[SCM] GNU gnutls branch, master, updated. gnutls_2_9

gnutls-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-15-g109bf60

From:	Simon Josefsson
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-15-g109bf60
Date:	Thu, 29 Apr 2010 14:11:44 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=109bf60a3627a6e5b750b4bdd2418911c7c25a7b

The branch, master has been updated
       via  109bf60a3627a6e5b750b4bdd2418911c7c25a7b (commit)
       via  e363e2abd6c143714d3433c332e991dfa1574bea (commit)
      from  61a69ee82f65d9c2c8d50df722d433327acbae26 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 109bf60a3627a6e5b750b4bdd2418911c7c25a7b
Author: Simon Josefsson <address@hidden>
Date:   Thu Apr 29 16:11:40 2010 +0200

    Improve renegotiation debug messages.

commit e363e2abd6c143714d3433c332e991dfa1574bea
Author: Simon Josefsson <address@hidden>
Date:   Thu Apr 29 13:09:20 2010 +0200

    Add.

-----------------------------------------------------------------------

Summary of changes:
 doc/announce.txt       |   71 +++++++++++++++++++++++++++++++++++++++++++++---
 lib/gnutls_handshake.c |   26 +++++++++++------
 2 files changed, 84 insertions(+), 13 deletions(-)

diff --git a/doc/announce.txt b/doc/announce.txt
index 2f09d4e..5eaf504 100644
--- a/doc/announce.txt
+++ b/doc/announce.txt
@@ -254,10 +254,73 @@ Forwarded by Martin von Gagern <address@hidden> from
 
 ** Doc fixes for CRQ functions.
 
-TLS Safe Renegotiation Support
-==============================
-
-TBA
+TLS Renegotiation Attack
+========================
+
+This releases supports the new extension that hardens TLS
+renegotiation, prompted by the recent discovery of a security flaw in
+the protocol.  We quote the manual which contains a discussion of the
+problem and how the solution is implemented in GnuTLS:
+
+Some application protocols and implementations uses the TLS
+renegotiation feature in a manner that enables attackers to insert
+content of his choice in the beginning of a TLS session.
+
+The simplest example is HTTP.  For HTTP one attack works by having the
+attacker simulate a client and connect to a server, with server-only
+authentication, and send some data intended to cause harm.  When the
+proper client attempts to contact the server, the attacker hijacks that
+connection and uses the TLS renegotiation feature with the server and
+splices in the client connection to the already established connection
+between the client and server.  The attacker will not be able to read
+the data exchanged between the client and the server.  However, some
+server implementations will (incorrectly) assume that the data sent by
+the attacker was sent by the now authenticated client.  The result is a
+prefix plain-text injection attack.
+
+While fixing these application protocols and implementations would be
+one natural reaction, an extension to TLS has been designed that
+cryptographically binds together any renegotiated handshakes with the
+initial negotiation.  When the extension is used, the attack is
+detected and the session can be terminated.  The extension is
+specified in [RFC5746].
+
+GnuTLS supports the safe renegotiation extension.  By default, GnuTLS
+clients will attempt to negotiate the safe renegotiation extension when
+talking to servers.  Also by default, GnuTLS servers will accept the
+extension when presented by clients.  However, by default GnuTLS client
+and servers will not refuse renegotiation attempts when the extension
+has not been negotiated, as this would break backwards compatibility
+and cause too much operational problems.  We will likely reconsider
+these defaults in the future.
+
+To modify the default behaviour, we have introduced three new priority
+strings.  The priority strings can be used by applications
+(gnutls_priority_set) and end users (e.g., `--priority' parameter to
+`gnutls-cli' and `gnutls-serv').
+
+The `%UNSAFE_RENEGOTIATION' priority string requests what is today the
+default behaviour, i.e., that handshakes without the safe renegotiation
+extension is permitted.  To make more use of the extension, you may
+provide the `%SAFE_RENEGOTIATION' priority string.  In this mode,
+clients will require that the server supports the extension for the
+initial handshake, and servers will require that the client supports
+the extension for renegotiated handshakes.  If you want to make a
+server refuse even initial handshakes without the safe renegotiation
+extension, use the `%INITIAL_SAFE_RENEGOTIATION' priority string.  It
+is possible to disable use of the extension completely by using the
+`%DISABLE_SAFE_RENEGOTIATION' priority string however this is
+recommended against except for debugging.
+
+For applications we have introduced three new APIs related to safe
+renegotiation.  The gnutls_safe_renegotiation_status function is used
+to check if the extension has been negotiated on a session, and can be
+used both by clients and servers.  The gnutls_safe_renegotiation_set
+function allows applications to request that the extension should be
+disabled (or re-enabled) in handshakes for the session.  The
+gnutls_safe_negotiation_set_initial function is only relevant for
+servers, and is used to enforce that clients support the extension
+even on the initial handshake.
 
 API/ABI changes in GnuTLS 2.10
 ==============================
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 0959c06..203b816 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2352,7 +2352,8 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * 
data, int datalen)
                   ext->client_verify_data, ext->client_verify_data_len)))
        {
          gnutls_assert ();
-         _gnutls_handshake_log ("Safe renegotiation failed [1]\n");
+         _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
+                                session);
          return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
        }
 
@@ -2365,7 +2366,8 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * 
data, int datalen)
                      ext->server_verify_data_len) != 0)
            {
              gnutls_assert ();
-             _gnutls_handshake_log ("Safe renegotiation failed [2]\n");
+             _gnutls_handshake_log
+               ("HSK[%p]: Safe renegotiation failed [2]\n", session);
              return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
            }
        }
@@ -2374,12 +2376,14 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * 
data, int datalen)
          if (ext->ri_extension_data_len != ext->client_verify_data_len)
            {
              gnutls_assert ();
-             _gnutls_handshake_log ("Safe renegotiation failed [3]\n");
+             _gnutls_handshake_log
+               ("HSK[%p]: Safe renegotiation failed [3]\n", session);
              return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
            }
        }
 
-      _gnutls_handshake_log ("Safe renegotiation succeeded.\n");
+      _gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n",
+                            session);
     }
   else                         /* safe renegotiation not received... */
     {
@@ -2387,7 +2391,8 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * 
data, int datalen)
        {
          gnutls_assert ();
          _gnutls_handshake_log
-           ("Peer previously asked for safe renegotiation!\n");
+           ("HSK[%p]: Peer previously asked for safe renegotiation\n",
+            session);
          return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
        }
 
@@ -2397,12 +2402,14 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * 
data, int datalen)
        {
          if (session->internals.priorities.unsafe_renegotiation != 0)
            {
-             _gnutls_handshake_log ("Allowing unsafe (re)negotiation!\n");
+             _gnutls_handshake_log
+               ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
            }
          else
            {
              gnutls_assert ();
-             _gnutls_handshake_log ("Denying unsafe (re)negotiation.\n");
+             _gnutls_handshake_log
+               ("HSK[%p]: Denying unsafe (re)negotiation\n", sesion);
              if (session->security_parameters.entity == GNUTLS_SERVER)
                /* send no renegotiation alert */
                return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
@@ -2415,12 +2422,13 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * 
data, int datalen)
          if (session->internals.priorities.initial_safe_renegotiation == 0)
            {
              _gnutls_handshake_log
-               ("Allowing unsafe initial negotiation!\n");
+               ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
            }
          else
            {
              gnutls_assert ();
-             _gnutls_handshake_log ("Denying unsafe initial negotiation.\n");
+             _gnutls_handshake_log
+               ("HSK[%p]: Denying unsafe initial negotiation\n", session);
              return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
            }
        }


hooks/post-receive
-- 
GNU gnutls
[Prev in Thread]
Current Thread
[Next in Thread]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-15-g109bf60, Simon Josefsson <=
Prev by Date: Hydra job gnu:gnutls-master:build build 387394 FAILED
Next by Date: Hydra job gnu:gnutls-master:tarball build 387583 FAILED
Previous by thread: Hydra job gnu:gnutls-master:build build 387394 FAILED
Next by thread: Hydra job gnu:gnutls-master:tarball build 387583 FAILED
Index(es):
- Date
- Thread