From gnutls-devel at lists.gnutls.org Thu Jul 1 06:09:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Jul 2021 04:09:45 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: add option to skip the duplicate modules check (!1252) In-Reply-To: References: Message-ID: GnuTLS bot commented: @dueno This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1252#note_615951793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 1 06:09:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Jul 2021 04:09:45 +0000 Subject: [gnutls-devel] GnuTLS | build: remove procedual macros either by inlining or rewriting as inline functions (!1391) In-Reply-To: References: Message-ID: GnuTLS bot commented: @dueno This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1391#note_615951787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 1 06:09:46 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Jul 2021 04:09:46 +0000 Subject: [gnutls-devel] GnuTLS | WIP: CMS support (RFC 5652) (!1248) In-Reply-To: References: Message-ID: GnuTLS bot commented: @lumag This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1248#note_615951799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 1 06:09:46 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Jul 2021 04:09:46 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: add option to skip the duplicate modules check (!1252) In-Reply-To: References: Message-ID: Merge request !1252 was closed by GnuTLS bot Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1252 Branches: tmp-pkcs11-reject-duplicate-modules to master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 1 06:09:46 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Jul 2021 04:09:46 +0000 Subject: [gnutls-devel] GnuTLS | WIP: CMS support (RFC 5652) (!1248) In-Reply-To: References: Message-ID: Merge request !1248 was closed by GnuTLS bot Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1248 Branches: tmp-cms-support to master Author: Dmitry Baryshkov Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1248 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 1 06:09:44 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Jul 2021 04:09:44 +0000 Subject: [gnutls-devel] GnuTLS | build: remove procedual macros either by inlining or rewriting as inline functions (!1391) In-Reply-To: References: Message-ID: Merge request !1391 was closed by GnuTLS bot Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1391 Project:Branches: dueno/gnutls:wip/dueno/no-loop-macro to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1391 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 5 22:11:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Jul 2021 20:11:26 +0000 Subject: [gnutls-devel] GnuTLS | disabling client initiated renegotiation, disabling all renegotiation (#1252) References: Message-ID: John created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1252 RFC5746 (2010) paragraph 5. Security Considerations:\ "Many servers can mitigate this attack simply by refusing to renegotiate at all."\ "TLS implementations SHOULD provide a mechanism to disable and enable renegotiation." Users do not seem to have this option (e.g. %DISABLE_RENEGOTIATION). After RFC 5746 was published, DoS attacks, tools and papers were published regarding abuse of TLS renegotiation. Guidelines from security institutes call for disabling of client initiated renegotiation on servers to protect against attacks known and unknown. Users should have the option to do this. (e.g. %DISABLE_CLIENT_RENEGOTIATION). Servers do not need renegotiation when TLS sessions are short lived, for example small mail servers. Requested:\ %DISABLE_RENEGOTIATION: disable all renegotiation\ %DISABLE_CLIENT_RENEGOTIATION: disable all client initiated renegotiation Existing related settings:\ %PARTIAL_RENEGOTIATION [default]: allows safe renegotiation only (RFC5746)\ %DISABLE_SAFE_RENEGOTIATION: disable safe renegotiation extension (RFC5746)\ %UNSAFE_RENEGOTIATION: allow non-safe renegotiation (RFC5746) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 8 14:32:25 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Jul 2021 12:32:25 +0000 Subject: [gnutls-devel] GnuTLS | --enable-valgrind-tests broke in 3.7.2, can't open suppressions file, leads to valgrind not invoked (#1253) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1253 ## Description of problem: `./configure` now considers valgrind unusable, test suite proceeds not to invoke it ## Version of gnutls used: 3.7.2 / b7635d4ecd / c70941cea7 ## Distributor of gnutls: I'm building from tarball / git checkout on Fedora 34 ## How reproducible: always ## Steps to Reproduce (release tarball): ``` # clean Fedora VM dnf builddep -y gnutls dnf install -y git-core patch wget autogen gperf libtool valgrind valgrind-devel libev-devel wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz tar xf gnutls-*.tar.xz; rm gnutls-*.tar.xz cd gnutls* ./configure --enable-valgrind-tests ``` ## Steps to Reproduce (which I've used for git bisection): ``` # clean Fedora VM dnf builddep -y gnutls dnf install -y git-core patch wget autogen gperf libtool valgrind valgrind-devel libev-devel git clone --depth=1000 https://gitlab.com/gnutls/gnutls cd gnutls #git checkout $commit ./bootstrap ./configure --enable-valgrind-tests ``` ## Actual results (3.7.2 tarball; b7635d4ecd and several newer commits): ``` checking for valgrind... valgrind checking for valgrind options for tests... ==10087== FATAL: can't open suppressions file "\$(srcdir)/suppressions.valgrind" no checking whether valgrind works on executables produced by the compiler... no ``` valgrind is subsequently not used for running the tests ## Expected results (3.7.1 tarball): ``` checking for valgrind... valgrind checking for valgrind options for tests... -q --error-exitcode=1 --leak-check=full --track-origins=yes --gen-suppressions=all --suppressions=$(srcdir)/suppressions.valgri nd ``` valgrind is used when running the tests ## Additional info: * `SUBMODULE_NOFETCH=1 ./bootstrap`, which I see in gitlab CI logs, seems to alleviate the problem * b7635d4ecd looks like it introduces the issue, or at least part of it -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1253 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 10 09:32:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 10 Jul 2021 07:32:19 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_get_state() doesn't report EncryptThenMac status (#1250) In-Reply-To: References: Message-ID: Daiki Ueno commented: Wouldn't that be possible with a separate call to `gnutls_session_etm_status`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1250#note_623067294 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 13 15:10:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 13 Jul 2021 13:10:41 +0000 Subject: [gnutls-devel] GnuTLS | ktls: basic implementation of SW mode (!1451) References: Message-ID: Franti?ek Kren?elok created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 Project:Branches: FrantisekKrenzelok/gnutls:ktls to gnutls/gnutls:master Author: Franti?ek Kren?elok kernel-side TLS record encryption offloading, [issue](https://gitlab.com/gnutls/gnutls/-/issues/1113#note_579764621) ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 13 22:53:49 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 13 Jul 2021 20:53:49 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_ocsp_resp_verify() requires signer in trust list to have id-kp-OCSPSigning (#1254) References: Message-ID: Airtower created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1254 ## Description of problem: While [debugging issues when using mod_gnutls with Let's Encrypt certificates](https://github.com/airtower-luna/mod_gnutls/pull/4) I noticed that `gnutls_ocsp_resp_verify()` considers OCSP responses invalid if they're signed directly by a CA on the trust list (as Let's Encrypt does) instead of using a delegated signer. This is because `gnutls_ocsp_resp_verify()` requires the id-kp-OCSPSigning key purpose unconditionally. According to [RFC 6960, Section 4.2.2.2](https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.2.2) the id-kp-OCSPSigning key purpose is only needed for a delegated signer, not the CA certificate that issued the certificate being checked, or a signer explicitly declared as trusted. ## Version of gnutls used: * 3.7.1 (from Ubuntu) * GnuTLS `master` as of c70941cea73cb38e0d27395e63aafca12dac9a72 ## How reproducible: The attached files contain a trust list (root and intermediate CA, [trust.pem](/uploads/d544e60c477309f3fe3e6647ede1476e/trust.pem)), an OCSP response signed directly by the intermediate CA ([response-ca.der](/uploads/f6d145b7380a647689fda4e42e964f45/response-ca.der)), and an OCSP response signed by a delegated signer signed by the intermediate CA ([response-delegated.der](/uploads/31b7ef44312c611a6a77d97947735f11/response-delegated.der)). Both responses are for a certificate issued by the intermediate CA. Steps to Reproduce: * datefudge --static "2021-07-14 00:00" ocsptool --infile=response-ca.der --verify-response --load-trust=trust.pem * datefudge --static "2021-07-14 00:00" ocsptool --infile=response-delegated.der --verify-response --load-trust=trust.pem ## Actual results: The first verification fails with "Signer cert keyusage error", the second succeeds. ## Expected results: Both responses should be considered valid. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1254 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 14 00:26:40 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 13 Jul 2021 22:26:40 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_ocsp_resp_verify: Check key purpose if signer not on trust list (!1452) References: Message-ID: Airtower created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1452 Project:Branches: airtower-luna/gnutls:fix-ocsp-signer-check to gnutls/gnutls:master Author: Airtower According to [RFC 6960, section 4.2.2.2](https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.2.2) the id-kp-OCSPSigning key purpose is only needed for delegated signers, not signers explicitly set as trusted. The previous code would reject a signature directly from a CA on the trust list (without delegation) because the CA certificate didn't contain the id-kp-OCSPSigning key purpose. The included tests check: 1. Is a signature directly from a CA on the trust list accepted? 2. Is a signature from a delegated signer issued by a CA on the trust list accepted? 3. Is a signature from a certificate without id-kp-OCSPSigning issued by a CA on the trust list rejected? Note that the CA in these tests is also the one that issued the certificate the OCSP response is for, but the code (current and previous) doesn't enforce this. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1452 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 14 16:16:16 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Jul 2021 14:16:16 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_ocsp_resp_verify: Check key purpose if signer not on trust list (!1452) In-Reply-To: References: Message-ID: Merge request !1452 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1452 Project:Branches: airtower-luna/gnutls:fix-ocsp-signer-check to gnutls/gnutls:master Author: Airtower Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1452 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 14 16:16:48 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Jul 2021 14:16:48 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_ocsp_resp_verify: Check key purpose if signer not on trust list (!1452) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks great, thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1452#note_626339288 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 14 16:16:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Jul 2021 14:16:55 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_ocsp_resp_verify() requires signer in trust list to have id-kp-OCSPSigning (#1254) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1452 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1452) Issue #1254: https://gitlab.com/gnutls/gnutls/-/issues/1254 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1254 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 14 16:16:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Jul 2021 14:16:55 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_ocsp_resp_verify: Check key purpose if signer not on trust list (!1452) In-Reply-To: References: Message-ID: Merge request !1452 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1452 Project:Branches: airtower-luna/gnutls:fix-ocsp-signer-check to gnutls/gnutls:master Author: Airtower Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1452 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 19 11:13:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Jul 2021 09:13:00 +0000 Subject: [gnutls-devel] GnuTLS | ktls: basic implementation of SW mode (!1451) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_629865974 > +#include "config.h" Please add license header. -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_629865983 > + *record_type = *((unsigned char *)CMSG_DATA(hdr)); > + } else { > + *record_type = 23; Let's use `GNUTLS_APPLICATION_DATA` instead of hard coding 23. -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_629865990 > + > +int _gnutls_ktls_enable(gnutls_session_t session){ > + return 0; In this part, we could return `GNUTLS_E_UNIMPLEMENTED_FEATURE`. -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_629865996 > + (sockin != sockout && > + setsockopt (sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0)) { > + return 0; Let's return a meaningful error instead of 0 or 1. I.e., return 0 on success, `GNUTLS_E_*` on failure. -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_629866000 > + gnutls_transport_get_int2 (session, &sockin, &sockout); > + > + while (data_size > 0) { I guess this would need a bit more thinking, so it works also in a non-blocking mode. Maybe we eventually need a send (and receive) queue in session, using the `mbuffer_st` stuff. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 21 10:38:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Jul 2021 08:38:03 +0000 Subject: [gnutls-devel] GnuTLS | fips: allow arbitrary key size >= 2048 for RSA (!1453) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-key-size to gnutls/gnutls:master Author: Daiki Ueno There is no longer a requirement where the size of RSA modulus is either 2048 or 3072 bits as long as it is >= 2048 bits. Suggested by Stephan Mueller. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 22 20:08:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Jul 2021 18:08:42 +0000 Subject: [gnutls-devel] libtasn1 | doc: Improve GTK-DOC manual. Closes: #35. (!83) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/83 Branches: tmp-gtkdoc-fixes to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/83 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 22 20:09:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Jul 2021 18:09:03 +0000 Subject: [gnutls-devel] libtasn1 | doc: Improve GTK-DOC manual. Closes: #35. (!83) In-Reply-To: References: Message-ID: Merge request !83 was scheduled to merge after pipeline succeeds by Simon Josefsson Merge request url: https://gitlab.com/gnutls/libtasn1/-/merge_requests/83 Branches: tmp-gtkdoc-fixes to master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/83 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 22 22:26:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Jul 2021 20:26:45 +0000 Subject: [gnutls-devel] GnuTLS | Certificate is considered as invalid if trust store contains CA cert with duplicating extensions (#1255) References: Message-ID: Roman Kulikov created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1255 ## Description of problem: gnutls treats certificates as invalid if trust store contains a cert with duplicating extensions. It looks like in a such case when gnutls loads certs from trust store and meets one with duplicating extensions it aborts the whole load and finally has zero trusted CA certs for verification procedure. I hit this problem after the recent update of Homebrew on my macOS 11.4 when openconnect which uses gnutls stopped connecting to VPN server. Digging deeper showed that trust store was rebuilt with System keychain which contains "com.apple.kerberos.kdc" certificate with two "Extended Key Usage" extensions on my system. ## Version of gnutls used: 3.6.16 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Homebrew (macOS 11.4) ## How reproducible: Here I'm using gnutls repository as a source of certificates. And gnutls-certtool binary from Homebrew installation. Steps to Reproduce: * Checkout gnutls repo ``` $ git clone https://github.com/gnutls/gnutls.git && cd gnutls ``` * Generate test certificate ``` $ gnutls-certtool --generate-privkey --bits 4096 --outfile test.key ** Note: You may use '--sec-param High' instead of '--bits 4096' Generating a 4096 bit RSA private key... $ gnutls-certtool --generate-certificate --load-ca-certificate tests/ocsp-tests/certs/ca.pem --load-ca-privkey tests/ocsp-tests/certs/ca.key --load-privkey test.key --outfile test.pem Generating a signed certificate... Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. Common name: test UID: Organizational unit name: test Organization name: test Locality name: State or province name: Country name (2 chars): Enter the subject's domain component (DC): This field should not be used in new certificates. E-mail: Enter the certificate's serial number in decimal (123) or hex (0xabcd) (default is 0x0410fb0070d12440dfb74d2b867ac95584006b7d) value: Activation/Expiration time. The certificate will expire in (days): 1 Extensions. Does the certificate belong to an authority? (y/N): N Is this a TLS web client certificate? (y/N): N Will the certificate be used for IPsec IKE operations? (y/N): N Is this a TLS web server certificate? (y/N): y Enter a dnsName of the subject of the certificate: test Enter an additional dnsName of the subject of the certificate: Enter a URI of the subject of the certificate: Enter the IP address of the subject of the certificate: Will the certificate be used for signing (DHE ciphersuites)? (Y/n): n Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): n Will the certificate be used for data encryption? (y/N): N Will the certificate be used to sign OCSP requests? (y/N): N Will the certificate be used to sign code? (y/N): Will the certificate be used for time stamping? (y/N): N Will the certificate be used for email protection? (y/N): N <...skipped...> Signing certificate... ``` * Test new cert is ok: ``` $ cp tests/ocsp-tests/certs/ca.pem trust-store.pem $ gnutls-certtool --load-ca-certificate trust-store.pem --verify --infile test.pem Loaded CAs (1 available) Subject: O=test,OU=test,CN=test Issuer: CN=Testing Authority Checked against: CN=Testing Authority Signature algorithm: RSA-SHA256 Output: Verified. The certificate is trusted. Chain verification output: Verified. The certificate is trusted. ``` * Add certificate with duplicating extensions to trust store and check our cert: ``` $ cat tests/cert-tests/data/dup-exts.pem >>trust-store.pem $ gnutls-certtool --load-ca-certificate trust-store.pem --verify --infile test.pem ``` ## Actual results: Test certificate is considered invalid: ``` Note that no verification profile was selected. In the future the medium profile will be enabled by default. Use --verify-profile low to apply the default verification of NORMAL priority string. gnutls_x509_trust_add_trust_file: Duplicate extension in X.509 certificate. ``` ## Expected results: Test certificate is considered valid because trust store does contain proper valid CA certificate. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1255 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 27 07:10:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jul 2021 05:10:45 +0000 Subject: [gnutls-devel] GnuTLS | pk: remove unnecessary constant-time protection for RSA decryption (!1454) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1454 Project:Branches: dueno/gnutls:wip/dueno/unnecessary-ct to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1454 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 27 07:35:31 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jul 2021 05:35:31 +0000 Subject: [gnutls-devel] GnuTLS | pk: remove unnecessary constant-time protection for RSA decryption (!1454) In-Reply-To: References: Message-ID: Daiki Ueno commented: cc @tomato42 @simo5, as discussed yesterday. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1454#note_636076927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 27 10:17:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jul 2021 08:17:03 +0000 Subject: [gnutls-devel] GnuTLS | pk: remove unnecessary constant-time protection for RSA decryption (!1454) In-Reply-To: References: Message-ID: Simo Sorce commented: I do not see why you would remove this protection. Yesterday we discussed that the random function is ok as is, but I do not recall any discussion on the rest. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1454#note_636200210 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 27 10:28:40 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jul 2021 08:28:40 +0000 Subject: [gnutls-devel] GnuTLS | pk: remove unnecessary constant-time protection for RSA decryption (!1454) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1454#note_636214821 Doesn't the reasoning in the commit message (which I copied to the description) tell enough? While it's ok for the users, as a developer I worry that it blurs the line between what we want to protect and what not. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1454#note_636214821 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 27 11:24:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jul 2021 09:24:42 +0000 Subject: [gnutls-devel] GnuTLS | pk: remove unnecessary constant-time protection for RSA decryption (!1454) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1454 was reviewed by Simo Sorce -- Simo Sorce commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1454#note_636272725 The patch remove a lot more than the protection in case HAVE_LIB_ERROR is returned. It also introduces a conditional in checking the actual return of rsa_sec_decrypt() by adding a whole call to gnutls_assert_val on decryption error. This then invalidates the constant time protections in proc_rsa_client_kx() when gnutls_privkey_decrypt_data2() is called. I say this is a NACK. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1454 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 27 15:24:11 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jul 2021 13:24:11 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_get_state() doesn't report EncryptThenMac status (#1250) In-Reply-To: References: Message-ID: David Woodhouse commented: Ah yes, that ought to work. Now, how many users of ktls and gnutls_record_get_state() are going to get *that* right? :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1250#note_636521421 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 27 15:37:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jul 2021 13:37:59 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hash_copy() fails on SHA384 after gnutls_hash_output(). (#1257) References: Message-ID: David Woodhouse created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1257 In order to support TLSv1.3 with TPM-based keys (cf. #1235) I implemented RSA-PSS padding in my *application*: https://gitlab.com/openconnect/openconnect/-/commit/ff367965fcc13f6c1ba7fbda7a49d1467f1b39de After generating the initial hash `M'` from `( 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | mHash | Salt )` we then repeatedly generate hashes of `( M' | C )` where C is an incrementing 32-bit big-endian counter. Instead of *repeatedly* feeding `M'` into the hash function, I chose to use `gnutls_hash_copy()` from a context where `M'` had already been hashed. Then each time round the loop it's just `gnutls_hash_copy()`, `gnutls_hash()` to add the four bytes of `C`, and `gnutls_hash_deinit()` of the copy. This appears to work for SHA256 and SHA512, but fails for SHA384. It seems to have something to do with the fact that the hash context has already been used (to create `M'`). I thought that `gnutls_hash_output()` was supposed to reset it and leave it ready for re-use, but apparently not; calling `gnutls_hash_deinit()` and `gnutls_hash_init()` again does seem to reset it *harder* and make it work. Tested with gnutls-3.6.16-1.fc33.x86_64 Test case: ```C # #include #include #include #include #include #include #define SHA512_SIZE 64 static unsigned char mHash[SHA512_SIZE] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }; static unsigned char mPrime[SHA512_SIZE]; static unsigned char h1[SHA512_SIZE]; static unsigned char h2[SHA512_SIZE]; static unsigned char h1p[SHA512_SIZE]; static unsigned char h2p[SHA512_SIZE]; static int mgf1(gnutls_hash_hd_t hctx, int count, unsigned char *buf, int diglen) { gnutls_hash_hd_t ctx2 = gnutls_hash_copy(hctx); if (!ctx2) return GNUTLS_E_PK_SIGN_FAILED; uint32_t be_count = htonl(count); int err = gnutls_hash(ctx2, &be_count, sizeof(be_count)); if (err) { gnutls_hash_deinit(ctx2, NULL); return err; } gnutls_hash_deinit(ctx2, buf); int i; for (i = 0; i < diglen; i++) { if (!(i & 15)) printf("\n(%d) %04x:", count, i); printf(" %02x", buf[i]); } printf("\n"); return 0; } int psstest(int dig) { gnutls_hash_hd_t hashctx = NULL; int diglen = gnutls_hash_get_len(dig); int err = 0; if ((err = gnutls_hash_init(&hashctx, dig)) || (err = gnutls_hash(hashctx, "\0\0\0\0\0\0\0\0", 8)) || (err = gnutls_hash(hashctx, mHash, diglen))) goto out; gnutls_hash_output(hashctx, mPrime); /* gnutls_hash_output() is supposed to reset the state. For SHA256 at least * it *does* seem to work, in * http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/ff367965f */ if (err = gnutls_hash(hashctx, mPrime, diglen)) goto out; if (err = mgf1(hashctx, 0, h1, diglen)) goto out; if (err = mgf1(hashctx, 1, h2, diglen)) goto out; /* This one really *does* reset it, and makes things work. But *should* * be identical to the above? */ gnutls_hash_deinit(hashctx, NULL); if (err = gnutls_hash_init(&hashctx, dig)) goto out; if (err = gnutls_hash(hashctx, mPrime, diglen)) goto out; if (err = mgf1(hashctx, 0, h1p, diglen)) goto out; if (err = mgf1(hashctx, 1, h2p, diglen)) goto out; if (memcmp(h1, h1p, diglen) || memcmp(h2, h2p, diglen)) { printf("Error: mismatch\n"); return 1; } return 0; out: printf("Error: %s\n", gnutls_strerror(err)); return 1; } int main(void) { //psstest(GNUTLS_DIG_SHA256); psstest(GNUTLS_DIG_SHA384); //psstest(GNUTLS_DIG_SHA512); } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1257 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 27 15:53:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jul 2021 13:53:30 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hash_copy() fails on SHA384 after gnutls_hash_output(). (#1257) In-Reply-To: References: Message-ID: David Woodhouse commented: Worked around in https://gitlab.com/openconnect/openconnect/-/commit/24ffd7b01f2e6e15dcbd7e591a141cedb9763d79 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1257#note_636554497 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 28 12:43:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 28 Jul 2021 10:43:30 +0000 Subject: [gnutls-devel] GnuTLS | TLSv1.3 RSA-PSS allows truncated salt in violation of RFC8446 (#1258) References: Message-ID: David Woodhouse created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1258 RFC8446 ?4.2.3 says for the RSASSA-PSS algorithms: ``` The length of the Salt MUST be equal to the length of the output of the digest algorithm. ``` However, in the case of a 1024-bit RSA key using RSA-PSS+SHA512, the maximum possible salt length is only 62 bytes. I originally filed an OpenSSL issue for this *not* working in OpenSSL: https://github.com/openssl/openssl/issues/16167 But now after referring to RFC8446 I think the bug is that it *does* work in GnuTLS, and it shouldn't. And I should fix my PSS padding code in OpenConnect too, to fail when there isn't enough room for `salt_len == hash_len` instead of truncating the salt. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1258 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 31 19:01:17 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 31 Jul 2021 17:01:17 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hash_copy() fails on SHA384 after gnutls_hash_output(). (#1257) In-Reply-To: References: Message-ID: Daiki Ueno commented: Interesting. If I run the reproducer under `GNUTLS_CPUID_OVERRIDE=0x1`, it works; that probably means that one of the optimized implementations has the issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1257#note_640166394 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: