[gnutls-devel] GnuTLS | server auth: disable TLS 1.3 if no signature algorithm is usable (!987)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed May 1 20:39:27 CEST 2019

Merge request https://gitlab.com/gnutls/gnutls/merge_requests/987 was reviewed by Nikos Mavrogiannopoulos

Nikos Mavrogiannopoulos started a new discussion on lib/auth.c: https://gitlab.com/gnutls/gnutls/merge_requests/987#note_165946553

>  		bool allow_tls13 = 0;
>  		unsigned key_usage;
> +		const gnutls_sign_algorithm_t *sign_algos = gnutls_sign_list();

this is not a thread safe function to call here. I just checked its documentation and it does not seem to mention that fact.

Nikos Mavrogiannopoulos started a new discussion on lib/auth.c: https://gitlab.com/gnutls/gnutls/merge_requests/987#note_165946554

> -					break;
> +					/* check if the private key is usable for signing in TLS 1.3 */
> +					if (session->security_parameters.entity == GNUTLS_SERVER) {

While that is generic and correct, isn't it an overkill to do for all private keys, and iterate over all signature algorithms? Isn't the problematic case we want to catch, related to RSA private keys? If yes, then what if we only check for them with a fixed RSA-PSS signature?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/987
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190501/655af147/attachment.html>

More information about the Gnutls-devel mailing list