From ef44477127952c13e93d7ea88f7b549bf36602f5 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 12 Feb 2018 11:18:06 +0100 Subject: priority: disable the enabled by default RSA-PSS signature algorithms They have been modified in the latest (yet unsupported) TLS 1.3 drafts, so prevent causes interoperability failures by keeping them on. Signed-off-by: Nikos Mavrogiannopoulos --- lib/priority.c | 14 +++++++------- tests/common-cert-key-exchange.c | 6 ++++-- tests/server-multi-keys.sh | 8 +++++--- tests/suite/tls-fuzzer/tls-fuzzer-cert.sh | 4 ++-- tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh | 4 ++-- tests/tls-neg-ext4-key.c | 9 ++++++--- tests/tls12-cert-key-exchange.c | 2 +- 7 files changed, 27 insertions(+), 20 deletions(-) diff --git a/lib/priority.c b/lib/priority.c index ff49875e7b..6019321405 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2004-2015 Free Software Foundation, Inc. - * Copyright (C) 2015-2017 Red Hat, Inc. + * Copyright (C) 2015-2018 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -376,9 +376,9 @@ static const int _sign_priority_default[] = { GNUTLS_SIGN_ECDSA_SHA1, /* added on the final position for compatibility purposes */ - GNUTLS_SIGN_RSA_PSS_SHA256, + /*GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_RSA_PSS_SHA384, - GNUTLS_SIGN_RSA_PSS_SHA512, + GNUTLS_SIGN_RSA_PSS_SHA512,*/ GNUTLS_SIGN_EDDSA_ED25519, 0 @@ -407,9 +407,9 @@ static const int _sign_priority_secure128[] = { GNUTLS_SIGN_ECDSA_SHA512, /* added on the final position for compatibility purposes */ - GNUTLS_SIGN_RSA_PSS_SHA256, + /*GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_RSA_PSS_SHA384, - GNUTLS_SIGN_RSA_PSS_SHA512, + GNUTLS_SIGN_RSA_PSS_SHA512,*/ GNUTLS_SIGN_EDDSA_ED25519, 0 @@ -423,8 +423,8 @@ static const int _sign_priority_secure192[] = { GNUTLS_SIGN_ECDSA_SHA512, /* added on the final position for compatibility purposes */ - GNUTLS_SIGN_RSA_PSS_SHA384, - GNUTLS_SIGN_RSA_PSS_SHA512, + /*GNUTLS_SIGN_RSA_PSS_SHA384, + GNUTLS_SIGN_RSA_PSS_SHA512,*/ 0 }; static const int* sign_priority_secure192 = _sign_priority_secure192; diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c index 6708d34348..e36e32cbca 100644 --- a/tests/common-cert-key-exchange.c +++ b/tests/common-cert-key-exchange.c @@ -101,7 +101,8 @@ void try_with_key(const char *name, const char *client_prio, gnutls_kx_algorithm gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); gnutls_priority_set_direct(server, - "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", + /*"NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519",*/ + "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -269,7 +270,8 @@ void dtls_try_with_key_mtu(const char *name, const char *client_prio, gnutls_kx_ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); gnutls_priority_set_direct(server, - "NORMAL:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519", + /*"NORMAL:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519",*/ + "NORMAL:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); diff --git a/tests/server-multi-keys.sh b/tests/server-multi-keys.sh index 25ab601a13..f72d2b18e2 100755 --- a/tests/server-multi-keys.sh +++ b/tests/server-multi-keys.sh @@ -59,18 +59,20 @@ CERT3=${srcdir}/../doc/credentials/x509/cert-rsa-pss.pem CAFILE=${srcdir}/../doc/credentials/x509/ca.pem TMPFILE=outcert.$$.tmp +PRIO_ADD=":+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512" + eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ +launch_server $$ --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA${PRIO_ADD}" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} PID=$! wait_server ${PID} timeout 1800 datefudge "2017-08-9" \ -"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA" /dev/null 2>&1 if test $? != 0;then - PRIORITY="NORMAL:+ARCFOUR-128:%VERIFY_ALLOW_SIGN_WITH_SHA1:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0" + PRIORITY="NORMAL:+ARCFOUR-128:%VERIFY_ALLOW_SIGN_WITH_SHA1:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+VERS-SSL3.0" fi TLS_PY=./tlslite-ng/scripts/tls.py diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh index 62d75344f7..d3cfec2070 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh @@ -49,10 +49,10 @@ wait_for_free_port $PORT retval=0 -PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0" +PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:-CURVE-SECP192R1:+VERS-SSL3.0" ${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1 if test $? != 0;then - PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0" + PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-DSA-SHA1:+VERS-SSL3.0" fi TLS_PY=./tlslite-ng/scripts/tls.py diff --git a/tests/tls-neg-ext4-key.c b/tests/tls-neg-ext4-key.c index b916294d3e..1ee12d7ae4 100644 --- a/tests/tls-neg-ext4-key.c +++ b/tests/tls-neg-ext4-key.c @@ -228,7 +228,8 @@ void try_with_key(const char *name, const char *client_prio, s_xcred); gnutls_priority_set_direct(server, - "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", + /*"NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519",*/ + "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -387,7 +388,8 @@ static const test_st tests[] = { }, {.name = "rsa-pss-sign key", .pk = GNUTLS_PK_RSA_PSS, - .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + /*.prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2",*/ .cert = &server_ca3_rsa_pss2_cert, .key = &server_ca3_rsa_pss2_key, .sig = GNUTLS_SIGN_RSA_PSS_SHA256, @@ -395,7 +397,8 @@ static const test_st tests[] = { }, {.name = "rsa-pss cert, rsa-sign key", /* we expect the server to refuse negotiating */ .pk = GNUTLS_PK_RSA, - .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + /*.prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2",*/ .cert = &server_ca3_rsa_pss_cert, .key = &server_ca3_rsa_pss_key, .exp_kx = GNUTLS_KX_ECDHE_RSA, diff --git a/tests/tls12-cert-key-exchange.c b/tests/tls12-cert-key-exchange.c index 497c8aee3c..8f7a9fe3f6 100644 --- a/tests/tls12-cert-key-exchange.c +++ b/tests/tls12-cert-key-exchange.c @@ -50,7 +50,7 @@ void doit(void) try("TLS 1.2 with ecdhe rsa-pss sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN); /* Test RSA-PSS cert/key combo issues */ - try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0); try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and 1 sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0); -- cgit v1.2.1