From nmav at gnutls.org Thu Dec 1 16:38:22 2016 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 1 Dec 2016 16:38:22 +0100 Subject: [gnutls-help] gnutls_x509_crl_verify fails for new generated certificates or CRL In-Reply-To: <1978943522.87471.1480540541189.JavaMail.zimbra@savoirfairelinux.com> References: <1978943522.87471.1480540541189.JavaMail.zimbra@savoirfairelinux.com> Message-ID: On Wed, Nov 30, 2016 at 10:15 PM, Adrien B?raud wrote: > I make use of GnuTLS certificate revocation list methods, including > gnutls_x509_crl_verify, but it looks like there some issue: > gnutls_x509_crl_verify > calls > find_crl_issuer, > which calls > is_crl_issuer, > which calls > _gnutls_x509_compare_raw_dn > > However it seems that the raw_dn field is not set for a new generated > certificate, only for a certificate loaded using gnutls_x509_crt_import > functions. > Also it seems the raw_issuer_dn field is not set for a new generated CRL, > only for a CRL loaded using gnutls_x509_crl_import functions. > So that gnutls_x509_crl_verify fails when used with new generated > certificate or CRL. Right, newly generated CRLs and certificates are not fully usable. I think I should make that apparent in the _sign() functions of them. They need to go through the import phase to be used for verification. > Also this means that if multiple new certificates and a new CRL are provided > to gnutls_x509_crl_verify, any of the provided certificate will match since > the raw DN is allays empty so allays equal. > Fortunately in this case the signature check would fail later in > gnutls_x509_crl_verify so this might not be a security issue. DN matching does not offer an security guarrantee. The DN is what the certificate claims to be, rather than an ID assertion. The matching is used to discover a possible signer, but does not replace the signature verification process. regards, Nikos From adrien.beraud at savoirfairelinux.com Tue Dec 6 23:16:28 2016 From: adrien.beraud at savoirfairelinux.com (Adrien =?utf-8?Q?B=C3=A9raud?=) Date: Tue, 6 Dec 2016 17:16:28 -0500 (EST) Subject: [gnutls-help] About CRL "next update" field presence Message-ID: <1628983097.380702.1481062588798.JavaMail.zimbra@savoirfairelinux.com> In the documentation about gnutls_x509_crl_get_next_update: "This field is optional in a CRL so it might be normal to get an error instead. " However trying to sign a new CRL without previously calling gnutls_x509_crl_set_next_update() results in an "ASN1 parser: Value was not found." error. Not sure if this behavior is a bug, but it's unexpected for sure. Regards, Adrien Beraud Savoir-faire Linux -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Wed Dec 7 09:06:30 2016 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 7 Dec 2016 09:06:30 +0100 Subject: [gnutls-help] About CRL "next update" field presence In-Reply-To: <1628983097.380702.1481062588798.JavaMail.zimbra@savoirfairelinux.com> References: <1628983097.380702.1481062588798.JavaMail.zimbra@savoirfairelinux.com> Message-ID: On Tue, Dec 6, 2016 at 11:16 PM, Adrien B?raud wrote: > In the documentation about gnutls_x509_crl_get_next_update: > "This field is optional in a CRL so it might be normal to get an error > instead. " > > However trying to sign a new CRL without previously calling > gnutls_x509_crl_set_next_update() > results in an "ASN1 parser: Value was not found." error. > Not sure if this behavior is a bug, but it's unexpected for sure. It can be seen as a bug if we want to support generating CRLs without this field. As it is now it is not possible to omit this field on CRLs generated by gnutls as far as I understand. regards, Nikos From nmav at gnutls.org Thu Dec 8 07:57:52 2016 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 08 Dec 2016 07:57:52 +0100 Subject: [gnutls-help] gnutls 3.4.17 Message-ID: <1481180272.2177.1.camel@gnutls.org> Hello,? ?I've just released gnutls 3.4.17. This is a bug fix release of the current stable branch. * Version 3.4.17 (released 2016-12-8) ** libgnutls: Introduced time and constraints checks in the end certificate???in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct()?functions. ** libgnutls: Set limits on the maximum number of alerts handled. That is,?applications using gnutls could be tricked into an busy loop if? the?peer sends continuously alert messages. Applications which set a maximum?handshake time (via gnutls_handshake_set_timeout) will eventually recover?but others may remain in a busy loops? indefinitely. This is related but?not identical to CVE-2016-8610, due to the difference in alert handling?of the libraries (gnutls delegates that handling to applications). ** libgnutls: Enhanced the PKCS#7 parser to allow decoding old ???(pre-rfc5652) structures with arbitrary encapsulated content. ** libgnutls: Backported cipher priorities order from 3.5.x branch. That?adds CHACHA20-POLY1305 ciphersuite to SECURE priority strings. ** certtool: When exporting a CRQ in DER format ensure no text data are ???intermixed. Patch by Dmitry Eremin-Solenikov. ** API and ABI modifications: gnutls_pkcs7_get_embedded_data_oid: Added Getting the Software ==================== GnuTLS may be downloaded directly from .??A list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.17.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.17.tar.xz.sig Note that it has been signed with my openpgp key: pub???3104R/96865171 2008-05-04 [expires: 2028-04-29] uid??????????????????Nikos Mavrogiannopoulos gnutls.org> uid??????????????????Nikos Mavrogiannopoulos gmail.com> sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Thu Dec 8 08:04:07 2016 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 08 Dec 2016 08:04:07 +0100 Subject: [gnutls-help] gnutls 3.5.7 Message-ID: <1481180647.2177.3.camel@gnutls.org> Hello,? ?I've just released gnutls 3.5.7. This is the last release in the 3.5.x branch introducing major changes. The next releases after 3.5.7 will be marked as stable and replace the 3.4.x branch. New features will enter at a new 3.6.x branch. * Version 3.5.7 (released 2016-12-8) ** libgnutls: Include CHACHA20-POLY1305 ciphersuites in the SECURE128 ???and SECURE256 priority strings. ** libgnutls: Require libtasn1 4.9; this ensures gnutls will correctly ???operate with OIDs which have elements that exceed 2^32. ** libgnutls: The DN decoding functions output the traditional DN format?rather than the strict RFC4514 compliant textual DN. This reverts the?3.5.6 introduced change, and allows applications which depended on the?previous format to continue to function. Introduced new functions which?output the strict format by default, and can revert to the old one using a flag. ** libgnutls: Improved TPM key handling. Check authorization? requirements?prior to using a key and fix issue on loop for PIN input. Patches by?James Bottomley. ** libgnutls: In all functions accepting UTF-8 passwords, ensure that ???passwords are normalized according to RFC7613. When invalid UTF-8 ???passwords are detected, they are only tolerated for decryption. ???This introduces a libunistring dependency on GnuTLS. A version of ???libunistring is included in the library for the platforms that do ???not ship it; it can be used with the '--with-included-unistring' ???option to configure script. ** libgnutls: When setting a subject alternative name in a certificate ???which is in UTF-8 format, it will transparently be converted to IDNA form?prior to storing. ** libgnutls: GNUTLS_CRT_PRINT_ONELINE flag on gnutls_x509_crt_print() ???will print the SHA256 key-ID instead of a certificate fingerprint. ** libgnutls: enhance the PKCS#7 verification capabilities. In the case ???signers that are not discoverable using the trust list or input, use ???the stored list as pool to generate a trusted chain to the signer. ** libgnutls: Improved MTU calculation precision for the CBC ciphersuites?under DTLS. ** libgnutls: [added missing news entry since 3.5.0] ???No longer tolerate certificate key usage violations for ???TLS signature verification, and decryption. That is GnuTLS will fail ???to connect to servers which incorrectly use a restricted to signing certificate?for decryption, or vice-versa. This reverts the lax behavior introduced?in 3.1.0, due to several such broken servers being available. The %COMPAT?priority keyword can be used to work- around connecting on these servers. ** certtool: When exporting a CRQ in DER format ensure no text data are ???intermixed. Patch by Dmitry Eremin-Solenikov. ** certtool: Include the SHA-256 variant of key ID in --certificate- info?options. ** p11tool: Introduced the --initialize-pin and --initialize-so-pin ???options. ** API and ABI modifications: gnutls_utf8_password_normalize: Added gnutls_ocsp_resp_get_responder2: Added gnutls_x509_crt_get_issuer_dn3: Added gnutls_x509_crt_get_dn3: Added gnutls_x509_rdn_get2: Added gnutls_x509_dn_get_str2: Added gnutls_x509_crl_get_issuer_dn3: Added gnutls_x509_crq_get_dn3: Added Getting the Software ==================== GnuTLS may be downloaded directly from .??A list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.7.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.7.tar.xz.sig Note that it has been signed with my openpgp key: pub???3104R/96865171 2008-05-04 [expires: 2028-04-29] uid??????????????????Nikos Mavrogiannopoulos gnutls.org> uid??????????????????Nikos Mavrogiannopoulos gmail.com> sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos