptext, ptext_len, digest); diff --git a/lib/hash_int.c b/lib/hash_int.c index d326960e80..90ae6cf140 100644 --- a/lib/hash_int.c +++ b/lib/hash_int.c @@ -80,7 +80,7 @@ int _gnutls_digest_exists(gnutls_digest_algorithm_t algo) { const gnutls_crypto_digest_st *cc = NULL; - if (is_mac_algo_forbidden(algo)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algo))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); cc = _gnutls_get_crypto_digest(algo); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index ccf403b007..57a8560ede 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -917,7 +917,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, /* This call will return a valid MAC entry and * getters will check that is not null anyway. */ - me = mac_to_entry(_gnutls_gost_digest(pk_params->algo)); + me = hash_to_entry(_gnutls_gost_digest(pk_params->algo)); if (_gnutls_mac_get_algo_len(me) != vdata->size) { gnutls_assert(); _gnutls_debug_log @@ -987,7 +987,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, ret = _gnutls_ecdsa_compute_k(k, curve_id, pk_params->params[ECC_K], - sign_params->dsa_dig, + DIG_TO_MAC(sign_params->dsa_dig), vdata->data, vdata->size); if (ret < 0) @@ -1056,7 +1056,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, ret = _gnutls_dsa_compute_k(k, pub.q, TOMPZ(priv), - sign_params->dsa_dig, + DIG_TO_MAC(sign_params->dsa_dig), vdata->data, vdata->size); if (ret < 0) @@ -1312,7 +1312,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, /* This call will return a valid MAC entry and * getters will check that is not null anyway. */ - me = mac_to_entry(_gnutls_gost_digest(pk_params->algo)); + me = hash_to_entry(_gnutls_gost_digest(pk_params->algo)); if (_gnutls_mac_get_algo_len(me) != vdata->size) return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); diff --git a/lib/tls-sig.c b/lib/tls-sig.c index 779e02c18f..7d2b04323e 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -160,7 +160,7 @@ _gnutls_handshake_sign_data10(gnutls_session_t session, dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len(me); - ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &dconcat, signature); if (ret < 0) { gnutls_assert(); @@ -788,7 +788,7 @@ _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session, dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len(me); - ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &dconcat, signature); if (ret < 0) { gnutls_assert(); diff --git a/lib/tls13-sig.c b/lib/tls13-sig.c index e15d8305e2..b14390e353 100644 --- a/lib/tls13-sig.c +++ b/lib/tls13-sig.c @@ -104,7 +104,7 @@ _gnutls13_handshake_verify_data(gnutls_session_t session, goto cleanup; } - ret = gnutls_hash_fast(session->security_parameters.prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id), session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len, prefix); @@ -186,7 +186,7 @@ _gnutls13_handshake_sign_data(gnutls_session_t session, goto cleanup; } - ret = gnutls_hash_fast(session->security_parameters.prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id), session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length, tmp); diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c index 35ab87f9af..68eab993ea 100644 --- a/lib/tls13/finished.c +++ b/lib/tls13/finished.c @@ -45,7 +45,7 @@ int _gnutls13_compute_finished(const mac_entry_st *prf, if (ret < 0) return gnutls_assert_val(ret); - ret = gnutls_hash_fast(prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(prf->id), handshake_hash_buffer->data, handshake_hash_buffer->length, ts_hash); diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index cdb284026a..2dc0823905 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1098,7 +1098,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) return _gnutls_asn2err(result); } - algo = gnutls_oid_to_digest(oid); + algo = DIG_TO_MAC(gnutls_oid_to_digest(oid)); if (algo == GNUTLS_MAC_UNKNOWN) { unknown_mac: gnutls_assert(); @@ -1970,7 +1970,7 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, *oid = (char*)tmp.data; } - algo = gnutls_oid_to_digest((char*)tmp.data); + algo = DIG_TO_MAC(gnutls_oid_to_digest((char*)tmp.data)); if (algo == GNUTLS_MAC_UNKNOWN || mac_to_entry(algo) == NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_HASH_ALGORITHM; diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 98669e8879..0ff55ba04b 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -2277,7 +2277,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, /* If we add any attribute we should add them all */ /* Add hash */ digest_size = _gnutls_hash_get_algo_len(me); - ret = gnutls_hash_fast(me->id, data->data, data->size, digest); + ret = gnutls_hash_fast(MAC_TO_DIG(me->id), data->data, data->size, digest); if (ret < 0) { gnutls_assert(); return ret; diff --git a/src/certtool.c b/src/certtool.c index 0e24ac8281..6bdfe376b1 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1426,9 +1426,9 @@ static void cmd_parser(int argc, char **argv) if (HAVE_OPT(VERIFY_PROFILE)) { if (strcasecmp(OPT_ARG(VERIFY_PROFILE), "none")) { - cinfo.verification_profile = GNUTLS_PROFILE_UNKNOWN; + cinfo.verification_profile = (gnutls_sec_param_t)GNUTLS_PROFILE_UNKNOWN; } else { - cinfo.verification_profile = gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE)); + cinfo.verification_profile = (gnutls_sec_param_t)gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE)); } } else if (!HAVE_OPT(VERIFY_ALLOW_BROKEN)) { if (HAVE_OPT(VERIFY_CHAIN) || HAVE_OPT(VERIFY)) { @@ -2956,7 +2956,7 @@ void generate_pkcs12(common_info_st * cinfo) } if (cinfo->hash != GNUTLS_DIG_UNKNOWN) - mac = cinfo->hash; + mac = (gnutls_mac_algorithm_t)cinfo->hash; else mac = GNUTLS_MAC_SHA1; diff --git a/tests/slow/hash-large.c b/tests/slow/hash-large.c index 33dc1df0da..71312ef369 100644 --- a/tests/slow/hash-large.c +++ b/tests/slow/hash-large.c @@ -139,7 +139,7 @@ void doit(void) /* SHA1 */ err = - gnutls_hash_fast(GNUTLS_MAC_SHA1, buf, size, + gnutls_hash_fast(GNUTLS_DIG_SHA1, buf, size, digest); if (err < 0) fail("gnutls_hash_fast(SHA1) failed: %d\n", err); -- cgit v1.2.1 From e71f5fea0974e7bc4f94e35dab31f0cc0723087f Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 12 Jun 2020 11:34:38 +0200 Subject: .gitignore: ignore more files Signed-off-by: Daiki Ueno --- .gitignore | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 88c4d33b68..2b23292693 100644 --- a/.gitignore +++ b/.gitignore @@ -344,6 +344,7 @@ tests/atfork tests/auto-verify tests/base64 tests/base64-raw +tests/buffer tests/cert tests/cert-key-exchange tests/cert-status @@ -353,6 +354,7 @@ tests/certificate_set_x509_crl tests/certuniqueid tests/chainverify tests/chainverify-unsorted +tests/cipher-alignment tests/cipher-test tests/client tests/client-fastopen @@ -376,6 +378,7 @@ tests/cve-2009-1416 tests/dane tests/dane-strcodes tests/datefudge-check +tests/dh-compute tests/dh-params tests/dhepskself tests/dhex509self @@ -386,6 +389,7 @@ tests/dtls-client-with-seccomp tests/dtls-etm tests/dtls-handshake-versions tests/dtls-max-record +tests/dtls-pthread tests/dtls-record-check tests/dtls-rehandshake-anon tests/dtls-rehandshake-cert @@ -402,9 +406,11 @@ tests/dtls1.0-cert-key-exchange tests/dtls1.2-cert-key-exchange tests/dtls10-cert-key-exchange tests/dtls12-cert-key-exchange +tests/dtls_hello_random_value tests/duplicate-extensions tests/eagain tests/eagain-auto-auth +tests/ecdh-compute tests/empty_retrieve_function tests/fallback-scsv tests/finished @@ -414,6 +420,7 @@ tests/fips-test tests/gc tests/global-init tests/global-init-override +tests/gnutls-ids tests/gnutls-strcodes tests/gnutls_ext_raw_parse tests/gnutls_ext_raw_parse_dtls @@ -454,6 +461,7 @@ tests/key-usage-ecdhe-rsa tests/key-usage-rsa tests/keygen tests/keylog-env +tests/keylog-func tests/libpkcs11mock1.la tests/libpkcs11mock2.la tests/libutils.la @@ -521,6 +529,8 @@ tests/mini-x509-ipaddr tests/mini-x509-kx tests/mini-x509-rehandshake tests/mini-xssl +tests/missingissuer +tests/missingissuer_aia tests/moredn tests/mpi tests/multi-alerts @@ -537,6 +547,7 @@ tests/ocsp tests/ocsp-filename-memleak tests/ocsp-resp tests/oids +tests/openconnect-dtls12 tests/openpgp-auth tests/openpgp-auth2 tests/openpgp-callback @@ -617,6 +628,7 @@ tests/privkey-keygen tests/privkey-verify-broken tests/psk-file tests/pskself +tests/pskself2 tests/pubkey-import-export tests/random-art tests/rawpk-api @@ -643,6 +655,8 @@ tests/resume-with-previous-stek tests/resume-with-record-size-limit tests/resume-with-stek-expiration tests/resume-x509 +tests/rfc7633-missing +tests/rfc7633-ok tests/rng-fork tests/rng-no-onload tests/rng-op-key @@ -693,6 +707,7 @@ tests/set_x509_key_file_ocsp_multi tests/set_x509_key_file_ocsp_multi2 tests/set_x509_key_mem tests/set_x509_key_utf8 +tests/set_x509_ocsp_multi_cli tests/set_x509_ocsp_multi_invalid tests/set_x509_ocsp_multi_pem tests/set_x509_ocsp_multi_unknown @@ -705,10 +720,12 @@ tests/sign-md5-rep tests/sign-pk-api tests/sign-verify tests/sign-verify-data +tests/sign-verify-data-newapi tests/sign-verify-deterministic tests/sign-verify-ed25519-rfc8080 tests/sign-verify-ext tests/sign-verify-ext4 +tests/sign-verify-newapi tests/simple tests/slow/cipher-api-test tests/slow/cipher-compat @@ -722,6 +739,8 @@ tests/slow/hash-large tests/slow/keygen tests/slow/mac-override tests/softhsm-*.db/ +tests/softhsm-neg-no-key.config +tests/softhsm-post-handshake-with-cert-pkcs11.config tests/spki tests/spki-abstract tests/srp @@ -767,7 +786,10 @@ tests/suite/testpkcs11.debug tests/suite/testtpm.sh tests/suite/tlslite tests/suite/x509paths/X509tests +tests/system-override-hash +tests/system-override-sig tests/system-prio-file +tests/time tests/tls-client-with-seccomp tests/tls-crt_type-neg tests/tls-etm @@ -777,6 +799,7 @@ tests/tls-force-etm tests/tls-max-record tests/tls-neg-ext-key tests/tls-neg-ext4-key +tests/tls-pthread tests/tls-record-size-limit tests/tls-record-size-limit-asym tests/tls-rehandshake-anon @@ -827,6 +850,7 @@ tests/tls13-rehandshake-cert tests/tls13-resume-psk tests/tls13-resume-x509 tests/tls13-server-kx-neg +tests/tls13-without-timeout-func tests/tls13/anti_replay tests/tls13/change_cipher_spec tests/tls13/cookie @@ -837,6 +861,7 @@ tests/tls13/key_share tests/tls13/key_update tests/tls13/key_update_multiple tests/tls13/multi-ocsp +tests/tls13/no-auto-send-ticket tests/tls13/no-psk-exts tests/tls13/ocsp-client tests/tls13/post-handshake-with-cert @@ -851,7 +876,7 @@ tests/tls13/psk-dumbfw tests/tls13/psk-ext tests/tls13/supported_versions tests/tls13/tls12-no-tls13-exts -tests/tls13/no-auto-send-ticket +tests/tls_hello_random_value tests/tlsext-decoding tests/tlsfeature-crt tests/tlsfeature-ext @@ -871,6 +896,7 @@ tests/x509-dn tests/x509-dn-decode tests/x509-dn-decode-compat tests/x509-extensions +tests/x509-server-verify tests/x509-verify-with-crl tests/x509_altname tests/x509cert -- cgit v1.2.1 From 04adaebaca1ef2ab2641e8a744d73f964cf5c922 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 12 Jun 2020 16:50:14 +0200 Subject: .gitlab-ci.yml: bump configure cache version Signed-off-by: Daiki Ueno --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 86b2d589fb..628dd367b1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ stages: # name to allow expiration of old caches. cache: - key: "$CI_JOB_NAME-ver15" + key: "$CI_JOB_NAME-ver16" paths: - cache/ -- cgit v1.2.1 From 743d49190329653c79ef2d587294cd0413087da3 Mon Sep 17 00:00:00 2001 From: Fiona Klute Date: Tue, 16 Jun 2020 20:48:44 +0200 Subject: Detect Python interpreter instead of assuming "python" This makes the extended test suite work one Debian(-ish) systems without Python 2, where the Python 3 interpreter is called "python3". Signed-off-by: Fiona Klute --- configure.ac | 3 +++ tests/suite/Makefile.am | 1 + tests/suite/multi-ticket-reception.sh | 14 +++++++++----- tests/suite/tls-fuzzer/tls-fuzzer-common.sh | 6 +++++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index a616a34018..25adba492a 100644 --- a/configure.ac +++ b/configure.ac @@ -462,6 +462,9 @@ fi AM_CONDITIONAL(WANT_TEST_SUITE, test "$full_test_suite" = "yes") +# parts of the extended test suite use Python +AM_PATH_PYTHON(,, [:]) + AC_ARG_ENABLE(oldgnutls-interop, AS_HELP_STRING([--enable-oldgnutls-interop], [enable interoperability testing with old gnutls version]), enable_oldgnutls_interop=$enableval, enable_oldgnutls_interop=no) diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index 025f513f78..d6f6ff135b 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -48,6 +48,7 @@ scripts_to_test = chain.sh \ TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ LC_ALL="C" \ + PYTHON="$(PYTHON)" \ VALGRIND="$(VALGRIND)" \ top_builddir="$(top_builddir)" \ srcdir="$(srcdir)" \ diff --git a/tests/suite/multi-ticket-reception.sh b/tests/suite/multi-ticket-reception.sh index d84367703c..6c0113e372 100755 --- a/tests/suite/multi-ticket-reception.sh +++ b/tests/suite/multi-ticket-reception.sh @@ -26,6 +26,10 @@ PYPATH="${srcdir}/tls-fuzzer/tlsfuzzer/" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" unset RETCODE +if test "${PYTHON}" = ":" ; then + exit 77 +fi + if ! test -x "${TLSPY_SERV}"; then exit 77 fi @@ -36,7 +40,7 @@ fi if test "${WINDIR}" != ""; then exit 77 -fi +fi if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" @@ -45,7 +49,7 @@ fi . "${srcdir}/../scripts/common.sh" KEY1=${srcdir}/tls-fuzzer/tlslite-ng/tests/serverX509Key.pem -CERT1=${srcdir}/tls-fuzzer/tlsfuzzer/tests/serverX509Cert.pem +CERT1=${srcdir}/tls-fuzzer/tlsfuzzer/tests/serverX509Cert.pem #create links necessary for tlslite to function test -L "${srcdir}/tls-fuzzer/tlsfuzzer/ecdsa" || \ @@ -56,7 +60,7 @@ test -L "${srcdir}/tls-fuzzer/tlsfuzzer/tlslite" || \ echo "Checking whether receiving 1 ticket succeeds (sanity)" eval "${GETPORT}" -PYTHONPATH="${PYPATH}" ${TLSPY_SERV} server --tickets 1 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & +PYTHONPATH="${PYPATH}" "${PYTHON}" ${TLSPY_SERV} server --tickets 1 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & PID=$! wait_server ${PID} @@ -70,7 +74,7 @@ wait echo "Checking whether receiving 3 tickets in the same record succeeds" eval "${GETPORT}" -PYTHONPATH="${PYPATH}" ${TLSPY_SERV} server --tickets 3 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & +PYTHONPATH="${PYPATH}" "${PYTHON}" ${TLSPY_SERV} server --tickets 3 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & PID=$! wait_server ${PID} @@ -84,7 +88,7 @@ wait echo "Checking whether receiving multiple tickets that span many records succeeds" eval "${GETPORT}" -PYTHONPATH="${PYPATH}" ${TLSPY_SERV} server --tickets 1512 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & +PYTHONPATH="${PYPATH}" "${PYTHON}" ${TLSPY_SERV} server --tickets 1512 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & PID=$! wait_server ${PID} diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-common.sh b/tests/suite/tls-fuzzer/tls-fuzzer-common.sh index b41f068a07..72ed56df19 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-common.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-common.sh @@ -33,6 +33,10 @@ if ! test -d "${srcdir}/tls-fuzzer/tlsfuzzer" ; then exit 77 fi +if test "${PYTHON}" = ":" ; then + exit 77 +fi + pushd "${srcdir}/tls-fuzzer/tlsfuzzer" test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa @@ -44,7 +48,7 @@ retval=0 tls_fuzzer_prepare -PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV} 821 +PYTHONPATH=. "${PYTHON}" tests/scripts_retention.py ${TMPFILE} ${SERV} 821 retval=$? rm -f ${TMPFILE} -- cgit v1.2.1 -- cgit v1.2.1 From e940611cd45da7dc16b337109f03f3d9aa5b3f25 Mon Sep 17 00:00:00 2001 From: Lei Maohui Date: Mon, 8 Jun 2020 16:15:07 +0900 Subject: Modied the license to GPLv2.1+ to keep with LICENSE file. Signed-off-by: Lei Maohui --- lib/x509/krb5.c | 20 +++++++++++--------- lib/x509/krb5.h | 20 +++++++++++--------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/lib/x509/krb5.c b/lib/x509/krb5.c index 7fe84e651d..d68c737570 100644 --- a/lib/x509/krb5.c +++ b/lib/x509/krb5.c @@ -1,21 +1,23 @@ /* * Copyright (C) 2015 Red Hat, Inc. * + * Author: Nikos Mavrogiannopoulos + * * This file is part of GnuTLS. * - * GnuTLS is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * - * GnuTLS is distributed in the hope that it will be useful, but + * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see - * . */ #include diff --git a/lib/x509/krb5.h b/lib/x509/krb5.h index d8926af67a..815bb28f72 100644 --- a/lib/x509/krb5.h +++ b/lib/x509/krb5.h @@ -1,21 +1,23 @@ /* * Copyright (C) 2015 Red Hat, Inc. * + * Author: Nikos Mavrogiannopoulos + * * This file is part of GnuTLS. * - * GnuTLS is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * - * GnuTLS is distributed in the hope that it will be useful, but + * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see - * . */ #ifndef GNUTLS_LIB_X509_KRB5_H -- cgit v1.2.1 From bc4f12f81e8ab2cea6b63138a2f98ee9c25f86fc Mon Sep 17 00:00:00 2001 From: Fiona Klute Date: Sun, 14 Jun 2020 12:52:46 +0200 Subject: Wipe session ticket keys before releasing the session structure This includes both a copy of the master key and one or two derived keys, all of which could be used to decrypt session tickets if stolen. The derived keys could only be used for tickets issued within a certain time frame (by default several hours). The documentation for gnutls_session_ticket_enable_server() already states that the master key should be wiped before releasing it, and the same should apply to internal copies. Signed-off-by: Fiona Klute --- lib/state.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/state.c b/lib/state.c index 7d0a77dc95..817a7b8cd8 100644 --- a/lib/state.c +++ b/lib/state.c @@ -714,6 +714,14 @@ void gnutls_deinit(gnutls_session_t session) /* overwrite any temp TLS1.3 keys */ gnutls_memset(&session->key.proto, 0, sizeof(session->key.proto)); + /* clear session ticket keys */ + gnutls_memset(&session->key.session_ticket_key, 0, + TICKET_MASTER_KEY_SIZE); + gnutls_memset(&session->key.previous_ticket_key, 0, + TICKET_MASTER_KEY_SIZE); + gnutls_memset(&session->key.initial_stek, 0, + TICKET_MASTER_KEY_SIZE); + gnutls_mutex_deinit(&session->internals.post_negotiation_lock); gnutls_mutex_deinit(&session->internals.epoch_lock); -- cgit v1.2.1 From f643e418e5e5220fe2e332c99275808229ce59ae Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 26 Jun 2020 09:43:02 +0200 Subject: dh-primes: add MODP primes from RFC 3526 Signed-off-by: Daiki Ueno --- lib/dh-primes.c | 933 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/dh.h | 29 ++ 2 files changed, 962 insertions(+) diff --git a/lib/dh-primes.c b/lib/dh-primes.c index d785584d0f..5d2dce0fb6 100644 --- a/lib/dh-primes.c +++ b/lib/dh-primes.c @@ -960,4 +960,937 @@ const gnutls_datum_t gnutls_ffdhe_8192_group_generator = { }; const unsigned int gnutls_ffdhe_8192_key_bits = 512; +static const unsigned char modp_generator = 0x02; + +static const unsigned char modp_params_2048[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, + 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, + 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, + 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, + 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, + 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, + 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, + 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, + 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, + 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, + 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, + 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, + 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, + 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, + 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, + 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, + 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, + 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, + 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, + 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, + 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, + 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, + 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, + 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, + 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, + 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, + 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, + 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, + 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, + 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF +}; + +static const unsigned char modp_q_2048[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, + 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, + 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, + 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, + 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, + 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, + 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, + 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, + 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, + 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, + 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, + 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, + 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, + 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, + 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, + 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, + 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, + 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, + 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, + 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, + 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, + 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, + 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, + 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, + 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, + 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, + 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, + 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, + 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, + 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, + 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, + 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, + 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, + 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, + 0x56, 0x55, 0x34, 0x7F, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF +}; + +const gnutls_datum_t gnutls_modp_2048_group_prime = { + (void *) modp_params_2048, sizeof(modp_params_2048) +}; +const gnutls_datum_t gnutls_modp_2048_group_q = { + (void *) modp_q_2048, sizeof(modp_q_2048) +}; +const gnutls_datum_t gnutls_modp_2048_group_generator = { + (void *) &modp_generator, sizeof(modp_generator) +}; +const unsigned int gnutls_modp_2048_key_bits = 256; + +static const unsigned char modp_params_3072[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, + 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, + 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, + 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, + 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, + 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, + 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, + 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, + 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, + 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, + 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, + 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, + 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, + 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, + 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, + 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, + 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, + 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, + 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, + 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, + 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, + 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, + 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, + 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, + 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, + 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, + 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, + 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, + 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, + 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, + 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, + 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, + 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, + 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, + 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, + 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, + 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, + 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, + 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, + 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, + 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, + 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, + 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, + 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, + 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, + 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; + +static const unsigned char modp_q_3072[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, + 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, + 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, + 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, + 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, + 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, + 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, + 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, + 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, + 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, + 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, + 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, + 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, + 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, + 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, + 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, + 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, + 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, + 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, + 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, + 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, + 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, + 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, + 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, + 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, + 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, + 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, + 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, + 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, + 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, + 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, + 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, + 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, + 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, + 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, + 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, + 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, + 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, + 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, + 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, + 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, + 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, + 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, + 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, + 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, + 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, + 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, + 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, + 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, + 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, + 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, + 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, + 0x90, 0x54, 0x9D, 0x69, 0x65, 0x7F, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; + +const gnutls_datum_t gnutls_modp_3072_group_prime = { + (void *) modp_params_3072, sizeof(modp_params_3072) +}; +const gnutls_datum_t gnutls_modp_3072_group_q = { + (void *) modp_q_3072, sizeof(modp_q_3072) +}; +const gnutls_datum_t gnutls_modp_3072_group_generator = { + (void *) &modp_generator, sizeof(modp_generator) +}; +const unsigned int gnutls_modp_3072_key_bits = 276; + +static const unsigned char modp_params_4096[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, + 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, + 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, + 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, + 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, + 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, + 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, + 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, + 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, + 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, + 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, + 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, + 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, + 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, + 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, + 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, + 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, + 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, + 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, + 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, + 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, + 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, + 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, + 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, + 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, + 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, + 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, + 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, + 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, + 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, + 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, + 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, + 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, + 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, + 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, + 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, + 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, + 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, + 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, + 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, + 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, + 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, + 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, + 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, + 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, + 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, + 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, + 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, + 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, + 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, + 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, + 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, + 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, + 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, + 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, + 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, + 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, + 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, + 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, + 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, + 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, + 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, + 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, + 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF +}; + +static const unsigned char modp_q_4096[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, + 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, + 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, + 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, + 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, + 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, + 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, + 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, + 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, + 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, + 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, + 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, + 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, + 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, + 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, + 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, + 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, + 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, + 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, + 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, + 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, + 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, + 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, + 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, + 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, + 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, + 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, + 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, + 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, + 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, + 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, + 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, + 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, + 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, + 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, + 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, + 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, + 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, + 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, + 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, + 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, + 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, + 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, + 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, + 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, + 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, + 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, + 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, + 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, + 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, + 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, + 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, + 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, + 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, + 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, + 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, + 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, + 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, + 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, + 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, + 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, + 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, + 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, + 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, + 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, + 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, + 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, + 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, + 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, + 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, + 0xFA, 0x1A, 0xE4, 0x9A, 0x03, 0x18, 0xCC, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF +}; + +const gnutls_datum_t gnutls_modp_4096_group_prime = { + (void *) modp_params_4096, sizeof(modp_params_4096) +}; +const gnutls_datum_t gnutls_modp_4096_group_q = { + (void *) modp_q_4096, sizeof(modp_q_4096) +}; +const gnutls_datum_t gnutls_modp_4096_group_generator = { + (void *) &modp_generator, sizeof(modp_generator) +}; +const unsigned int gnutls_modp_4096_key_bits = 336; + +static const unsigned char modp_params_6144[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, + 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, + 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, + 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, + 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, + 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, + 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, + 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, + 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, + 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, + 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, + 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, + 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, + 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, + 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, + 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, + 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, + 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, + 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, + 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, + 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, + 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, + 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, + 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, + 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, + 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, + 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, + 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, + 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, + 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, + 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, + 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, + 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, + 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, + 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, + 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, + 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, + 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, + 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, + 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, + 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, + 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, + 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, + 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, + 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, + 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, + 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, + 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, + 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, + 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, + 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, + 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, + 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, + 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, + 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, + 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, + 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, + 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, + 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, + 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, + 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, + 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, + 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, + 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, + 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, + 0x26, 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, + 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, + 0xBA, 0x37, 0xBD, 0xF8, 0xFF, 0x94, 0x06, + 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, + 0x2F, 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, + 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, + 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, + 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, + 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, + 0xBB, 0x1B, 0xDB, 0x7F, 0x14, 0x47, 0xE6, + 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, + 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, + 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, + 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, + 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, + 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, + 0xF6, 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, + 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, + 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, + 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, + 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, + 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, + 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, + 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, + 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, + 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, + 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, + 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, + 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, + 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, 0xDA, + 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, + 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, + 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, + 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, + 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, + 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; + +static const unsigned char modp_q_6144[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, + 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, + 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, + 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, + 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, + 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, + 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, + 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, + 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, + 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, + 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, + 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, + 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, + 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, + 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, + 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, + 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, + 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, + 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, + 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, + 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, + 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, + 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, + 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, + 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, + 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, + 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, + 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, + 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, + 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, + 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, + 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, + 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, + 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, + 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, + 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, + 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, + 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, + 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, + 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, + 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, + 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, + 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, + 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, + 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, + 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, + 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, + 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, + 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, + 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, + 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, + 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, + 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, + 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, + 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, + 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, + 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, + 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, + 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, + 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, + 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, + 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, + 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, + 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, + 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, + 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, + 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, + 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, + 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, + 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, + 0xFA, 0x1A, 0xE4, 0x9A, 0x01, 0x42, 0x49, + 0x1B, 0x61, 0xFD, 0x5A, 0x69, 0x3E, 0x38, + 0x13, 0x60, 0xEA, 0x6E, 0x59, 0x30, 0x13, + 0x23, 0x6F, 0x64, 0xBA, 0x8F, 0x3B, 0x1E, + 0xDD, 0x1B, 0xDE, 0xFC, 0x7F, 0xCA, 0x03, + 0x56, 0xCF, 0x29, 0x87, 0x72, 0xED, 0x9C, + 0x17, 0xA0, 0x98, 0x00, 0xD7, 0x58, 0x35, + 0x29, 0xF6, 0xC8, 0x13, 0xEC, 0x18, 0x8B, + 0xCB, 0x93, 0xD8, 0x43, 0x2D, 0x44, 0x8C, + 0x6D, 0x1F, 0x6D, 0xF5, 0xE7, 0xCD, 0x8A, + 0x76, 0xA2, 0x67, 0x36, 0x5D, 0x67, 0x6A, + 0x5D, 0x8D, 0xED, 0xBF, 0x8A, 0x23, 0xF3, + 0x66, 0x12, 0xA5, 0x99, 0x90, 0x28, 0xA8, + 0x95, 0xEB, 0xD7, 0xA1, 0x37, 0xDC, 0x7A, + 0x00, 0x9B, 0xC6, 0x69, 0x5F, 0xAC, 0xC1, + 0xE5, 0x00, 0xE3, 0x25, 0xC9, 0x76, 0x78, + 0x19, 0x75, 0x0A, 0xE8, 0xB9, 0x0E, 0x81, + 0xFA, 0x41, 0x6B, 0xE7, 0x37, 0x3A, 0x7F, + 0x7B, 0x6A, 0xAF, 0x38, 0x17, 0xA3, 0x4C, + 0x06, 0x41, 0x5A, 0xD4, 0x20, 0x18, 0xC8, + 0x05, 0x8E, 0x4F, 0x2C, 0xF3, 0xE4, 0xBF, + 0xDF, 0x63, 0xF4, 0x79, 0x91, 0xD4, 0xBD, + 0x3F, 0x1B, 0x66, 0x44, 0x5F, 0x07, 0x8E, + 0xA2, 0xDB, 0xFF, 0xAC, 0x2D, 0x62, 0xA5, + 0xEA, 0x03, 0xD9, 0x15, 0xA0, 0xAA, 0x55, + 0x66, 0x47, 0xB6, 0xBF, 0x5F, 0xA4, 0x70, + 0xEC, 0x0A, 0x66, 0x2F, 0x69, 0x07, 0xC0, + 0x1B, 0xF0, 0x53, 0xCB, 0x8A, 0xF7, 0x79, + 0x4D, 0xF1, 0x94, 0x03, 0x50, 0xEA, 0xC5, + 0xDB, 0xE2, 0xED, 0x3B, 0x7A, 0xA8, 0x55, + 0x1E, 0xC5, 0x0F, 0xDF, 0xF8, 0x75, 0x8C, + 0xE6, 0x58, 0xD1, 0x89, 0xEA, 0xAE, 0x6D, + 0x2B, 0x64, 0xF6, 0x17, 0x79, 0x4B, 0x19, + 0x1C, 0x3F, 0xF4, 0x6B, 0xB7, 0x1E, 0x02, + 0x34, 0x02, 0x1F, 0x47, 0xB3, 0x1F, 0xA4, + 0x30, 0x77, 0x09, 0x5F, 0x96, 0xAD, 0x85, + 0xBA, 0x3A, 0x6B, 0x73, 0x4A, 0x7C, 0x8F, + 0x36, 0xE6, 0x20, 0x12, 0x7F, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; + +const gnutls_datum_t gnutls_modp_6144_group_prime = { + (void *) modp_params_6144, sizeof(modp_params_6144) +}; +const gnutls_datum_t gnutls_modp_6144_group_q = { + (void *) modp_q_6144, sizeof(modp_q_6144) +}; +const gnutls_datum_t gnutls_modp_6144_group_generator = { + (void *) &modp_generator, sizeof(modp_generator) +}; +const unsigned int gnutls_modp_6144_key_bits = 376; + +static const unsigned char modp_params_8192[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, + 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, + 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, + 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, + 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, + 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, + 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, + 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, + 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, + 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, + 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, + 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, + 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, + 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, + 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, + 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, + 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, + 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, + 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, + 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, + 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, + 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, + 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, + 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, + 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, + 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, + 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, + 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, + 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, + 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, + 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, + 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, + 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, + 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, + 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, + 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, + 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, + 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, + 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, + 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, + 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, + 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, + 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, + 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, + 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, + 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, + 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, + 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, + 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, + 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, + 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, + 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, + 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, + 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, + 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, + 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, + 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, + 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, + 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, + 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, + 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, + 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, + 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, + 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, + 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, + 0x26, 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, + 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, + 0xBA, 0x37, 0xBD, 0xF8, 0xFF, 0x94, 0x06, + 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, + 0x2F, 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, + 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, + 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, + 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, + 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, + 0xBB, 0x1B, 0xDB, 0x7F, 0x14, 0x47, 0xE6, + 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, + 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, + 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, + 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, + 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, + 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, + 0xF6, 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, + 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, + 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, + 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, + 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, + 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, + 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, + 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, + 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, + 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, + 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, + 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, + 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, + 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, 0xDA, + 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, + 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, + 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, + 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, + 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, + 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, + 0x6F, 0x12, 0xFE, 0xE5, 0xE4, 0x38, 0x77, + 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, + 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA, + 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, + 0x00, 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, + 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, 0x6B, + 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, + 0x5A, 0xE4, 0xF5, 0x68, 0x34, 0x23, 0xB4, + 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, + 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D, 0xE3, + 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, + 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, + 0x07, 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, + 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, + 0xEA, 0x30, 0x6B, 0x4B, 0xCB, 0xC8, 0x86, + 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, + 0x7F, 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, + 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, 0x06, + 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, + 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, + 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, + 0x6A, 0x36, 0x45, 0x97, 0xE8, 0x99, 0xA0, + 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, + 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, + 0x19, 0x5D, 0xED, 0x7E, 0xA1, 0xB1, 0xD5, + 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, + 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, + 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, + 0x92, 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, + 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, 0xD5, + 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, + 0xFC, 0x02, 0x6E, 0x47, 0x95, 0x58, 0xE4, + 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, + 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, 0xC8, + 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, + 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, + 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF +}; + +static const unsigned char modp_q_8192[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, + 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, + 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, + 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, + 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, + 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, + 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, + 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, + 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, + 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, + 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, + 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, + 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, + 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, + 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, + 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, + 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, + 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, + 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, + 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, + 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, + 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, + 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, + 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, + 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, + 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, + 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, + 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, + 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, + 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, + 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, + 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, + 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, + 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, + 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, + 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, + 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, + 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, + 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, + 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, + 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, + 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, + 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, + 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, + 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, + 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, + 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, + 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, + 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, + 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, + 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, + 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, + 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, + 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, + 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, + 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, + 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, + 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, + 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, + 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, + 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, + 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, + 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, + 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, + 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, + 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, + 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, + 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, + 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, + 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, + 0xFA, 0x1A, 0xE4, 0x9A, 0x01, 0x42, 0x49, + 0x1B, 0x61, 0xFD, 0x5A, 0x69, 0x3E, 0x38, + 0x13, 0x60, 0xEA, 0x6E, 0x59, 0x30, 0x13, + 0x23, 0x6F, 0x64, 0xBA, 0x8F, 0x3B, 0x1E, + 0xDD, 0x1B, 0xDE, 0xFC, 0x7F, 0xCA, 0x03, + 0x56, 0xCF, 0x29, 0x87, 0x72, 0xED, 0x9C, + 0x17, 0xA0, 0x98, 0x00, 0xD7, 0x58, 0x35, + 0x29, 0xF6, 0xC8, 0x13, 0xEC, 0x18, 0x8B, + 0xCB, 0x93, 0xD8, 0x43, 0x2D, 0x44, 0x8C, + 0x6D, 0x1F, 0x6D, 0xF5, 0xE7, 0xCD, 0x8A, + 0x76, 0xA2, 0x67, 0x36, 0x5D, 0x67, 0x6A, + 0x5D, 0x8D, 0xED, 0xBF, 0x8A, 0x23, 0xF3, + 0x66, 0x12, 0xA5, 0x99, 0x90, 0x28, 0xA8, + 0x95, 0xEB, 0xD7, 0xA1, 0x37, 0xDC, 0x7A, + 0x00, 0x9B, 0xC6, 0x69, 0x5F, 0xAC, 0xC1, + 0xE5, 0x00, 0xE3, 0x25, 0xC9, 0x76, 0x78, + 0x19, 0x75, 0x0A, 0xE8, 0xB9, 0x0E, 0x81, + 0xFA, 0x41, 0x6B, 0xE7, 0x37, 0x3A, 0x7F, + 0x7B, 0x6A, 0xAF, 0x38, 0x17, 0xA3, 0x4C, + 0x06, 0x41, 0x5A, 0xD4, 0x20, 0x18, 0xC8, + 0x05, 0x8E, 0x4F, 0x2C, 0xF3, 0xE4, 0xBF, + 0xDF, 0x63, 0xF4, 0x79, 0x91, 0xD4, 0xBD, + 0x3F, 0x1B, 0x66, 0x44, 0x5F, 0x07, 0x8E, + 0xA2, 0xDB, 0xFF, 0xAC, 0x2D, 0x62, 0xA5, + 0xEA, 0x03, 0xD9, 0x15, 0xA0, 0xAA, 0x55, + 0x66, 0x47, 0xB6, 0xBF, 0x5F, 0xA4, 0x70, + 0xEC, 0x0A, 0x66, 0x2F, 0x69, 0x07, 0xC0, + 0x1B, 0xF0, 0x53, 0xCB, 0x8A, 0xF7, 0x79, + 0x4D, 0xF1, 0x94, 0x03, 0x50, 0xEA, 0xC5, + 0xDB, 0xE2, 0xED, 0x3B, 0x7A, 0xA8, 0x55, + 0x1E, 0xC5, 0x0F, 0xDF, 0xF8, 0x75, 0x8C, + 0xE6, 0x58, 0xD1, 0x89, 0xEA, 0xAE, 0x6D, + 0x2B, 0x64, 0xF6, 0x17, 0x79, 0x4B, 0x19, + 0x1C, 0x3F, 0xF4, 0x6B, 0xB7, 0x1E, 0x02, + 0x34, 0x02, 0x1F, 0x47, 0xB3, 0x1F, 0xA4, + 0x30, 0x77, 0x09, 0x5F, 0x96, 0xAD, 0x85, + 0xBA, 0x3A, 0x6B, 0x73, 0x4A, 0x7C, 0x8F, + 0x36, 0xDF, 0x08, 0xAC, 0xBA, 0x51, 0xC9, + 0x37, 0x89, 0x7F, 0x72, 0xF2, 0x1C, 0x3B, + 0xBE, 0x5B, 0x54, 0x99, 0x6F, 0xC6, 0x6C, + 0x5F, 0x62, 0x68, 0x39, 0xDC, 0x98, 0xDD, + 0x1D, 0xE4, 0x19, 0x5B, 0x46, 0xCE, 0xE9, + 0x80, 0x3A, 0x0F, 0xD3, 0xDF, 0xC5, 0x7E, + 0x23, 0xF6, 0x92, 0xBB, 0x7B, 0x49, 0xB5, + 0xD2, 0x12, 0x33, 0x1D, 0x55, 0xB1, 0xCE, + 0x2D, 0x72, 0x7A, 0xB4, 0x1A, 0x11, 0xDA, + 0x3A, 0x15, 0xF8, 0xE4, 0xBC, 0x11, 0xC7, + 0x8B, 0x65, 0xF1, 0xCE, 0xB2, 0x96, 0xF1, + 0xFE, 0xDC, 0x5F, 0x7E, 0x42, 0x45, 0x6C, + 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xBE, + 0x03, 0x89, 0xF5, 0xAB, 0xD4, 0x0D, 0x11, + 0xF8, 0x63, 0x9A, 0x39, 0xFE, 0x32, 0x36, + 0x75, 0x18, 0x35, 0xA5, 0xE5, 0xE4, 0x43, + 0x17, 0xC1, 0xC2, 0xEE, 0xFD, 0x4E, 0xA5, + 0xBF, 0xD1, 0x60, 0x43, 0xF4, 0x3C, 0xB4, + 0x19, 0x81, 0xF6, 0xAD, 0xEE, 0x9D, 0x03, + 0x15, 0x9E, 0x7A, 0xD9, 0xD1, 0x3C, 0x53, + 0x36, 0x95, 0x09, 0xFC, 0x1F, 0xA2, 0x7C, + 0x16, 0xEF, 0x98, 0x87, 0x70, 0x3A, 0x55, + 0xB5, 0x1B, 0x22, 0xCB, 0xF4, 0x4C, 0xD0, + 0x12, 0xAE, 0xE0, 0xB2, 0x79, 0x8E, 0x62, + 0x84, 0x23, 0x42, 0x8E, 0xFC, 0xD5, 0xA4, + 0x0C, 0xAE, 0xF6, 0xBF, 0x50, 0xD8, 0xEA, + 0x88, 0x5E, 0xBF, 0x73, 0xA6, 0xB9, 0xFD, + 0x79, 0xB5, 0xE1, 0x8F, 0x67, 0xD1, 0x34, + 0x1A, 0xC8, 0x23, 0x7A, 0x75, 0xC3, 0xCF, + 0xC9, 0x20, 0x04, 0xA1, 0xC5, 0xA4, 0x0E, + 0x36, 0x6B, 0xC4, 0x4D, 0x00, 0x17, 0x6A, + 0xF7, 0x1C, 0x15, 0xE4, 0x8C, 0x86, 0xD3, + 0x7E, 0x01, 0x37, 0x23, 0xCA, 0xAC, 0x72, + 0x23, 0xAB, 0x3B, 0xF4, 0xD5, 0x4F, 0x18, + 0x28, 0x71, 0x3B, 0x2B, 0x4A, 0x6F, 0xE4, + 0x0F, 0xAB, 0x74, 0x40, 0x5C, 0xB7, 0x38, + 0xB0, 0x64, 0xC0, 0x6E, 0xCC, 0x76, 0xE9, + 0xEF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF +}; + +const gnutls_datum_t gnutls_modp_8192_group_prime = { + (void *) modp_params_8192, sizeof(modp_params_8192) +}; +const gnutls_datum_t gnutls_modp_8192_group_q = { + (void *) modp_q_8192, sizeof(modp_q_8192) +}; +const gnutls_datum_t gnutls_modp_8192_group_generator = { + (void *) &modp_generator, sizeof(modp_generator) +}; +const unsigned int gnutls_modp_8192_key_bits = 512; + #endif diff --git a/lib/dh.h b/lib/dh.h index 9f3dc2a709..a64a4eb5e8 100644 --- a/lib/dh.h +++ b/lib/dh.h @@ -31,4 +31,33 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params, int _gnutls_set_cred_dh_params(gnutls_dh_params_t *cparams, gnutls_sec_param_t sec_param); +/* The static parameters defined in RFC 3526, used for the approved + * primes check in SP800-56A (Appendix D). + */ + +extern const gnutls_datum_t gnutls_modp_8192_group_prime; +extern const gnutls_datum_t gnutls_modp_8192_group_q; +extern const gnutls_datum_t gnutls_modp_8192_group_generator; +extern const unsigned int gnutls_modp_8192_key_bits; + +extern const gnutls_datum_t gnutls_modp_6144_group_prime; +extern const gnutls_datum_t gnutls_modp_6144_group_q; +extern const gnutls_datum_t gnutls_modp_6144_group_generator; +extern const unsigned int gnutls_modp_6144_key_bits; + +extern const gnutls_datum_t gnutls_modp_4096_group_prime; +extern const gnutls_datum_t gnutls_modp_4096_group_q; +extern const gnutls_datum_t gnutls_modp_4096_group_generator; +extern const unsigned int gnutls_modp_4096_key_bits; + +extern const gnutls_datum_t gnutls_modp_3072_group_prime; +extern const gnutls_datum_t gnutls_modp_3072_group_q; +extern const gnutls_datum_t gnutls_modp_3072_group_generator; +extern const unsigned int gnutls_modp_3072_key_bits; + +extern const gnutls_datum_t gnutls_modp_2048_group_prime; +extern const gnutls_datum_t gnutls_modp_2048_group_q; +extern const gnutls_datum_t gnutls_modp_2048_group_generator; +extern const unsigned int gnutls_modp_2048_key_bits; + #endif /* GNUTLS_LIB_DH_H */ -- cgit v1.2.1 From 07c80a2d677e9bebeaab0974deca21693fb173f6 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 26 Jun 2020 10:21:26 +0200 Subject: dhe: check if DH params in SKE match the FIPS approved algorithms SP800-56A rev. 3 restricts the FIPS compliant clients to use only approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a check in the handling of ServerKeyExchange if DHE is negotiated. Signed-off-by: Daiki Ueno --- doc/credentials/Makefile.am | 24 ++++ doc/credentials/dhparams/rfc2409-group-1-768.pem | 5 + doc/credentials/dhparams/rfc2409-group-2-1024.pem | 5 + doc/credentials/dhparams/rfc3526-group-14-2048.pem | 8 ++ doc/credentials/dhparams/rfc3526-group-15-3072.pem | 11 ++ doc/credentials/dhparams/rfc3526-group-16-4096.pem | 13 +++ doc/credentials/dhparams/rfc3526-group-17-6144.pem | 19 +++ doc/credentials/dhparams/rfc3526-group-18-8192.pem | 24 ++++ doc/credentials/dhparams/rfc3526-group-5-1536.pem | 7 ++ doc/credentials/dhparams/rfc5054-1024.pem | 5 + doc/credentials/dhparams/rfc5054-1536.pem | 7 ++ doc/credentials/dhparams/rfc5054-2048.pem | 8 ++ doc/credentials/dhparams/rfc5054-3072.pem | 11 ++ doc/credentials/dhparams/rfc5054-4096.pem | 13 +++ doc/credentials/dhparams/rfc5054-6144.pem | 19 +++ doc/credentials/dhparams/rfc5054-8192.pem | 24 ++++ doc/credentials/dhparams/rfc5114-group-22-1024.pem | 8 ++ doc/credentials/dhparams/rfc5114-group-23-2048.pem | 13 +++ doc/credentials/dhparams/rfc5114-group-24-2048.pem | 13 +++ doc/credentials/dhparams/rfc7919-ffdhe2048.pem | 8 ++ doc/credentials/dhparams/rfc7919-ffdhe3072.pem | 11 ++ doc/credentials/dhparams/rfc7919-ffdhe4096.pem | 14 +++ doc/credentials/dhparams/rfc7919-ffdhe6144.pem | 19 +++ doc/credentials/dhparams/rfc7919-ffdhe8192.pem | 24 ++++ lib/auth/dh_common.c | 8 ++ lib/dh-primes.c | 34 ++++++ lib/dh.h | 6 + tests/Makefile.am | 2 + tests/client-sign-md5-rep.c | 5 + tests/dh-fips-approved.sh | 127 +++++++++++++++++++++ tests/utils.c | 58 +++++----- 31 files changed, 521 insertions(+), 32 deletions(-) create mode 100644 doc/credentials/dhparams/rfc2409-group-1-768.pem create mode 100644 doc/credentials/dhparams/rfc2409-group-2-1024.pem create mode 100644 doc/credentials/dhparams/rfc3526-group-14-2048.pem create mode 100644 doc/credentials/dhparams/rfc3526-group-15-3072.pem create mode 100644 doc/credentials/dhparams/rfc3526-group-16-4096.pem create mode 100644 doc/credentials/dhparams/rfc3526-group-17-6144.pem create mode 100644 doc/credentials/dhparams/rfc3526-group-18-8192.pem create mode 100644 doc/credentials/dhparams/rfc3526-group-5-1536.pem create mode 100644 doc/credentials/dhparams/rfc5054-1024.pem create mode 100644 doc/credentials/dhparams/rfc5054-1536.pem create mode 100644 doc/credentials/dhparams/rfc5054-2048.pem create mode 100644 doc/credentials/dhparams/rfc5054-3072.pem create mode 100644 doc/credentials/dhparams/rfc5054-4096.pem create mode 100644 doc/credentials/dhparams/rfc5054-6144.pem create mode 100644 doc/credentials/dhparams/rfc5054-8192.pem create mode 100644 doc/credentials/dhparams/rfc5114-group-22-1024.pem create mode 100644 doc/credentials/dhparams/rfc5114-group-23-2048.pem create mode 100644 doc/credentials/dhparams/rfc5114-group-24-2048.pem create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe2048.pem create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe3072.pem create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe4096.pem create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe6144.pem create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe8192.pem create mode 100755 tests/dh-fips-approved.sh diff --git a/doc/credentials/Makefile.am b/doc/credentials/Makefile.am index ecdd57a106..25778856f6 100644 --- a/doc/credentials/Makefile.am +++ b/doc/credentials/Makefile.am @@ -31,3 +31,27 @@ EXTRA_DIST += srp-passwd.txt srp-tpasswd.conf EXTRA_DIST += psk-passwd.txt +EXTRA_DIST += \ + dhparams/rfc2409-group-1-768.pem \ + dhparams/rfc2409-group-2-1024.pem \ + dhparams/rfc3526-group-14-2048.pem \ + dhparams/rfc3526-group-15-3072.pem \ + dhparams/rfc3526-group-16-4096.pem \ + dhparams/rfc3526-group-17-6144.pem \ + dhparams/rfc3526-group-18-8192.pem \ + dhparams/rfc3526-group-5-1536.pem \ + dhparams/rfc5054-1024.pem \ + dhparams/rfc5054-1536.pem \ + dhparams/rfc5054-2048.pem \ + dhparams/rfc5054-3072.pem \ + dhparams/rfc5054-4096.pem \ + dhparams/rfc5054-6144.pem \ + dhparams/rfc5054-8192.pem \ + dhparams/rfc5114-group-22-1024.pem \ + dhparams/rfc5114-group-23-2048.pem \ + dhparams/rfc5114-group-24-2048.pem \ + dhparams/rfc7919-ffdhe2048.pem \ + dhparams/rfc7919-ffdhe3072.pem \ + dhparams/rfc7919-ffdhe4096.pem \ + dhparams/rfc7919-ffdhe6144.pem \ + dhparams/rfc7919-ffdhe8192.pem diff --git a/doc/credentials/dhparams/rfc2409-group-1-768.pem b/doc/credentials/dhparams/rfc2409-group-1-768.pem new file mode 100644 index 0000000000..33a6170188 --- /dev/null +++ b/doc/credentials/dhparams/rfc2409-group-1-768.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MGYCYQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5siUUoI +eY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummOjYg//// +//////8CAQI= +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc2409-group-2-1024.pem b/doc/credentials/dhparams/rfc2409-group-2-1024.pem new file mode 100644 index 0000000000..bbfb1bfb6f --- /dev/null +++ b/doc/credentials/dhparams/rfc2409-group-2-1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE +3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/ta +iZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc3526-group-14-2048.pem b/doc/credentials/dhparams/rfc3526-group-14-2048.pem new file mode 100644 index 0000000000..b150715320 --- /dev/null +++ b/doc/credentials/dhparams/rfc3526-group-14-2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc3526-group-15-3072.pem b/doc/credentials/dhparams/rfc3526-group-15-3072.pem new file mode 100644 index 0000000000..f27b778200 --- /dev/null +++ b/doc/credentials/dhparams/rfc3526-group-15-3072.pem @@ -0,0 +1,11 @@ +-----BEGIN DH PARAMETERS----- +MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS +yv//////////AgEC +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc3526-group-16-4096.pem b/doc/credentials/dhparams/rfc3526-group-16-4096.pem new file mode 100644 index 0000000000..a734b90505 --- /dev/null +++ b/doc/credentials/dhparams/rfc3526-group-16-4096.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI +ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O ++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI +HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI= +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc3526-group-17-6144.pem b/doc/credentials/dhparams/rfc3526-group-17-6144.pem new file mode 100644 index 0000000000..d8307bda3c --- /dev/null +++ b/doc/credentials/dhparams/rfc3526-group-17-6144.pem @@ -0,0 +1,19 @@ +-----BEGIN DH PARAMETERS----- +MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI +ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O ++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI +HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG +3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU +7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId +A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha +xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ +8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA +JP//////////AgEC +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc3526-group-18-8192.pem b/doc/credentials/dhparams/rfc3526-group-18-8192.pem new file mode 100644 index 0000000000..af54dd656e --- /dev/null +++ b/doc/credentials/dhparams/rfc3526-group-18-8192.pem @@ -0,0 +1,24 @@ +-----BEGIN DH PARAMETERS----- +MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI +ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O ++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI +HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG +3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU +7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId +A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha +xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ +8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R +WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk +ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw +xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4 +Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i +aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU +38gfVuiAuW5xYMmA3Zjt09///////////wIBAg== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc3526-group-5-1536.pem b/doc/credentials/dhparams/rfc3526-group-5-1536.pem new file mode 100644 index 0000000000..44df6de653 --- /dev/null +++ b/doc/credentials/dhparams/rfc3526-group-5-1536.pem @@ -0,0 +1,7 @@ +-----BEGIN DH PARAMETERS----- +MIHHAoHBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR +Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL +/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7ORbPcIAfLihY78FmNpINhxV05pp +Fj+o/STPX4NlXSPco62WHGLzViCFUrue1SkHcJaWbWcMNU5KvJgE8XRsCMojcyf/ +/////////wIBAg== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5054-1024.pem b/doc/credentials/dhparams/rfc5054-1024.pem new file mode 100644 index 0000000000..33aed9fabc --- /dev/null +++ b/doc/credentials/dhparams/rfc5054-1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAO6vCrmts43WnDP4CvqPxehgcmGHdf88C56iMUycJWV21nTfdJbqgdM4 +O0gT1pLG4ODV2OJQuYvkjklcHWCJ2tFdx9e0YVTWts6O9K1psV1JglWbKXvPGIXF +KfVmZg5X7GjtvDwFcmzAL9TL9Jduqpr9UTj+g3ZDW5/GHS/A6wbjAgEC +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5054-1536.pem b/doc/credentials/dhparams/rfc5054-1536.pem new file mode 100644 index 0000000000..dc2db6b421 --- /dev/null +++ b/doc/credentials/dhparams/rfc5054-1536.pem @@ -0,0 +1,7 @@ +-----BEGIN DH PARAMETERS----- +MIHHAoHBAJ3vPK+5OSd6sfEqhheke7vbpR30maxMgL7uqWFLGcxNX09fVW4ny95R +xqlL5GB6KRVYkDug0PhDgLZVu5oi6NzfAop87Gfw0IE0sci5eYkUm2CeC+O6tj1H +VIOB28Wx/HZOP0tT3Z2hFYv9PiucjPVu3wGVOTSWJ9sv1T0kt8SGZXcuQ31sf4zk +QnNK98y3roN8Jkrjqb64f4ov6bi1KS5aAh//XpFHnoznoowkQsbzFRgPk0maI03P +duP+0TX5uwIBAg== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5054-2048.pem b/doc/credentials/dhparams/rfc5054-2048.pem new file mode 100644 index 0000000000..814e70ce6a --- /dev/null +++ b/doc/credentials/dhparams/rfc5054-2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/DGSlD21YFCjcynLtKCZ +7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq +6CkYqZYvC5O4Vfl5k+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/uA +Fna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S+z +eGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb+7aUtcgD2J96 +5DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwIBAg== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5054-3072.pem b/doc/credentials/dhparams/rfc5054-3072.pem new file mode 100644 index 0000000000..d84b2424a0 --- /dev/null +++ b/doc/credentials/dhparams/rfc5054-3072.pem @@ -0,0 +1,11 @@ +-----BEGIN DH PARAMETERS----- +MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS +yv//////////AgEF +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5054-4096.pem b/doc/credentials/dhparams/rfc5054-4096.pem new file mode 100644 index 0000000000..99ca4456ba --- /dev/null +++ b/doc/credentials/dhparams/rfc5054-4096.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI +ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O ++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI +HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQU= +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5054-6144.pem b/doc/credentials/dhparams/rfc5054-6144.pem new file mode 100644 index 0000000000..97d8d21a97 --- /dev/null +++ b/doc/credentials/dhparams/rfc5054-6144.pem @@ -0,0 +1,19 @@ +-----BEGIN DH PARAMETERS----- +MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI +ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O ++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI +HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG +3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU +7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId +A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha +xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ +8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA +JP//////////AgEF +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5054-8192.pem b/doc/credentials/dhparams/rfc5054-8192.pem new file mode 100644 index 0000000000..bb54575c76 --- /dev/null +++ b/doc/credentials/dhparams/rfc5054-8192.pem @@ -0,0 +1,24 @@ +-----BEGIN DH PARAMETERS----- +MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI +ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O ++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI +HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG +3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU +7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId +A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha +xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ +8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R +WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk +ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw +xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4 +Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i +aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU +38gfVuiAuW5xYMmA3Zjt09///////////wIBEw== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5114-group-22-1024.pem b/doc/credentials/dhparams/rfc5114-group-22-1024.pem new file mode 100644 index 0000000000..759afcb2f5 --- /dev/null +++ b/doc/credentials/dhparams/rfc5114-group-22-1024.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y +mDjvHi7mUsAT7LSuqQYRIySXXDzUm4O/rMvdfZDEvXCYSI6cIZpzck7/1vrlZEc4 ++qMaT/VbzMChUa9fDci0vUW/N982XBpl5oz9p21NpwjfH7K8LkpDcQKBgQCk0cvV +w/00EmdlpELvuZkF+BBN0lisUH/WQGz/FCZtMSZv6h5cQVZLd35pD1UE8hMWAhe0 +sBuIal6RVH+eJ0n01/vX07mpLuGQnQ0iY/gKdqaiTAh6CR9THb8KAWm2oorWYqTR +jnOvoy13nVkY0IvIhY9Nzvl8KiSFXm7rIrOy5Q== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5114-group-23-2048.pem b/doc/credentials/dhparams/rfc5114-group-23-2048.pem new file mode 100644 index 0000000000..d4f360ef20 --- /dev/null +++ b/doc/credentials/dhparams/rfc5114-group-23-2048.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCgKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW +26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5 +S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF +2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB +pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451 +uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze +vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e +kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2 +xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK +gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh +vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+g== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc5114-group-24-2048.pem b/doc/credentials/dhparams/rfc5114-group-24-2048.pem new file mode 100644 index 0000000000..dc0211648c --- /dev/null +++ b/doc/credentials/dhparams/rfc5114-group-24-2048.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCQKCAQEAh6jmHbS2Zjz/u9GcZRlZmYzu9ghmDdDyXSzu1ENeOwDgDfjx1hlX +1Pr330VhsqowFsPZETQJb6o79Cltgw6afCCeDGSXUXq9WoqdMGvPZ+2R+eZyW0dY +wCLgse9Cdb97bFv8EdRfkIi5QfVOseWbuLw5oL8SMH9cT9twxYGyP3a2Osrhyqa3 +kC1SUmc1SIoO8TxtmlG/pKs62DR3llJNjvahZ7WkGCXZZ+FE5RQFZCUcysuD5rSG +9rPKP3lxUGAmwLhX9omWKFbe1AEKvQvmIcOjlgpU5xDDdfJjddcBQQOktUMwwZiv +EmEW0iduEXFfaTh3+tfvCcrbCUrpHhoVlwKCAQA/syybcxNNCy53UGZg7b1ITKex +jyHvIFQH9Hk6GguhJRDbwVB3vkY//0/tSqwLtVW+OmwbDGtHsbw3c79+jG9ikBIo ++MKMuxilWuMTQQAKZQGW+THHelfy3fRj5ensFEt3feYqqrioYorDdtKC1u04ZOZ5 +gkKOvIMdFDSPby+Rk7UEWvJ2cWTh38lnwfs/LlWkvRv/6DucgNBSuYXRguoK2yo7 +cxPT/hTISEseBSWIubfSu9LfAWGZ7NBuFVfNCRWzNTu7ZODsN3/QKDcN+StSx4kU +KM3GfrYYS1I9HbJGwy9jB4SQ8A741kfRSNR5VFFeIyfP75jFgmZLTA9sxBZZ +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc7919-ffdhe2048.pem b/doc/credentials/dhparams/rfc7919-ffdhe2048.pem new file mode 100644 index 0000000000..9b182b7201 --- /dev/null +++ b/doc/credentials/dhparams/rfc7919-ffdhe2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc7919-ffdhe3072.pem b/doc/credentials/dhparams/rfc7919-ffdhe3072.pem new file mode 100644 index 0000000000..fb31ccda55 --- /dev/null +++ b/doc/credentials/dhparams/rfc7919-ffdhe3072.pem @@ -0,0 +1,11 @@ +-----BEGIN DH PARAMETERS----- +MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu +N///////////AgEC +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc7919-ffdhe4096.pem b/doc/credentials/dhparams/rfc7919-ffdhe4096.pem new file mode 100644 index 0000000000..ad9f68b1e2 --- /dev/null +++ b/doc/credentials/dhparams/rfc7919-ffdhe4096.pem @@ -0,0 +1,14 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e +8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx +iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K +zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI= +-----END DH PARAMETERS----- + diff --git a/doc/credentials/dhparams/rfc7919-ffdhe6144.pem b/doc/credentials/dhparams/rfc7919-ffdhe6144.pem new file mode 100644 index 0000000000..d8239bb059 --- /dev/null +++ b/doc/credentials/dhparams/rfc7919-ffdhe6144.pem @@ -0,0 +1,19 @@ +-----BEGIN DH PARAMETERS----- +MIIDCAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e +8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx +iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K +zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq +OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE +HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj +w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8 +vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70 +A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO +Zf//////////AgEC +-----END DH PARAMETERS----- diff --git a/doc/credentials/dhparams/rfc7919-ffdhe8192.pem b/doc/credentials/dhparams/rfc7919-ffdhe8192.pem new file mode 100644 index 0000000000..4484cf8853 --- /dev/null +++ b/doc/credentials/dhparams/rfc7919-ffdhe8192.pem @@ -0,0 +1,24 @@ +-----BEGIN DH PARAMETERS----- +MIIECAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e +8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx +iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K +zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq +OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE +HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj +w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8 +vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70 +A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq +qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI +KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C +UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh +e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm +bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh +TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAg== +-----END DH PARAMETERS----- diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 19c205bbe8..252eea0cb4 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -257,6 +257,14 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, } } +#ifdef ENABLE_FIPS140 + if (gnutls_fips140_mode_enabled() && + !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) { + gnutls_assert(); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + } +#endif + if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.params.params[DH_G], data_g, _n_g) != 0) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; diff --git a/lib/dh-primes.c b/lib/dh-primes.c index 5d2dce0fb6..a43a8e5dea 100644 --- a/lib/dh-primes.c +++ b/lib/dh-primes.c @@ -1893,4 +1893,38 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = { }; const unsigned int gnutls_modp_8192_key_bits = 512; +unsigned +_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, + size_t prime_size, + const uint8_t *generator, + size_t generator_size) +{ + static const struct { + const gnutls_datum_t *prime; + const gnutls_datum_t *generator; + } primes[] = { + { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator }, + { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator }, + { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator }, + { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator }, + { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator }, + { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator }, + { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator }, + { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator }, + { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator }, + { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator }, + }; + size_t i; + + for (i = 0; i < sizeof(primes) / sizeof(primes[0]); i++) { + if (primes[i].prime->size == prime_size && + memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 && + primes[i].generator->size == generator_size && + memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) + return 1; + } + + return 0; +} + #endif diff --git a/lib/dh.h b/lib/dh.h index a64a4eb5e8..6724519479 100644 --- a/lib/dh.h +++ b/lib/dh.h @@ -60,4 +60,10 @@ extern const gnutls_datum_t gnutls_modp_2048_group_q; extern const gnutls_datum_t gnutls_modp_2048_group_generator; extern const unsigned int gnutls_modp_2048_key_bits; +unsigned +_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, + size_t prime_size, + const uint8_t *generator, + size_t generator_size); + #endif /* GNUTLS_LIB_DH_H */ diff --git a/tests/Makefile.am b/tests/Makefile.am index 11a083c637..38d691fa3d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -522,6 +522,8 @@ endif dist_check_SCRIPTS += gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh gnutls-cli-rawpk.sh +dist_check_SCRIPTS += dh-fips-approved.sh + if ENABLE_PKCS11 dist_check_SCRIPTS += p11-kit-trust.sh testpkcs11.sh certtool-pkcs11.sh diff --git a/tests/client-sign-md5-rep.c b/tests/client-sign-md5-rep.c index 1c7877fbd5..b1ad46ce92 100644 --- a/tests/client-sign-md5-rep.c +++ b/tests/client-sign-md5-rep.c @@ -468,6 +468,11 @@ void doit(void) int sockets[2]; int err; + /* tls1_hello contains ServerKeyExchange with custom DH + * parameters */ + if (gnutls_fips140_mode_enabled()) + exit(77); + signal(SIGPIPE, SIG_IGN); err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); diff --git a/tests/dh-fips-approved.sh b/tests/dh-fips-approved.sh new file mode 100755 index 0000000000..136dd15f32 --- /dev/null +++ b/tests/dh-fips-approved.sh @@ -0,0 +1,127 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +srcdir="${srcdir:-.}" +SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" +CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem +CA1=${srcdir}/../doc/credentials/x509/ca.pem + +ALLOWED_PARAMS=" +rfc3526-group-14-2048 +rfc3526-group-15-3072 +rfc3526-group-16-4096 +rfc3526-group-17-6144 +rfc3526-group-18-8192 +rfc7919-ffdhe2048 +rfc7919-ffdhe3072 +rfc7919-ffdhe4096 +rfc7919-ffdhe6144 +rfc7919-ffdhe8192 +" + +DISALLOWED_PARAMS=" +rfc2409-group-2-1024 +rfc3526-group-5-1536 +rfc5054-1024 +rfc5054-1536 +rfc5054-2048 +rfc5054-3072 +rfc5054-4096 +rfc5054-6144 +rfc5054-8192 +rfc5114-group-22-1024 +rfc5114-group-23-2048 +rfc5114-group-24-2048 +" + +OPTS="--priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+AES-128-GCM:-GROUP-ALL" + +for params in $ALLOWED_PARAMS; do + echo "Checking with approved DH params: $params" + + PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem + + eval "${GETPORT}" + launch_server $$ ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} + PID=$! + wait_server ${PID} + + ${VALGRIND} "${CLI}" ${OPTS} -p "${PORT}" 127.0.0.1 --verify-hostname=localhost --x509cafile ${CA1} /dev/null || \ + fail ${PID} "handshake should have succeeded!" + + kill ${PID} + wait +done + +for params in $DISALLOWED_PARAMS; do + echo "Checking with non-approved DH params: $params" + + PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem + + eval "${GETPORT}" + launch_server $$ ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} + PID=$! + wait_server ${PID} + + ${VALGRIND} "${CLI}" ${OPTS} -p "${PORT}" 127.0.0.1 --verify-hostname=localhost --x509cafile ${CA1} /dev/null + + RET=$? + + if test $RET -eq 0; then + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1; then + fail ${PID} "handshake should have failed (FIPS mode 1)!" + fi + else + if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then + fail ${PID} "handshake should have succeeded (FIPS mode 0)!" + fi + fi + + kill ${PID} + wait +done + +exit 0 diff --git a/tests/utils.c b/tests/utils.c index 9186a17571..60cd79b359 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -50,47 +50,41 @@ int debug = 0; int error_count = 0; int break_on_error = 0; +/* doc/credentials/dhparams/rfc3526-group-14-2048.pem */ const char *pkcs3 = "-----BEGIN DH PARAMETERS-----\n" - "MIGGAoGAtkxw2jlsVCsrfLqxrN+IrF/3W8vVFvDzYbLmxi2GQv9s/PQGWP1d9i22\n" - "P2DprfcJknWt7KhCI1SaYseOQIIIAYP78CfyIpGScW/vS8khrw0rlQiyeCvQgF3O\n" - "GeGOEywcw+oQT4SmFOD7H0smJe2CNyjYpexBXQ/A0mbTF9QKm1cCAQU=\n" + "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" + "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" + "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" + "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" + "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" + "5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n" "-----END DH PARAMETERS-----\n"; +/* doc/credentials/dhparams/rfc7919-ffdhe2048.pem */ const char *pkcs3_2048 = "-----BEGIN DH PARAMETERS-----\n" - "MIICDgKCAQEAvVNCqM8M9ZoVYBKEkV2KN8ELHHJ75aTZiK9z6170iKSgbITkOxsd\n" - "aBCLzHZd7d6/2aNofUeuWdDGHm73d8v53ma2HRVCNESeC2LKsEDFG9FjjUeugvfl\n" - "zb85TLZwWT9Lb35Ddhdk7CtxoukjS0/JkCE+8RGzmk5+57N8tNffs4aSSHSe4+cw\n" - "i4wULDxiG2p052czAMP3YR5egWvMuiByhy0vKShiZmOy1/Os5r6E/GUF+298gDjG\n" - "OeaEUF9snrTcoBwB4yNjVSEbuAh5fMd5zFtz2+dzrk9TYZ44u4DQYkgToW05WcmC\n" - "+LG0bLAH6lrJR5OMgyheZEo6F20z/d2yyQKCAQEAtzcuTHW61SFQiDRouk6eD0Yx\n" - "0k1RJdaQdlRf6/Dcc6lEqnbezL90THzvxkBwfJ5jG1VZE7JlVCvLRkBtgb0/6SCf\n" - "MATfEKG2JMOnKsJxvidmKEp4uN32LketXRrrEBl7rS+HABEfKAzqx+J6trBaq25E\n" - "7FVJFsyoa8IL8N8YUWwhE2UuEfmiqQQaeoIUYC/xD2arMXn9N0W84Nyy2S9IL4ct\n" - "e3Azi1Wc8MMfpbxxDRxXCnM2uMkLYWs1lQmcUUX+Uygv3P8lgS+RJ1Pi3+BWMx0S\n" - "ocsZXqOr6dbEF1WOLObQRK7h/MZp80iVUyrBgX0MbVFN9M5i2u4KKTG95VKRtgIC\n" - "AQA=\n" "-----END DH PARAMETERS-----\n"; + "MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" + "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==\n" + "-----END DH PARAMETERS-----\n"; +/* doc/credentials/dhparams/rfc7919-ffdhe3072.pem */ const char *pkcs3_3072 = "-----BEGIN DH PARAMETERS-----\n" - "MIIDDgKCAYEAtRUay8nDgwE5dSVzW525wEu/d0vrFolvYJSevxg2myj5S+gr3Fgq\n" - "OGaZc4zrBxkxsELc7GuCqaXSOWL4yobT8N05yGbYWkWRPf4crRMx3P7/Gba9WsmH\n" - "BlL71uPf1IN9CanAlabkhV89RKiYaCpUI19+/sq+N2dO874ToBZCNhxZnTgRZ+po\n" - "Gdr6XWM0lQ8imIKSer0px3ZHI+/5gmyPry35tGpwlbyclJAg3wlTSdnqDcLxq7AF\n" - "OZ23PzC3ij7SFErOX9EFBdS2bjtU47O3OkPc9EIYMEv5nwnXICLHslwVifmURAjV\n" - "LfpObL8LYGN4Gac4tFxuDa0PMg0ES5ADugYBwdRFTAtCy5WOYXINzAAOrH9MommT\n" - "rMkELf7JOCaV2ktBsvTlrgMAXeyqbf2YSG6CGjj4QnUuqPybSgwPru7VlahsS2lo\n" - "qjutBPpgIxS53o97Wi3V5kQedKJiNuIDNnJMFNuTADAM+OYwClTH7ZSwTsxEgVpr\n" - "tMH+WnTI7KTJAoIBgQCrELwIUB4oNbf0x+fIpVndhDpl/WcFc/lDtmiRuym5gWbb\n" - "NPeI+1rdhnS2R3+nCJODFQTcPNMgIJuSu2EnDCSs5xJ2k08SAgSzyxEdjBpY7qJe\n" - "+lJPJ12zhcl0vgcvMhb/YgqVe2MKz0RvnYZPwHM/aJbjYjq/6OpK3fVw4M1ZccBK\n" - "QD4OHK8HOvGU7Wf6kRIcxUlfn15spMCIsrAZQBddWLmQgktsxJNUS+AnaPwTBoOv\n" - "nGCr1vzw8OS1DtS03VCmtqt3otXhJ3D2oCIG6ogxVAKfHR30KIfzZLBfmCjdzHmH\n" - "x4OwYTN1wy5juA438QtiDtcgK60ZqSzQO08ZklRncA/TkkyEH6kPn5KSh/hW9O3D\n" - "KZeAY/KF0/Bc1XNtqPEYFb7Vo3rbTsyjXkICN1Hk9S0OIKL42K7rWBepO9KuddSd\n" - "aXgH9staP0HXCyyW1VAyqo0TwcWDhE/R7IQQGGwGyd4rD0T+ySW/t09ox23O6X8J\n" - "FSp6mOVNcuvhB5U2gW8CAgEA\n" "-----END DH PARAMETERS-----\n"; + "MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" + "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" + "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" + "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu\n" + "N///////////AgEC\n" + "-----END DH PARAMETERS-----\n"; void _fail(const char *format, ...) { -- cgit v1.2.1 From 1bb552b8d33fd361aec8229c396dd74b6170379f Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 21 Jun 2020 16:03:54 +0200 Subject: safe_memcmp: remove in favor of gnutls_memcmp Signed-off-by: Daiki Ueno --- lib/accelerated/x86/aes-xts-x86-aesni.c | 2 +- lib/ext/pre_shared_key.c | 2 +- lib/mem.h | 9 --------- lib/nettle/cipher.c | 8 ++++---- lib/tls13/finished.c | 2 +- lib/x509/x509.c | 3 ++- 6 files changed, 9 insertions(+), 17 deletions(-) diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c index 3371d0812d..b904cbf008 100644 --- a/lib/accelerated/x86/aes-xts-x86-aesni.c +++ b/lib/accelerated/x86/aes-xts-x86-aesni.c @@ -72,7 +72,7 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) /* Check key block according to FIPS-140-2 IG A.9 */ if (_gnutls_fips_mode_enabled()){ - if (safe_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { + if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c index fef67d341c..240be21625 100644 --- a/lib/ext/pre_shared_key.c +++ b/lib/ext/pre_shared_key.c @@ -650,7 +650,7 @@ static int server_recv_params(gnutls_session_t session, } if (_gnutls_mac_get_algo_len(prf) != binder_recvd.size || - safe_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) { + gnutls_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) { gnutls_assert(); ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; goto fail; diff --git a/lib/mem.h b/lib/mem.h index dc838a2b4d..d3eea97a40 100644 --- a/lib/mem.h +++ b/lib/mem.h @@ -35,15 +35,6 @@ char *_gnutls_strdup(const char *); unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size); -/* To avoid undefined behavior when s1 or s2 are null and n = 0 */ -inline static -int safe_memcmp(const void *s1, const void *s2, size_t n) -{ - if (n == 0) - return 0; - return memcmp(s1, s2, n); -} - #define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \ _gnutls_mpi_clear(*mpi); \ _gnutls_mpi_release(mpi); \ diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 69ed70213d..93afca243b 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -396,7 +396,7 @@ _xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, const uint8_t *key) { if (_gnutls_fips_mode_enabled() && - safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) + gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) _gnutls_switch_lib_state(LIB_STATE_ERROR); xts_aes128_set_encrypt_key(xts_key, key); @@ -407,7 +407,7 @@ _xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, const uint8_t *key) { if (_gnutls_fips_mode_enabled() && - safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) + gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) _gnutls_switch_lib_state(LIB_STATE_ERROR); xts_aes128_set_decrypt_key(xts_key, key); @@ -418,7 +418,7 @@ _xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, const uint8_t *key) { if (_gnutls_fips_mode_enabled() && - safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) + gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) _gnutls_switch_lib_state(LIB_STATE_ERROR); xts_aes256_set_encrypt_key(xts_key, key); @@ -429,7 +429,7 @@ _xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, const uint8_t *key) { if (_gnutls_fips_mode_enabled() && - safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) + gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) _gnutls_switch_lib_state(LIB_STATE_ERROR); xts_aes256_set_decrypt_key(xts_key, key); diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c index 68eab993ea..ec646e6732 100644 --- a/lib/tls13/finished.c +++ b/lib/tls13/finished.c @@ -112,7 +112,7 @@ int _gnutls13_recv_finished(gnutls_session_t session) #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) # warning This is unsafe for production builds #else - if (safe_memcmp(verifier, buf.data, buf.length) != 0) { + if (gnutls_memcmp(verifier, buf.data, buf.length) != 0) { gnutls_assert(); ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET; goto cleanup; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 2091f3ae64..2b68fe440e 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -360,7 +360,8 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) } if (empty1 != empty2 || - sp1.size != sp2.size || safe_memcmp(sp1.data, sp2.data, sp1.size) != 0) { + sp1.size != sp2.size || + (sp1.size > 0 && memcmp(sp1.data, sp2.data, sp1.size) != 0)) { gnutls_assert(); ret = GNUTLS_E_CERTIFICATE_ERROR; goto cleanup; -- cgit v1.2.1 From 2a1eced29438fdc4e3d26e7c73afd6639e851e68 Mon Sep 17 00:00:00 2001 From: Steve Lhomme Date: Mon, 22 Jun 2020 09:09:05 +0200 Subject: fix connectx not available on older macOS SDK Fixes this compilation error: system/fastopen.c:134:9: error: 'connectx' is only available on macOS 10.11 or newer [-Werror,-Wunguarded-availability] ret = connectx(fd, &endpoints, SAE_ASSOCID_ANY, CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT, NULL, 0, NULL, NULL); ^~~~~~~~ /Applications/Xcode9.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/socket.h:713:5: note: 'connectx' has been marked as being introduced in macOS 10.11 here, but the deployment target is macOS 10.7.0 The detection is the same as found in curl [1]. If HAVE_BUILTIN_AVAILABLE is not available we fallback to the code without TCP_FASTOPEN_OSX. The OS values match exactly the values found in https://opensource.apple.com/source/xnu/xnu-4570.41.2/bsd/sys/socket.h [1] https://github.com/curl/curl/commit/870d849d48a26b8eeb0d4bb1f4655367a4a191ca Signed-off-by: Steve Lhomme --- lib/system/fastopen.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/system/fastopen.c b/lib/system/fastopen.c index 8d8409e482..bf1ee0929f 100644 --- a/lib/system/fastopen.c +++ b/lib/system/fastopen.c @@ -38,7 +38,9 @@ /* TCP Fast Open on OSX behaves differently from Linux, so define these helpers */ #if defined __APPLE__ && defined __MACH__ && defined CONNECT_DATA_IDEMPOTENT && defined CONNECT_RESUME_ON_READ_WRITE -# define TCP_FASTOPEN_OSX +# if defined __has_builtin && __has_builtin(__builtin_available) +# define TCP_FASTOPEN_OSX +# endif #elif defined TCP_FASTOPEN && defined MSG_FASTOPEN # define TCP_FASTOPEN_LINUX #endif @@ -129,9 +131,15 @@ tfo_writev(gnutls_transport_ptr_t ptr, const giovec_t * iovec, int iovec_cnt) } # elif defined(TCP_FASTOPEN_OSX) { - sa_endpoints_t endpoints = { .sae_dstaddr = (struct sockaddr*)&p->connect_addr, .sae_dstaddrlen = p->connect_addrlen }; + if(__builtin_available(macOS 10.11, iOS 9.0, tvOS 9.0, watchOS 2.0, *)) { + sa_endpoints_t endpoints = { .sae_dstaddr = (struct sockaddr*)&p->connect_addr, .sae_dstaddrlen = p->connect_addrlen }; - ret = connectx(fd, &endpoints, SAE_ASSOCID_ANY, CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT, NULL, 0, NULL, NULL); + ret = connectx(fd, &endpoints, SAE_ASSOCID_ANY, CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT, NULL, 0, NULL, NULL); + } + else + { + ret = connect(fd, (struct sockaddr*)&p->connect_addr, p->connect_addrlen); + } if (errno == ENOTCONN || errno == EINPROGRESS) { gnutls_assert(); errno = EAGAIN; -- cgit v1.2.1 From 0b64ada685f24b0b30aa99f777f0e815736a4012 Mon Sep 17 00:00:00 2001 From: Alexander Sosedkin Date: Fri, 3 Jul 2020 14:54:17 +0200 Subject: tests: split up system-override-sig-hash.sh Split up system-override-sig-hash.sh so that the errors won't get swallowed or conflated. Also correct unused `srcdir` to `builddir`, which I believe was meant to be set there. Signed-off-by: Alexander Sosedkin --- tests/Makefile.am | 3 ++- tests/system-override-hash.sh | 39 ++++++++++++++++++++++++++++ tests/system-override-sig-hash.sh | 54 --------------------------------------- tests/system-override-sig.sh | 40 +++++++++++++++++++++++++++++ 4 files changed, 81 insertions(+), 55 deletions(-) create mode 100755 tests/system-override-hash.sh delete mode 100755 tests/system-override-sig-hash.sh create mode 100755 tests/system-override-sig.sh diff --git a/tests/Makefile.am b/tests/Makefile.am index 38d691fa3d..b04cb081b4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -515,7 +515,8 @@ dist_check_SCRIPTS += fastopen.sh pkgconfig.sh starttls.sh starttls-ftp.sh start server-weak-keys.sh if !DISABLE_SYSTEM_CONFIG -dist_check_SCRIPTS += system-override-sig-hash.sh system-override-versions.sh system-override-invalid.sh \ +dist_check_SCRIPTS += system-override-sig.sh system-override-hash.sh \ + system-override-versions.sh system-override-invalid.sh \ system-override-curves.sh system-override-profiles.sh system-override-tls.sh \ system-override-kx.sh system-override-default-priority-string.sh endif diff --git a/tests/system-override-hash.sh b/tests/system-override-hash.sh new file mode 100755 index 0000000000..cb027c2fad --- /dev/null +++ b/tests/system-override-hash.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${builddir=.} +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-hash = sha256 +insecure-hash = sha512 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${builddir}/system-override-hash" +rc=$? +rm ${TMPFILE} +exit $rc diff --git a/tests/system-override-sig-hash.sh b/tests/system-override-sig-hash.sh deleted file mode 100755 index 37980ec584..0000000000 --- a/tests/system-override-sig-hash.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2019 Nikos Mavrogiannopoulos -# -# Author: Nikos Mavrogiannopoulos -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -srcdir="${srcdir:-.}" -TMPFILE=c.$$.tmp -export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 - -cat <<_EOF_ > ${TMPFILE} -[overrides] - -insecure-hash = sha256 -insecure-hash = sha512 -_EOF_ - -export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" - -${builddir}/system-override-hash - -cat <<_EOF_ > ${TMPFILE} -[overrides] - -insecure-sig-for-cert = rsa-sha256 -insecure-sig = rsa-sha512 -insecure-sig = rsa-sha1 -_EOF_ - -export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" - -${builddir}/system-override-sig -if test $? != 0;then - echo "Could not parse config file" - exit 1 -fi - -exit 0 diff --git a/tests/system-override-sig.sh b/tests/system-override-sig.sh new file mode 100755 index 0000000000..68bf759048 --- /dev/null +++ b/tests/system-override-sig.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${builddir=.} +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-sig-for-cert = rsa-sha256 +insecure-sig = rsa-sha512 +insecure-sig = rsa-sha1 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${builddir}/system-override-sig" +rc=$? +rm ${TMPFILE} +exit $rc -- cgit v1.2.1 From 524b326ef5c9015145d000b48f405a104a0050cb Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Sun, 14 Jun 2020 23:31:27 +0300 Subject: .gitlab-ci: disable config.cache for nettle-master builds Disable usage of config.cache for nettle-master builds. Such config.cache files can easily become stale, thus resulting in build failures. Signed-off-by: Dmitry Baryshkov --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 628dd367b1..1c4160dcf2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -737,7 +737,7 @@ nettle-master.Fedora: - make -j$BUILDJOBS install - popd - SUBMODULE_NOFETCH=1 ./bootstrap - - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-doc --disable-guile + - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-doc --disable-guile - make -j$BUILDJOBS - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$CHECKJOBS check tags: @@ -769,7 +769,7 @@ nettle-master-minigmp.Fedora: - make -j$BUILDJOBS install - popd - SUBMODULE_NOFETCH=1 ./bootstrap - - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-doc --disable-guile --disable-full-test-suite + - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-doc --disable-guile --disable-full-test-suite - make -j$BUILDJOBS - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$CHECKJOBS check tags: -- cgit v1.2.1 From 9e55116c52422093343ec37a5349f693b7f84b73 Mon Sep 17 00:00:00 2001 From: James Bottomley Date: Sun, 28 Jun 2020 21:33:09 +0200 Subject: build: use $(LIBPTHREAD) rather than non-existent $(LTLIBPTHREAD) On a very recent openSUSE build, libgnutls is getting built without libpthread. This caused a thread related error when trying to load a pkcs11 module that uses threading. The reason is rather convoluted: glibc actually controls all the pthread_ function calls, but it returns success without doing anything unless -lpthread is in the link list. What's happening is that gnutls_system_mutex_init() is being called on _gnutls_pkcs11_mutex before library pthreading is initialized, so the pthread_mutex_init ends up being a nop. Then, when the pkcs11 module is loaded, pthreads get initialized and the call to pthread_mutex_lock is real, but errors out on the uninitialized mutex. The problem seems to be that nothing in the gnulib macros gnutls relies on for threading support detection actually sets LTLIBPTHREAD, they only set LIBPTHREAD. The fix is to use LIBPTHREAD in lib/Makefile.in Signed-off-by: James Bottomley --- bootstrap.conf | 4 ++-- lib/Makefile.am | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/bootstrap.conf b/bootstrap.conf index 3abfe10464..f8de3d4be1 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -25,10 +25,10 @@ checkout_only_file= local_gl_dir=gl/override/ required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle devel/libtasn1" -# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca attribute byteswap c-ctype extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf verify vsnprintf warnings +# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca attribute byteswap c-ctype extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat threadlib time_r unistd vasprintf verify vsnprintf warnings gnulib_modules=" -alloca attribute byteswap c-ctype c-strcase extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types time_r unistd valgrind-tests vasprintf verify vsnprintf warnings +alloca attribute byteswap c-ctype c-strcase extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types threadlib time_r unistd valgrind-tests vasprintf verify vsnprintf warnings " unistring_modules=" diff --git a/lib/Makefile.am b/lib/Makefile.am index fa47ac5e62..02504d8d10 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -168,7 +168,13 @@ libgnutls_la_LIBADD += accelerated/libaccelerated.la endif if !WINDOWS -thirdparty_libadd += $(LTLIBPTHREAD) +# p11-kit does not work without threading support: +# https://github.com/p11-glue/p11-kit/pull/183 +if ENABLE_PKCS11 +thirdparty_libadd += $(LIBPMULTITHREAD) +else +thirdparty_libadd += $(LIBPTHREAD) +endif endif if NEEDS_LIBRT -- cgit v1.2.1 From 4eca726fe64c4702748aef964c83d0d4a470b338 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 10 Jul 2020 09:35:49 +0200 Subject: dh: check validity of Z before export SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the calculated shared secret is verified before the data is returned to the caller. This patch adds the validation check. Suggested by Stephan Mueller. Signed-off-by: Daiki Ueno --- lib/nettle/pk.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 57a8560ede..08c7d4860b 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -288,7 +288,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_DH: { bigint_t f, x, q, prime; - bigint_t k = NULL, ff = NULL, r = NULL; + bigint_t k = NULL, primesub1 = NULL, r = NULL; unsigned int bits; if (nonce != NULL) @@ -299,21 +299,20 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, q = priv->params[DH_Q]; prime = priv->params[DH_P]; - ret = _gnutls_mpi_init_multi(&k, &ff, &r, NULL); + ret = _gnutls_mpi_init_multi(&k, &primesub1, &r, NULL); if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_mpi_add_ui(ff, f, 1); + ret = _gnutls_mpi_sub_ui(primesub1, prime, 1); if (ret < 0) { gnutls_assert(); goto dh_cleanup; } - /* check if f==0,1, or f >= p-1. - * or (ff=f+1) equivalently ff==1,2, ff >= p */ - if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) - || (_gnutls_mpi_cmp_ui(ff, 1) == 0) - || (_gnutls_mpi_cmp(ff, prime) >= 0)) { + /* check if f==0,1, or f >= p-1 */ + if ((_gnutls_mpi_cmp_ui(f, 1) == 0) + || (_gnutls_mpi_cmp_ui(f, 0) == 0) + || (_gnutls_mpi_cmp(f, primesub1) >= 0)) { gnutls_assert(); ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; goto dh_cleanup; @@ -354,6 +353,15 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, goto dh_cleanup; } + /* check if k==0,1, or k = p-1 */ + if ((_gnutls_mpi_cmp_ui(k, 1) == 0) + || (_gnutls_mpi_cmp_ui(k, 0) == 0) + || (_gnutls_mpi_cmp(k, primesub1) == 0)) { + gnutls_assert(); + ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + goto dh_cleanup; + } + if (flags & PK_DERIVE_TLS13) { ret = _gnutls_mpi_dprint_size(k, out, @@ -370,7 +378,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, ret = 0; dh_cleanup: _gnutls_mpi_release(&r); - _gnutls_mpi_release(&ff); + _gnutls_mpi_release(&primesub1); zrelease_temp_mpi_key(&k); if (ret < 0) goto cleanup; -- cgit v1.2.1 From 2f6cd079cb6b613bf7906af9e7bdff0e5ec80406 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 10 Jul 2020 09:42:30 +0200 Subject: ecdh: check validity of P before export SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of the calculated shared secret is verified before the data is returned to the caller. This patch adds the validation check. Suggested by Stephan Mueller. Signed-off-by: Daiki Ueno --- lib/nettle/pk.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 08c7d4860b..7f0fa8e032 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -229,25 +229,38 @@ _gost_params_to_pubkey(const gnutls_pk_params_st * pk_params, } #endif -static void +static int ecc_shared_secret(struct ecc_scalar *private_key, struct ecc_point *public_key, void *out, unsigned size) { struct ecc_point r; - mpz_t x; + mpz_t x, y; + int ret = 0; mpz_init(x); + mpz_init(y); ecc_point_init(&r, public_key->ecc); ecc_point_mul(&r, private_key, public_key); - ecc_point_get(&r, x, NULL); + ecc_point_get(&r, x, y); + + /* Check if the point is not an identity element. Note that this cannot + * happen in nettle implementation, because it cannot represent an + * infinity point. */ + if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) { + ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + goto cleanup; + } + nettle_mpz_get_str_256(size, out, x); + cleanup: mpz_clear(x); + mpz_clear(y); ecc_point_clear(&r); - return; + return ret; } #define MAX_DH_BITS DEFAULT_MAX_VERIFY_BITS @@ -423,8 +436,10 @@ dh_cleanup: goto ecc_cleanup; } - ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, - out->size); + ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, + out->size); + if (ret < 0) + gnutls_free(out->data); ecc_cleanup: ecc_point_clear(&ecc_pub); -- cgit v1.2.1 From 5f7b4eb7e8d4d1f8a2fc76fa2b89590958f8187b Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 17 Jul 2020 17:45:17 +0200 Subject: dh-primes: make the FIPS approved check return Q value This is necessary for full public key validation in SP800-56A (revision 3), section 5.6.2.3.1. Signed-off-by: Daiki Ueno --- lib/auth/dh_common.c | 2 +- lib/dh-primes.c | 38 +++++++++++++++++++++++--------------- lib/dh.h | 10 ++++++---- 3 files changed, 30 insertions(+), 20 deletions(-) diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 252eea0cb4..fcd696d4d6 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -259,7 +259,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, #ifdef ENABLE_FIPS140 if (gnutls_fips140_mode_enabled() && - !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) { + !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } diff --git a/lib/dh-primes.c b/lib/dh-primes.c index a43a8e5dea..a440b5b98a 100644 --- a/lib/dh-primes.c +++ b/lib/dh-primes.c @@ -1894,25 +1894,28 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = { const unsigned int gnutls_modp_8192_key_bits = 512; unsigned -_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, - size_t prime_size, - const uint8_t *generator, - size_t generator_size) +_gnutls_dh_prime_match_fips_approved(const uint8_t *prime, + size_t prime_size, + const uint8_t *generator, + size_t generator_size, + uint8_t **q, + size_t *q_size) { static const struct { const gnutls_datum_t *prime; const gnutls_datum_t *generator; + const gnutls_datum_t *q; } primes[] = { - { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator }, - { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator }, - { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator }, - { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator }, - { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator }, - { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator }, - { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator }, - { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator }, - { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator }, - { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator }, + { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator, &gnutls_ffdhe_8192_group_q }, + { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator, &gnutls_ffdhe_6144_group_q }, + { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator, &gnutls_ffdhe_4096_group_q }, + { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator, &gnutls_ffdhe_3072_group_q }, + { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator, &gnutls_ffdhe_2048_group_q }, + { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator, &gnutls_modp_8192_group_q }, + { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator, &gnutls_modp_6144_group_q }, + { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator, &gnutls_modp_4096_group_q }, + { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator, &gnutls_modp_3072_group_q }, + { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator, &gnutls_modp_2048_group_q }, }; size_t i; @@ -1920,8 +1923,13 @@ _gnutls_dh_prime_is_fips_approved(const uint8_t *prime, if (primes[i].prime->size == prime_size && memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 && primes[i].generator->size == generator_size && - memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) + memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) { + if (q) { + *q = primes[i].q->data; + *q_size = primes[i].q->size; + } return 1; + } } return 0; diff --git a/lib/dh.h b/lib/dh.h index 6724519479..f5c2c0924b 100644 --- a/lib/dh.h +++ b/lib/dh.h @@ -61,9 +61,11 @@ extern const gnutls_datum_t gnutls_modp_2048_group_generator; extern const unsigned int gnutls_modp_2048_key_bits; unsigned -_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, - size_t prime_size, - const uint8_t *generator, - size_t generator_size); +_gnutls_dh_prime_match_fips_approved(const uint8_t *prime, + size_t prime_size, + const uint8_t *generator, + size_t generator_size, + uint8_t **q, + size_t *q_size); #endif /* GNUTLS_LIB_DH_H */ -- cgit v1.2.1 From 165ffb4551565013853d0aac57f68cabb0305607 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 17 Jul 2020 17:47:06 +0200 Subject: dh: perform SP800-56A rev3 full pubkey validation on keygen This implements full public key validation required in SP800-56A rev3, section 5.6.2.3.1. Signed-off-by: Daiki Ueno --- lib/nettle/pk.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 7f0fa8e032..057836bc2d 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -71,6 +71,7 @@ #include "int/dsa-compute-k.h" #include #include +#include "dh.h" static inline const struct ecc_curve *get_supported_nist_curve(int curve); static inline const struct ecc_curve *get_supported_gost_curve(int curve); @@ -2131,6 +2132,53 @@ edwards_curve_mul_g(gnutls_pk_algorithm_t algo, } } +static inline int +dh_find_q(const gnutls_pk_params_st *pk_params, mpz_t q) +{ + gnutls_datum_t prime = { NULL, 0 }; + gnutls_datum_t generator = { NULL, 0 }; + uint8_t *data_q; + size_t n_q; + bigint_t _q; + int ret = 0; + + ret = _gnutls_mpi_dprint(pk_params->params[DSA_P], &prime); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(pk_params->params[DSA_G], &generator); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + if (!_gnutls_dh_prime_match_fips_approved(prime.data, + prime.size, + generator.data, + generator.size, + &data_q, + &n_q)) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + + if (_gnutls_mpi_init_scan_nz(&_q, data_q, n_q) != 0) { + ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); + goto cleanup; + } + + mpz_set(q, TOMPZ(_q)); + _gnutls_mpi_release(&_q); + + cleanup: + gnutls_free(prime.data); + gnutls_free(generator.data); + + return ret; +} + /* To generate a DH key either q must be set in the params or * level should be set to the number of required bits. */ @@ -2212,6 +2260,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, mpz_t x, y; int max_tries; unsigned have_q = 0; + mpz_t q; + mpz_t primesub1; + mpz_t ypowq; if (algo != params->algo) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -2229,6 +2280,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, mpz_init(x); mpz_init(y); + mpz_init(q); + mpz_init(primesub1); + mpz_init(ypowq); + max_tries = 3; do { if (have_q) { @@ -2260,8 +2315,40 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, ret = GNUTLS_E_LIB_IN_ERROR_STATE; goto dh_fail; } + } while(mpz_cmp_ui(y, 1) == 0); +#ifdef ENABLE_FIPS140 + if (_gnutls_fips_mode_enabled()) { + /* Perform FFC full public key validation checks + * according to SP800-56A (revision 3), 5.6.2.3.1. + */ + + /* Step 1: 2 <= y <= p - 2 */ + mpz_sub_ui(primesub1, pub.p, 1); + + if (mpz_cmp_ui(y, 2) < 0 || mpz_cmp(y, primesub1) >= 0) { + ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); + goto dh_fail; + } + + /* Step 2: 1 = y^q mod p */ + if (have_q) + mpz_set(q, pub.q); + else { + ret = dh_find_q(params, q); + if (ret < 0) + goto dh_fail; + } + + mpz_powm(ypowq, y, q, pub.p); + if (mpz_cmp_ui(ypowq, 1) != 0) { + ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); + goto dh_fail; + } + } +#endif + ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL); if (ret < 0) { gnutls_assert(); @@ -2278,6 +2365,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, mpz_clear(r); mpz_clear(x); mpz_clear(y); + mpz_clear(q); + mpz_clear(primesub1); + mpz_clear(ypowq); if (ret < 0) goto fail; -- cgit v1.2.1 From a4f5131b4c72f38947befdf5769a632db75e6180 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sat, 18 Jul 2020 08:26:48 +0200 Subject: ecdh: perform SP800-56A rev3 full pubkey validation on keygen This implements full public key validation required in SP800-56A rev3, section 5.6.2.3.3. Signed-off-by: Daiki Ueno --- lib/nettle/pk.c | 182 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 180 insertions(+), 2 deletions(-) diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 057836bc2d..588e9df502 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -1552,6 +1552,80 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve) } } +static inline const char *get_supported_nist_curve_order(int curve) +{ + static const struct { + int curve; + const char *order; + } orders[] = { +#ifdef ENABLE_NON_SUITEB_CURVES + { GNUTLS_ECC_CURVE_SECP192R1, + "ffffffffffffffffffffffff99def836" + "146bc9b1b4d22831" }, + { GNUTLS_ECC_CURVE_SECP224R1, + "ffffffffffffffffffffffffffff16a2" + "e0b8f03e13dd29455c5c2a3d" }, +#endif + { GNUTLS_ECC_CURVE_SECP256R1, + "ffffffff00000000ffffffffffffffff" + "bce6faada7179e84f3b9cac2fc632551" }, + { GNUTLS_ECC_CURVE_SECP384R1, + "ffffffffffffffffffffffffffffffff" + "ffffffffffffffffc7634d81f4372ddf" + "581a0db248b0a77aecec196accc52973" }, + { GNUTLS_ECC_CURVE_SECP521R1, + "1fffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffff" + "ffa51868783bf2f966b7fcc0148f709a" + "5d03bb5c9b8899c47aebb6fb71e91386" + "409" }, + }; + size_t i; + + for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) { + if (orders[i].curve == curve) + return orders[i].order; + } + return NULL; +} + +static inline const char *get_supported_nist_curve_modulus(int curve) +{ + static const struct { + int curve; + const char *order; + } orders[] = { +#ifdef ENABLE_NON_SUITEB_CURVES + { GNUTLS_ECC_CURVE_SECP192R1, + "fffffffffffffffffffffffffffffffe" + "ffffffffffffffff" }, + { GNUTLS_ECC_CURVE_SECP224R1, + "ffffffffffffffffffffffffffffffff" + "000000000000000000000001" }, +#endif + { GNUTLS_ECC_CURVE_SECP256R1, + "ffffffff000000010000000000000000" + "00000000ffffffffffffffffffffffff" }, + { GNUTLS_ECC_CURVE_SECP384R1, + "ffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffe" + "ffffffff0000000000000000ffffffff" }, + { GNUTLS_ECC_CURVE_SECP521R1, + "1ff" + "ffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffff" }, + }; + size_t i; + + for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) { + if (orders[i].curve == curve) + return orders[i].order; + } + return NULL; +} + static inline const struct ecc_curve *get_supported_gost_curve(int curve) { switch (curve) { @@ -2507,6 +2581,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, struct ecc_scalar key; struct ecc_point pub; const struct ecc_curve *curve; + struct ecc_scalar n; + struct ecc_scalar m; + struct ecc_point r; + mpz_t x, y, xx, yy, nn, mm; curve = get_supported_nist_curve(level); if (curve == NULL) @@ -2514,8 +2592,18 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, gnutls_assert_val (GNUTLS_E_ECC_UNSUPPORTED_CURVE); + mpz_init(x); + mpz_init(y); + mpz_init(xx); + mpz_init(yy); + mpz_init(nn); + mpz_init(mm); + ecc_scalar_init(&key, curve); ecc_point_init(&pub, curve); + ecc_scalar_init(&n, curve); + ecc_scalar_init(&m, curve); + ecc_point_init(&r, curve); ecdsa_generate_keypair(&pub, &key, NULL, rnd_func); if (HAVE_LIB_ERROR()) { @@ -2533,15 +2621,105 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, params->curve = level; params->params_nr = ECC_PRIVATE_PARAMS; - ecc_point_get(&pub, TOMPZ(params->params[ECC_X]), - TOMPZ(params->params[ECC_Y])); + ecc_point_get(&pub, x, y); + +#ifdef ENABLE_FIPS140 + if (_gnutls_fips_mode_enabled()) { + /* Perform ECC full public key validation checks + * according to SP800-56A (revision 3), 5.6.2.3.3. + */ + + const char *order, *modulus; + + /* Step 1: verify that Q is not an identity + * element (an infinity point). Note that this + * cannot happen in the nettle implementation, + * because it cannot represent an infinity point + * on curves. */ + if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) { + ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + goto ecc_fail; + } + + /* Step 2: verify that both coordinates of Q are + * in the range [0, p - 1]. + * + * Step 3: verify that Q lie on the curve + * + * Both checks are performed in nettle. */ + if (!ecc_point_set(&r, x, y)) { + ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + goto ecc_fail; + } + + /* Step 4: verify that n * Q, where n is the + * curve order, result in an identity element + * + * Since nettle internally cannot represent an + * identity element on curves, we validate this + * instead: + * + * (n - 1) * Q = -Q + * + * That effectively means: n * Q = -Q + Q = O + */ + order = get_supported_nist_curve_order(level); + if (unlikely(order == NULL)) { + ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + goto ecc_fail; + } + + ret = mpz_set_str(nn, order, 16); + if (unlikely(ret < 0)) { + ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); + goto ecc_fail; + } + + modulus = get_supported_nist_curve_modulus(level); + if (unlikely(modulus == NULL)) { + ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + goto ecc_fail; + } + + ret = mpz_set_str(mm, modulus, 16); + if (unlikely(ret < 0)) { + ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); + goto ecc_fail; + } + + /* (n - 1) * Q = -Q */ + mpz_sub_ui (nn, nn, 1); + ecc_scalar_set(&n, nn); + ecc_point_mul(&r, &n, &r); + ecc_point_get(&r, xx, yy); + mpz_sub (mm, mm, y); + + if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) { + ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + goto ecc_fail; + } + } +#endif + + mpz_set(TOMPZ(params->params[ECC_X]), x); + mpz_set(TOMPZ(params->params[ECC_Y]), y); + ecc_scalar_get(&key, TOMPZ(params->params[ECC_K])); ret = 0; ecc_fail: + mpz_clear(x); + mpz_clear(y); + mpz_clear(xx); + mpz_clear(yy); + mpz_clear(nn); + mpz_clear(mm); ecc_point_clear(&pub); ecc_scalar_clear(&key); + ecc_point_clear(&r); + ecc_scalar_clear(&n); + ecc_scalar_clear(&m); if (ret < 0) goto fail; -- cgit v1.2.1 From b4bfe1a8684015d4a24a29c5d713157044971d0a Mon Sep 17 00:00:00 2001 From: Petr Pavlu Date: Wed, 8 Jul 2020 10:12:30 +0200 Subject: pubkey: avoid spurious audit messages from _gnutls_pubkey_compatible_with_sig() When checking in _gnutls_pubkey_compatible_with_sig() whether a public key is compatible with a signature algorithm, run first pubkey_supports_sig() before performing weaker checks that can accept the given algorithm but with an audit-log warning. This avoids an issue when a weaker check would log an audit message for some signature algorithm that would then be determined as incompatible by the pubkey_supports_sig() check anyway. For instance, a GnuTLS server might have a certificate with a SECP384R1 public key and a client can report that it supports ECDSA-SECP256R1-SHA256 and ECDSA-SECP384R1-SHA384. In such a case, the GnuTLS server will eventually find that it must use ECDSA-SECP384R1-SHA384 with this public key. However, the code would first run _gnutls_pubkey_compatible_with_sig() to check if SECP384R1 is compatible with ECDSA-SECP256R1-SHA256. The function would report the audit warning "The hash size used in signature (32) is less than the expected (48)" but then reject the signature algorithm in pubkey_supports_sig() as incompatible because it has a different curve. Since the algorithm gets rejected it is not necessary to inform about its hash size difference in the audit log. Signed-off-by: Petr Pavlu --- lib/pubkey.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/pubkey.c b/lib/pubkey.c index de95a04c37..6f9d54f119 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -2092,10 +2092,16 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, unsigned int sig_hash_size; const mac_entry_st *me; const gnutls_sign_entry_st *se; + int ret; se = _gnutls_sign_to_entry(sign); - if (se == NULL && _gnutls_version_has_selectable_sighash(ver)) + if (se != NULL) { + ret = pubkey_supports_sig(pubkey, se); + if (ret < 0) + return gnutls_assert_val(ret); + } else if (_gnutls_version_has_selectable_sighash(ver)) { return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + } if (pubkey->params.algo == GNUTLS_PK_DSA) { me = _gnutls_dsa_q_to_hash(&pubkey->params, &hash_size); @@ -2158,9 +2164,6 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, } } - if (se != NULL) - return pubkey_supports_sig(pubkey, se); - return 0; } -- cgit v1.2.1 From 04f26dd85ebe76c4a47afdf169ede4cc8f042e6d Mon Sep 17 00:00:00 2001 From: Steve Lhomme Date: Wed, 15 Jul 2020 09:34:19 +0200 Subject: mangle gnutls-built ecc_scalar_random GNUTLS builds ecc-random.c but ecc_scalar_random() is a public API. So we mangle the internal version we build. ecc_mod_random is unaffected as it's an internal API that is mangled by GNUTLS. Fixes #1016 Signed-off-by: Steve Lhomme --- devel/import-ecc-from-nettle.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/devel/import-ecc-from-nettle.sh b/devel/import-ecc-from-nettle.sh index da121786dd..2ce6285d39 100755 --- a/devel/import-ecc-from-nettle.sh +++ b/devel/import-ecc-from-nettle.sh @@ -202,7 +202,13 @@ for f in $IMPORTS; do ;; */ecc-random.c ) sed \ - -e 's/"nettle-internal\.h"/"nettle-alloca.h"/' \ + -e '/^#include "nettle-internal\.h"/ { i\ +#include "nettle-alloca.h"\ +\ +void gnutls_ecc_scalar_random(struct ecc_scalar *, void *, nettle_random_func *); +; d +}' \ + -e 's/ecc_scalar_random/gnutls_ecc_scalar_random/' \ -e 's/^ & (mpn_sub_n/ \& (int)(mpn_sub_n/' \ $dst > $dst-t && mv $dst-t $dst ;; -- cgit v1.2.1 From 57e6f805f5dbbf4414c72733604d38772c9dcccf Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 12 Aug 2020 07:27:17 +0200 Subject: cert-session: fail hard if mandatory stapling is not honored According to the documentation, the GNUTLS_CERT_INVALID flag must always be set in case of verification failure, together with the flag indicating the actual error cause. Signed-off-by: Daiki Ueno --- lib/cert-session.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/cert-session.c b/lib/cert-session.c index db04a25e5d..97f31597d5 100644 --- a/lib/cert-session.c +++ b/lib/cert-session.c @@ -415,6 +415,7 @@ _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session, if (feature == 5 /* TLS ID for status request */) { /* We sent a status request, the certificate mandates a reply, but we did not get any. */ + *ocsp_status |= GNUTLS_CERT_INVALID; *ocsp_status |= GNUTLS_CERT_MISSING_OCSP_STATUS; break; } -- cgit v1.2.1 From 03a999261937c9d389ad96759ff56efbbb1eb605 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 12 Aug 2020 07:29:30 +0200 Subject: serv, cli: ensure that invalid flag is always set According to the documentation, the GNUTLS_CERT_INVALID flag must always be set in case of verification failure, together with the flag indicating the actual error cause. Signed-off-by: Daiki Ueno --- src/common.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/common.c b/src/common.c index 753481741b..2dc54d09bf 100644 --- a/src/common.c +++ b/src/common.c @@ -282,8 +282,11 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp gnutls_free(out.data); - if (status) + if (status) { + if (!(status & GNUTLS_CERT_INVALID)) + abort(); return 0; + } return 1; } -- cgit v1.2.1 From 8266600c0730dba7dd6d4b2a4083748fa5396e4e Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 12 Aug 2020 08:10:51 +0200 Subject: doc: assorted typo fixes Spotted by codespell. Signed-off-by: Daiki Ueno --- CONTRIBUTING.md | 6 +++--- SECURITY.md | 4 ++-- doc/cha-cert-auth.texi | 2 +- doc/cha-config.texi | 2 +- doc/cha-gtls-app.texi | 2 +- doc/cha-tokens.texi | 2 +- doc/examples/tlsproxy/README.md | 4 ++-- lib/algorithms/ecc.c | 2 +- lib/auth/ecdhe.c | 2 +- lib/dtls.c | 2 +- lib/ext/session_ticket.c | 4 ++-- lib/ext/supported_versions.c | 2 +- lib/gnutls_int.h | 2 +- lib/handshake.c | 2 +- lib/session.c | 2 +- lib/x509/key_encode.c | 2 +- lib/x509/name_constraints.c | 2 +- lib/x509/pkcs7-crypt.c | 4 ++-- src/certtool-args.def | 2 +- src/cli-args.def | 2 +- src/list.h | 2 +- src/tests.c | 4 ++-- tests/logfile-option.sh | 4 ++-- 23 files changed, 31 insertions(+), 31 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 96fb7ff0cc..47037a3dd6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,7 +2,7 @@ Anyone is welcome to contribute to GnuTLS. You can either take up tasks from our [planned list](https://gitlab.com/gnutls/gnutls/milestones), -or suprise us with enhancement we didn't plan for. In all cases be prepared +or surprise us with enhancement we didn't plan for. In all cases be prepared to defend and justify your enhancements, and get through few rounds of changes. @@ -92,7 +92,7 @@ E.g. ```gnutls_x509_crt_get_dn```, refers to the X.509 certificate parsing part of gnutls. Some of the used prefixes are the following. * ```gnutls_x509_crt_``` for the X.509 certificate part - * ```gnutls_session_``` for the TLS session part (but this may be omited) + * ```gnutls_session_``` for the TLS session part (but this may be omitted) * ```gnutls_handshake_``` for the TLS handshake part * ```gnutls_record_``` for the TLS record protocol part * ```gnutls_alert_``` for the TLS alert protocol part @@ -176,7 +176,7 @@ in a way that may break existing applications which use the API in a reasonable way. If the existing function allows flags, then a new flag should be introduced to enable the new behavior. -When it is necessary, or desireable to enable the new features by default +When it is necessary, or desirable to enable the new features by default (e.g., TLS1.3 introduction), the "next" releases should be used (and introduced if necessary), to allow the modification to be tested for an extended amount of time (see the [Release policy](RELEASES.md)). diff --git a/SECURITY.md b/SECURITY.md index b8d055c282..26d3e8457b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -15,7 +15,7 @@ issues are handled with the normal release process. # Committing a fix -The fix when is made available, preferrably within 1 month of the report, +The fix when is made available, preferably within 1 month of the report, is pushed to the repository using a detailed message on all supported branches which are affected. The commit message must refer to the bug report addressed (e.g., our issue tracker or some external issue tracker). @@ -30,7 +30,7 @@ and other relevant parties to the problem. # Releasing Currently our releases are time-based, thus there are no special releases -targetting security fixes. At release time the NEWS entries must reflect +targeting security fixes. At release time the NEWS entries must reflect the issues addressed (also referring to the relevant issue trackers), and security-related entries get assigned a GNUTLS-SA (gnutls security advisory number). The assignment is done at release time at the web repository, in diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index cea30cf465..3f2856f804 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -484,7 +484,7 @@ this functionality completely in 3.6.0. @cindex Raw public-keys There are situations in which a rather large certificate / certificate chain is undesirable or impractical. -An example could be a resource contrained sensor network in which you do want to use authentication of and +An example could be a resource constrained sensor network in which you do want to use authentication of and encryption between your devices but where your devices lack loads of memory or processing power. Furthermore, there are situations in which you don't want to or can't rely on a PKIX. TLS is, next to a PKIX environment, also commonly used with self-signed certificates in smaller deployments where the self-signed certificates diff --git a/doc/cha-config.texi b/doc/cha-config.texi index f094407900..c0f7048fc2 100644 --- a/doc/cha-config.texi +++ b/doc/cha-config.texi @@ -14,7 +14,7 @@ the environment variable @code{GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID} is set to 1, where it would cause the library to exit on unknown options. The location of the default configuration file is @code{/etc/gnutls/config}, -but its actual location may be overriden during compile time or at run-time +but its actual location may be overridden during compile time or at run-time using the @code{GNUTLS_SYSTEM_PRIORITY_FILE} environment variable. The file used can be queried using @funcref{gnutls_get_system_config_file}. diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index ab82f14aad..eb5764b554 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1269,7 +1269,7 @@ with access to priority strings for overriding the default behavior, on configuration files, or other UI. Following such a principle, makes the GnuTLS library as the default settings provider. That is necessary and a good practice, because TLS protocol hardening and -phasing out of legacy algorithms, is easier to co-ordinate when happens +phasing out of legacy algorithms, is easier to coordinate when happens in a single library. @showfuncC{gnutls_set_default_priority,gnutls_set_default_priority_append,gnutls_priority_set_direct} diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index ab7a5fbf32..1ae054045f 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -620,7 +620,7 @@ can access TPM URLs. The registered keys (that are stored in the TPM) can be listed using one of the following functions. Those keys are unfortunately only identified by their UUID and have no label or other human friendly identifier. -Keys can be deleted from permament storage using @funcref{gnutls_tpm_privkey_delete}. +Keys can be deleted from permanent storage using @funcref{gnutls_tpm_privkey_delete}. @showfuncC{gnutls_tpm_get_registered,gnutls_tpm_key_list_deinit,gnutls_tpm_key_list_get_url} diff --git a/doc/examples/tlsproxy/README.md b/doc/examples/tlsproxy/README.md index a34a18c55c..3c7a17fe63 100644 --- a/doc/examples/tlsproxy/README.md +++ b/doc/examples/tlsproxy/README.md @@ -31,7 +31,7 @@ Usage: A TLS client or server proxy Options: - -c, --connect ADDRRESS Connect to ADDRESS + -c, --connect ADDRESS Connect to ADDRESS -l, --listen ADDRESS Listen on ADDRESS -K, --key FILE Use FILE as private key -C, --cert FILE Use FILE as public key @@ -50,4 +50,4 @@ Options: License ======= -MIT \ No newline at end of file +MIT diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index 14351b87ad..917f83a624 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -123,7 +123,7 @@ gnutls_ecc_curve_entry_st ecc_curves[] = { * exchange (CryptoPro-XchA = CryptoPro-A and CryptoPro-XchB = * CryptoPro-C). * - * Then TC26 (Standard comitee working on cryptographic standards) has + * Then TC26 (Standard comittee working on cryptographic standards) has * defined one 256-bit curve (TC26-256-A) and three 512-bit curves * (TC26-512-A, -B, -C). * diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 883f6cd046..9f53b1b053 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -23,7 +23,7 @@ /* This file contains common stuff in Ephemeral Diffie-Hellman (DHE) * and Anonymous DH key exchange(DHA). These are used in the handshake - * procedure of the certificate and anoymous authentication. + * procedure of the certificate and anonymous authentication. */ #include "gnutls_int.h" diff --git a/lib/dtls.c b/lib/dtls.c index f0ded635c0..002c7145ef 100644 --- a/lib/dtls.c +++ b/lib/dtls.c @@ -553,7 +553,7 @@ unsigned _gnutls_record_overhead(const version_entry_st *ver, * This function will return the set size in bytes of the overhead * due to TLS (or DTLS) per record. * - * Note that this function may provide inacurate values when TLS + * Note that this function may provide inaccurate values when TLS * extensions that modify the record format are negotiated. In these * cases a more accurate value can be obtained using gnutls_record_overhead_size() * after a completed handshake. diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 8d4595821a..8f22462fae 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -441,11 +441,11 @@ session_ticket_send_params(gnutls_session_t session, if (ret >= 0) priv = epriv; - /* no previous data. Just advertize it */ + /* no previous data. Just advertise it */ if (ret < 0) return GNUTLS_E_INT_RET_0; - /* previous data had session tickets disabled. Don't advertize. Ignore. */ + /* previous data had session tickets disabled. Don't advertise. Ignore. */ if (session->internals.flags & GNUTLS_NO_TICKETS) return 0; diff --git a/lib/ext/supported_versions.c b/lib/ext/supported_versions.c index 69193b60a3..157a0a77ee 100644 --- a/lib/ext/supported_versions.c +++ b/lib/ext/supported_versions.c @@ -71,7 +71,7 @@ supported_versions_recv_params(gnutls_session_t session, /* do not parse this extension when we haven't TLS1.3 * enabled. That is because we cannot handle earlier protocol - * negotiotation (such as SSL3.0) with this */ + * negotiation (such as SSL3.0) with this */ if (vers && !vers->tls13_sem) return 0; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 4db7a2534d..bb6c197138 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -533,7 +533,7 @@ struct gnutls_key_st { uint8_t ap_rms[MAX_HASH_SIZE]; /* resumption_master_secret */ } tls13; /* tls1.3 */ - /* Folow the SSL3.0 and TLS1.2 key exchanges */ + /* Follow the SSL3.0 and TLS1.2 key exchanges */ struct { /* For ECDH KX */ struct { diff --git a/lib/handshake.c b/lib/handshake.c index 8d58fa48e7..cb215b223c 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2164,7 +2164,7 @@ static int send_client_hello(gnutls_session_t session, int again) } if (session->internals.priorities->min_record_version != 0) { - /* Advertize the lowest supported (SSL 3.0) record packet + /* Advertise the lowest supported (SSL 3.0) record packet * version in record packets during the handshake. * That is to avoid confusing implementations * that do not support TLS 1.2 and don't know diff --git a/lib/session.c b/lib/session.c index 71bcb40515..b9a23e8d02 100644 --- a/lib/session.c +++ b/lib/session.c @@ -100,7 +100,7 @@ gnutls_session_get_data(gnutls_session_t session, * is received by the client. To ensure that such a ticket has been received use * gnutls_session_get_flags() and check for flag %GNUTLS_SFLAGS_SESSION_TICKET; * if this flag is not set, this function will wait for a new ticket within - * an estimated rountrip, and if not received will return dummy data which + * an estimated roundtrip, and if not received will return dummy data which * cannot lead to resumption. * * To get notified when new tickets are received by the server diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index 18668c8ad2..3e9e0466bc 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -562,7 +562,7 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, /* For compatibility per R 1323565.1.023—2018 provide digest OID only * for GOST-2001 keys or GOST-2012 keys with CryptoPro curves. Do not - * set this optional paramter for TC26 curves */ + * set this optional parameter for TC26 curves */ if (params->algo == GNUTLS_PK_GOST_01) oid = HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS; else if (params->algo == GNUTLS_PK_GOST_12_256 && diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index dba2fd4b9f..b93527ee54 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -178,7 +178,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr, /*- * _gnutls_name_constraints_node_free: - * @node: name constriants node + * @node: name constraints node * * Deallocate a list of name constraints nodes starting at the given node. -*/ diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index 274ac14248..d64862df43 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -237,7 +237,7 @@ int _gnutls_pkcs_flags_to_schema(unsigned int flags) * This function will return a human readable description of the * PKCS12 or PBES2 schema. * - * Returns: a constrant string or %NULL on error. + * Returns: a constraint string or %NULL on error. * * Since: 3.4.0 */ @@ -255,7 +255,7 @@ const char *gnutls_pkcs_schema_get_name(unsigned int schema) * This function will return the object identifier of the * PKCS12 or PBES2 schema. * - * Returns: a constrant string or %NULL on error. + * Returns: a constraint string or %NULL on error. * * Since: 3.4.0 */ diff --git a/src/certtool-args.def b/src/certtool-args.def index 645dc563cc..242a01871a 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -1080,7 +1080,7 @@ encryption_key #honor_crq_ext = 2.5.29.17 #honor_crq_ext = 2.5.29.15 -# Path length contraint. Sets the maximum number of +# Path length constraint. Sets the maximum number of # certificates that can be used to certify this certificate. # (i.e. the certificate chain length) #path_len = -1 diff --git a/src/cli-args.def b/src/cli-args.def index 56ae77b077..ac04591325 100644 --- a/src/cli-args.def +++ b/src/cli-args.def @@ -393,7 +393,7 @@ flag = { name = recordsize; arg-type = number; arg-range = "0->4096"; - descrip = "The maximum record size to advertize"; + descrip = "The maximum record size to advertise"; doc = ""; }; diff --git a/src/list.h b/src/list.h index 967eb193e2..1b3c9e4635 100644 --- a/src/list.h +++ b/src/list.h @@ -40,7 +40,7 @@ slow because these operations search all the way through the list. - queues: whats the difference between a queue and a list? + queues: what's the difference between a queue and a list? very little really. The system implemented here is a doubly linked list with previous diff --git a/src/tests.c b/src/tests.c index c7f2662efe..76b896b8fd 100644 --- a/src/tests.c +++ b/src/tests.c @@ -1209,7 +1209,7 @@ test_code_t test_tls1_6_fallback(gnutls_session_t session) return TEST_SUCCEED; } -/* Advertize both TLS 1.0 and SSL 3.0. If the connection fails, +/* Advertise both TLS 1.0 and SSL 3.0. If the connection fails, * but the previous SSL 3.0 test succeeded then disable TLS 1.0. */ test_code_t test_tls_disable0(gnutls_session_t session) @@ -1426,7 +1426,7 @@ void _gnutls_rsa_pms_set_version(gnutls_session_t session, test_code_t test_rsa_pms_version_check(gnutls_session_t session) { int ret; - /* here we use an arbitary version in the RSA PMS + /* here we use an arbitrary version in the RSA PMS * to see whether to server will check this version. * * A normal server would abort this handshake. diff --git a/tests/logfile-option.sh b/tests/logfile-option.sh index 1eb7a492f7..8cd8f9b53f 100755 --- a/tests/logfile-option.sh +++ b/tests/logfile-option.sh @@ -96,7 +96,7 @@ kill ${PID} wait if ! test -f ${TMPFILE1};then - echo "Logfile shoule be created!" + echo "Logfile should be created!" exit 1 fi if test -s ${TMPFILE2};then @@ -150,7 +150,7 @@ kill ${PID} wait if ! test -f ${TMPFILE1};then - echo "Logfile shoule be created!" + echo "Logfile should be created!" exit 1 fi if test -s ${TMPFILE2};then -- cgit v1.2.1 From fd35e0528a64d41f4b94b74e9133d6742349dda3 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 4 Jun 2020 16:42:07 +0200 Subject: _gnutls_fips_mode_enabled: treat selftest failure as FIPS disabled Previously gnutls_fips140_mode_enabled() returned true, even after selftests have failed and the library state has switched to error. While later calls to crypto operations fails, it would be more convenient to have a function to detect that state. Signed-off-by: Daiki Ueno --- lib/fips.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/fips.c b/lib/fips.c index acdd2ec23e..f8b10f7502 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -491,8 +491,17 @@ unsigned gnutls_fips140_mode_enabled(void) #ifdef ENABLE_FIPS140 unsigned ret = _gnutls_fips_mode_enabled(); - if (ret > GNUTLS_FIPS140_DISABLED) + if (ret > GNUTLS_FIPS140_DISABLED) { + /* If the previous run of selftests has failed, return as if + * the FIPS mode is disabled. We could use HAVE_LIB_ERROR, if + * we can assume that all the selftests run atomically from + * the ELF constructor. + */ + if (_gnutls_get_lib_state() == LIB_STATE_ERROR) + return 0; + return ret; + } #endif return 0; } -- cgit v1.2.1 From 055a5e33c7c1157b59396719693127d2a60120a9 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 13 Aug 2020 15:56:20 +0200 Subject: minitasn1: move WARN_CFLAGS setting to configure.ac Some compilers don't support -Wno-type-limits, while they support -Wtype-limits. Signed-off-by: Daiki Ueno --- configure.ac | 1 + lib/minitasn1/Makefile.am | 4 ---- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 25adba492a..df954f0209 100644 --- a/configure.ac +++ b/configure.ac @@ -522,6 +522,7 @@ if test "$gl_gcc_warnings" = yes; then nw="$nw -Wstack-protector" # Some functions cannot be protected nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle) + nw="$nw -Wtype-limits" # Too many warnings in gnulib macros gl_MANYWARN_ALL_GCC([ws]) gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw]) diff --git a/lib/minitasn1/Makefile.am b/lib/minitasn1/Makefile.am index 054de9e3d3..9b6769746d 100644 --- a/lib/minitasn1/Makefile.am +++ b/lib/minitasn1/Makefile.am @@ -27,10 +27,6 @@ AM_CPPFLAGS = -DASN1_BUILDING \ -I$(builddir)/../../gl \ -I$(srcdir)/.. -# Too many warnings from gnulib macros -WARN_CFLAGS += \ - -Wno-type-limits - noinst_LTLIBRARIES = libminitasn1.la libminitasn1_la_SOURCES = libtasn1.h gstr.h int.h parser_aux.h \ -- cgit v1.2.1 From 219904d20f0f20d92fce76eee8f6797e73d0c459 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 16 Aug 2020 18:23:24 +0200 Subject: gnutls_x509_crt_export2: return 0 instead of the length This aligns the behavior to the documentation. Signed-off-by: Daiki Ueno --- lib/x509/x509.c | 13 +++++++++---- tests/mini-x509-2.c | 2 ++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 2b68fe440e..c713f857a0 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -2997,10 +2997,15 @@ gnutls_x509_crt_export2(gnutls_x509_crt_t cert, if (!cert->modified && cert->der.size) { if (format == GNUTLS_X509_FMT_DER) return _gnutls_set_datum(out, cert->der.data, cert->der.size); - else - return _gnutls_fbase64_encode(PEM_X509_CERT2, cert->der.data, - cert->der.size, out); - + else { + int ret = _gnutls_fbase64_encode(PEM_X509_CERT2, + cert->der.data, + cert->der.size, + out); + if (ret < 0) + return ret; + return 0; + } } return _gnutls_x509_export_int2(cert->cert, format, PEM_X509_CERT2, diff --git a/tests/mini-x509-2.c b/tests/mini-x509-2.c index e336af8367..c1bc544e7d 100644 --- a/tests/mini-x509-2.c +++ b/tests/mini-x509-2.c @@ -296,6 +296,7 @@ void start(const char *prio) fail("gnutls_x509_crt_export2: %s\n", gnutls_strerror(ret)); exit(1); } + assert(ret == 0); gnutls_x509_crt_deinit(crt); if (scert.size != mcert->size || memcmp(scert.data, mcert->data, mcert->size) != 0) { @@ -331,6 +332,7 @@ void start(const char *prio) fail("gnutls_x509_crt_export2: %s\n", gnutls_strerror(ret)); exit(1); } + assert(ret == 0); gnutls_x509_crt_deinit(crt); if (ccert.size != mcert->size || memcmp(ccert.data, mcert->data, mcert->size) != 0) { -- cgit v1.2.1 From f936f4fb802f745259f765d69bea05a81fd8ef23 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 13 Aug 2020 18:17:08 +0200 Subject: gnutls_aead_cipher_decrypt: check output buffer size before writing While the documentation of gnutls_aead_cipher_decrypt indicates that the inout argument ptext_len initially holds the size that sufficiently fits the expected output size, there was no runtime check on that. This makes the interface robuster against misuses. Signed-off-by: Daiki Ueno --- lib/nettle/cipher.c | 8 +++++ tests/slow/cipher-api-test.c | 83 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 93afca243b..5e3a06a744 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -1174,6 +1174,10 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx, ctx->cipher->auth(ctx->ctx_ptr, auth_size, auth); encr_size -= tag_size; + + if (unlikely(plain_size < encr_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ctx->cipher->decrypt(ctx, encr_size, plain, encr); ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag); @@ -1183,6 +1187,10 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx, } else { /* CCM-style cipher */ encr_size -= tag_size; + + if (unlikely(plain_size < encr_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ret = ctx->cipher->aead_decrypt(ctx, nonce_size, nonce, auth_size, auth, diff --git a/tests/slow/cipher-api-test.c b/tests/slow/cipher-api-test.c index 17872b7a43..a8e4bbf90a 100644 --- a/tests/slow/cipher-api-test.c +++ b/tests/slow/cipher-api-test.c @@ -198,6 +198,70 @@ static void test_aead_cipher2(int algo) return; } +/* Test whether an invalid call to gnutls_aead_cipher_decrypt() is caught */ +static void test_aead_cipher3(int algo) +{ + int ret; + gnutls_aead_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t auth[32]; + uint8_t ctext[128+32]; + size_t ctext_len; + uint8_t ptext[128]; + size_t ptext_len; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(ptext, 0xfa, sizeof(ptext)); + memset(ctext, 0xfa, sizeof(ctext)); + memset(auth, 0xfb, sizeof(auth)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + ret = + gnutls_aead_cipher_init(&ch, algo, &key); + if (ret < 0) + fail("gnutls_aead_cipher_init failed\n"); /*errcode 1 */ + + ctext_len = sizeof(ctext)-1; + ret = gnutls_aead_cipher_encrypt(ch, iv.data, iv.size, auth, sizeof(auth), + gnutls_cipher_get_tag_size(algo), + ptext, sizeof(ptext)-1, + ctext, &ctext_len); + if (ret < 0) + fail("could not encrypt data\n"); + + ptext_len = 0; + ret = gnutls_aead_cipher_decrypt(ch, iv.data, iv.size, auth, sizeof(auth), + gnutls_cipher_get_tag_size(algo), + ctext, sizeof(ctext)-1, + ptext, &ptext_len); + if (ret >= 0) + fail("succeeded in decrypting data onto a short buffer\n"); + + gnutls_aead_cipher_deinit(ch); + + gnutls_global_deinit(); + return; +} + static void check_status(int status) { if (WEXITSTATUS(status) != 0 || @@ -261,6 +325,25 @@ void start(const char *name, int algo, unsigned aead) test_aead_cipher2(algo); exit(0); } + + /* check test_aead_cipher3 */ + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + wait(&status); + check_status(status); + } else { + test_aead_cipher3(algo); + exit(0); + } } void doit(void) -- cgit v1.2.1 From 97f405f5af3c196a6a72cc876e1f693d3ba1407c Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 16 Aug 2020 11:43:35 +0200 Subject: handshake: check TLS version against modified server priorities The server needs to take into account of multiple factors when determining the TLS protocol version actually being used: - the legacy version - "supported_versions" extension - user_hello_func that may modify the server's priorities Only after that it can check whether the TLS version is enabled in the server's priorities. Signed-off-by: Daiki Ueno --- lib/handshake.c | 12 ++++++++++- tests/post-client-hello-change-prio.c | 39 +++++++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 12 deletions(-) diff --git a/lib/handshake.c b/lib/handshake.c index cb215b223c..b40f84b3d9 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -823,7 +823,17 @@ read_client_hello(gnutls_session_t session, uint8_t * data, return ret; } - _gnutls_handshake_log("HSK[%p]: Selected version %s\n", session, session->security_parameters.pversion->name); + /* Only at this point we know the version we are actually going to use + * ("supported_versions" extension is parsed, user_hello_func is called, + * legacy version negotiation is done). */ + vers = get_version(session); + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + + if (_gnutls_version_priority(session, vers->id) < 0) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + + _gnutls_handshake_log("HSK[%p]: Selected version %s\n", session, vers->name); /* select appropriate compression method */ ret = diff --git a/tests/post-client-hello-change-prio.c b/tests/post-client-hello-change-prio.c index 833a538cf0..be41047a01 100644 --- a/tests/post-client-hello-change-prio.c +++ b/tests/post-client-hello-change-prio.c @@ -43,7 +43,9 @@ const char *override_prio = NULL; static int post_client_hello_callback(gnutls_session_t session) { - assert(gnutls_priority_set_direct(session, override_prio, NULL) >= 0); + if (override_prio) { + assert(gnutls_priority_set_direct(session, override_prio, NULL) >= 0); + } pch_ok = 1; return 0; } @@ -54,7 +56,7 @@ static void tls_log_func(int level, const char *str) } static -void start(const char *name, const char *prio, gnutls_protocol_t exp_version) +void start(const char *name, const char *client_prio, const char *server_prio, int expected) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -83,7 +85,7 @@ void start(const char *name, const char *prio, gnutls_protocol_t exp_version) assert(gnutls_init(&server, GNUTLS_SERVER)>=0); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + assert(gnutls_priority_set_direct(server, server_prio, NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -94,15 +96,24 @@ void start(const char *name, const char *prio, gnutls_protocol_t exp_version) assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + assert(gnutls_priority_set_direct(client, client_prio, NULL)>=0); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); - HANDSHAKE(client, server); + if (expected > 0) { + int ret; - assert(exp_version == gnutls_protocol_get_version(client)); - assert(exp_version == gnutls_protocol_get_version(server)); + HANDSHAKE(client, server); + + ret = gnutls_protocol_get_version(client); + assert(expected == ret); + + ret = gnutls_protocol_get_version(server); + assert(expected == ret); + } else { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + } gnutls_bye(client, GNUTLS_SHUT_RDWR); gnutls_bye(server, GNUTLS_SHUT_RDWR); @@ -124,9 +135,15 @@ void start(const char *name, const char *prio, gnutls_protocol_t exp_version) void doit(void) { override_prio = "NORMAL"; - start("tls1.2-only", "NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_TLS1_2); - start("tls1.3-only", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_TLS1_3); - start("default", "NORMAL", GNUTLS_TLS1_3); + start("tls1.2-only", "NORMAL:-VERS-ALL:+VERS-TLS1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_TLS1_2); + start("tls1.3-only", "NORMAL:-VERS-ALL:+VERS-TLS1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_TLS1_3); + start("default", "NORMAL", "NORMAL", GNUTLS_TLS1_3); + override_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2"; + start("default overriden to TLS1.2-only", "NORMAL", "NORMAL", GNUTLS_TLS1_2); + override_prio = NULL; + start("client tls1.2-only, server tls1.2-disabled", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:-VERS-SSL3.0", -1); override_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2"; - start("default overriden to TLS1.2-only", "NORMAL", GNUTLS_TLS1_2); + start("client tls1.2-only, server tls1.2-disabled initially, but allow it afterwards", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:-VERS-SSL3.0", GNUTLS_TLS1_2); } -- cgit v1.2.1 From b0be5d7c39d4a5f7d29db4630926a4cef7c3edce Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 3 Sep 2020 09:51:16 +0200 Subject: NEWS: Mention 3.6.15 changes Signed-off-by: Daiki Ueno --- NEWS | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/NEWS b/NEWS index 755a67c88c..982c801237 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,33 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2019 Nikos Mavrogiannopoulos See the end for copying conditions. +* Version 3.6.15 (unreleased) + +** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now + indicates that with a false return value (!1306). + +** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked + accordingly to SP800-56A rev 3 (!1295, !1299). + +** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than + the size of the internal base64 blob (#1025). The new behavior aligns to the + existing documentation. + +** libgnutls: Certificate verification failue due to OCSP must-stapling is not + honered is now correctly marked with the GNUTLS_CERT_INVALID flag + (!1317). The new behavior aligns to the existing documentation. + +** libgnutls: The audit log message for weak hashes is no longer printed twice + (!1301). + +** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is + disabled in the priority string. Previously, even when TLS 1.2 is explicitly + disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is + enabled (#1054). + +** API and ABI modifications: +No changes since last version. + * Version 3.6.14 (released 2020-06-03) ** libgnutls: Fixed insecure session ticket key construction, since 3.6.4. -- cgit v1.2.1