| |
@@ -1,957 +0,0 @@
|
| |
- From c83b9ecbe8e7e5442867281236d8c9e1bd227204 Mon Sep 17 00:00:00 2001
|
| |
- From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- Date: Tue, 2 Aug 2022 15:00:50 +0200
|
| |
- Subject: [PATCH 1/7] KTLS: set key on specific interfaces
|
| |
-
|
| |
- It is now possible to set key on specific interface.
|
| |
- If interface given is not ktls enabled then it will be ignored.
|
| |
-
|
| |
- Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- ---
|
| |
- lib/handshake.c | 2 +-
|
| |
- lib/system/ktls.c | 12 +++++++-----
|
| |
- lib/system/ktls.h | 7 ++++++-
|
| |
- 3 files changed, 14 insertions(+), 7 deletions(-)
|
| |
-
|
| |
- diff --git a/lib/handshake.c b/lib/handshake.c
|
| |
- index 21edc5ece..cb2bc3ae9 100644
|
| |
- --- a/lib/handshake.c
|
| |
- +++ b/lib/handshake.c
|
| |
- @@ -2924,7 +2924,7 @@ int gnutls_handshake(gnutls_session_t session)
|
| |
-
|
| |
- #ifdef ENABLE_KTLS
|
| |
- if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_DUPLEX)) {
|
| |
- - _gnutls_ktls_set_keys(session);
|
| |
- + _gnutls_ktls_set_keys(session, GNUTLS_KTLS_DUPLEX);
|
| |
- }
|
| |
- #endif
|
| |
-
|
| |
- diff --git a/lib/system/ktls.c b/lib/system/ktls.c
|
| |
- index ddf27fac7..70b9b9b3a 100644
|
| |
- --- a/lib/system/ktls.c
|
| |
- +++ b/lib/system/ktls.c
|
| |
- @@ -80,7 +80,7 @@ void _gnutls_ktls_enable(gnutls_session_t session)
|
| |
- }
|
| |
- }
|
| |
-
|
| |
- -int _gnutls_ktls_set_keys(gnutls_session_t session)
|
| |
- +int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable_flags_t in)
|
| |
- {
|
| |
- gnutls_cipher_algorithm_t cipher = gnutls_cipher_get(session);
|
| |
- gnutls_datum_t mac_key;
|
| |
- @@ -107,7 +107,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session)
|
| |
- return ret;
|
| |
- }
|
| |
-
|
| |
- - if(session->internals.ktls_enabled & GNUTLS_KTLS_RECV){
|
| |
- + in &= session->internals.ktls_enabled;
|
| |
- +
|
| |
- + if(in & GNUTLS_KTLS_RECV){
|
| |
- switch (cipher) {
|
| |
- case GNUTLS_CIPHER_AES_128_GCM:
|
| |
- {
|
| |
- @@ -191,7 +193,7 @@ int _gnutls_ktls_set_keys(gnutls_session_t session)
|
| |
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
| |
- }
|
| |
-
|
| |
- - if(session->internals.ktls_enabled & GNUTLS_KTLS_SEND){
|
| |
- + if(in & GNUTLS_KTLS_SEND){
|
| |
- switch (cipher) {
|
| |
- case GNUTLS_CIPHER_AES_128_GCM:
|
| |
- {
|
| |
- @@ -269,7 +271,7 @@ int _gnutls_ktls_set_keys(gnutls_session_t session)
|
| |
- }
|
| |
- }
|
| |
-
|
| |
- - return 0;
|
| |
- + return in;
|
| |
- }
|
| |
-
|
| |
- ssize_t _gnutls_ktls_send_file(gnutls_session_t session, int fd,
|
| |
- @@ -465,7 +467,7 @@ gnutls_transport_is_ktls_enabled(gnutls_session_t session) {
|
| |
- void _gnutls_ktls_enable(gnutls_session_t session) {
|
| |
- }
|
| |
-
|
| |
- -int _gnutls_ktls_set_keys(gnutls_session_t session) {
|
| |
- +int _gnutls_ktls_set_keys(gnutls_session_t sessioni, gnutls_transport_ktls_enable_flags_t in) {
|
| |
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
|
| |
- }
|
| |
-
|
| |
- diff --git a/lib/system/ktls.h b/lib/system/ktls.h
|
| |
- index 8a98a8eb8..c8059092d 100644
|
| |
- --- a/lib/system/ktls.h
|
| |
- +++ b/lib/system/ktls.h
|
| |
- @@ -4,14 +4,19 @@
|
| |
- #include "gnutls_int.h"
|
| |
-
|
| |
- void _gnutls_ktls_enable(gnutls_session_t session);
|
| |
- -int _gnutls_ktls_set_keys(gnutls_session_t session);
|
| |
- +
|
| |
- +int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable_flags_t in);
|
| |
- +
|
| |
- ssize_t _gnutls_ktls_send_file(gnutls_session_t session, int fd,
|
| |
- off_t *offset, size_t count);
|
| |
- +
|
| |
- int _gnutls_ktls_send_control_msg(gnutls_session_t session, unsigned char record_type,
|
| |
- const void *data, size_t data_size);
|
| |
- #define _gnutls_ktls_send(x, y, z) _gnutls_ktls_send_control_msg(x, GNUTLS_APPLICATION_DATA, y, z);
|
| |
- +
|
| |
- int _gnutls_ktls_recv_control_msg(gnutls_session_t session, unsigned char *record_type,
|
| |
- void *data, size_t data_size);
|
| |
- +
|
| |
- int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type, void *data, size_t data_size);
|
| |
- #define _gnutls_ktls_recv(x, y, z) _gnutls_ktls_recv_int(x, GNUTLS_APPLICATION_DATA, y, z)
|
| |
-
|
| |
- --
|
| |
- 2.39.0
|
| |
-
|
| |
-
|
| |
- From f8c71030151e3a0d397e9712541236f1a76434a3 Mon Sep 17 00:00:00 2001
|
| |
- From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- Date: Tue, 2 Aug 2022 13:35:39 +0200
|
| |
- Subject: [PATCH 2/7] KTLS: set new keys for keyupdate
|
| |
-
|
| |
- set new keys durring gnutls_session_key_update()
|
| |
- setting keys
|
| |
-
|
| |
- Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- ---
|
| |
- lib/tls13/key_update.c | 9 +++++++++
|
| |
- 1 file changed, 9 insertions(+)
|
| |
-
|
| |
- diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c
|
| |
- index c6f6e0aa1..10c0a9110 100644
|
| |
- --- a/lib/tls13/key_update.c
|
| |
- +++ b/lib/tls13/key_update.c
|
| |
- @@ -27,6 +27,7 @@
|
| |
- #include "mem.h"
|
| |
- #include "mbuffers.h"
|
| |
- #include "secrets.h"
|
| |
- +#include "system/ktls.h"
|
| |
-
|
| |
- #define KEY_UPDATES_WINDOW 1000
|
| |
- #define KEY_UPDATES_PER_WINDOW 8
|
| |
- @@ -49,8 +50,16 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage)
|
| |
- * write keys */
|
| |
- if (session->internals.recv_state == RECV_STATE_EARLY_START) {
|
| |
- ret = _tls13_write_connection_state_init(session, stage);
|
| |
- + if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND))
|
| |
- + ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_SEND);
|
| |
- } else {
|
| |
- ret = _tls13_connection_state_init(session, stage);
|
| |
- +
|
| |
- + if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND) && stage == STAGE_UPD_OURS)
|
| |
- + ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_SEND);
|
| |
- + else if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) && stage == STAGE_UPD_PEERS)
|
| |
- + ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_RECV);
|
| |
- +
|
| |
- }
|
| |
- if (ret < 0)
|
| |
- return gnutls_assert_val(ret);
|
| |
- --
|
| |
- 2.39.0
|
| |
-
|
| |
-
|
| |
- From b93af37d972e02b095e14d4209bf5d5520a4893c Mon Sep 17 00:00:00 2001
|
| |
- From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- Date: Wed, 3 Aug 2022 14:20:35 +0200
|
| |
- Subject: [PATCH 3/7] KTLS: send update key request
|
| |
-
|
| |
- Set hanshake send function after interface initialization
|
| |
- TODO: handel setting function differently
|
| |
-
|
| |
- Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- ---
|
| |
- lib/record.c | 23 ++++++++++++++++-------
|
| |
- lib/system/ktls.c | 21 +++++++++++++++++++++
|
| |
- lib/system/ktls.h | 5 +++++
|
| |
- 3 files changed, 42 insertions(+), 7 deletions(-)
|
| |
-
|
| |
- diff --git a/lib/record.c b/lib/record.c
|
| |
- index fd24acaf1..aad128e1f 100644
|
| |
- --- a/lib/record.c
|
| |
- +++ b/lib/record.c
|
| |
- @@ -2065,11 +2065,17 @@ gnutls_record_send2(gnutls_session_t session, const void *data,
|
| |
- session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_3;
|
| |
- FALLTHROUGH;
|
| |
- case RECORD_SEND_KEY_UPDATE_3:
|
| |
- - ret = _gnutls_send_int(session, GNUTLS_APPLICATION_DATA,
|
| |
- - -1, EPOCH_WRITE_CURRENT,
|
| |
- - session->internals.record_key_update_buffer.data,
|
| |
- - session->internals.record_key_update_buffer.length,
|
| |
- - MBUFFER_FLUSH);
|
| |
- + if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) {
|
| |
- + return _gnutls_ktls_send(session,
|
| |
- + session->internals.record_key_update_buffer.data,
|
| |
- + session->internals.record_key_update_buffer.length);
|
| |
- + } else {
|
| |
- + ret = _gnutls_send_int(session, GNUTLS_APPLICATION_DATA,
|
| |
- + -1, EPOCH_WRITE_CURRENT,
|
| |
- + session->internals.record_key_update_buffer.data,
|
| |
- + session->internals.record_key_update_buffer.length,
|
| |
- + MBUFFER_FLUSH);
|
| |
- + }
|
| |
- _gnutls_buffer_clear(&session->internals.record_key_update_buffer);
|
| |
- session->internals.rsend_state = RECORD_SEND_NORMAL;
|
| |
- if (ret < 0)
|
| |
- @@ -2494,8 +2500,11 @@ gnutls_handshake_write(gnutls_session_t session,
|
| |
- return gnutls_assert_val(0);
|
| |
-
|
| |
- /* When using this, the outgoing handshake messages should
|
| |
- - * also be handled manually */
|
| |
- - if (!session->internals.h_read_func)
|
| |
- + * also be handled manually unless KTLS is enabled exclusively
|
| |
- + * in GNUTLS_KTLS_RECV mode in which case the outgoing messages
|
| |
- + * are handled by GnuTLS.
|
| |
- + */
|
| |
- + if (!session->internals.h_read_func && !IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV))
|
| |
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
| |
-
|
| |
- if (session->internals.initial_negotiation_completed) {
|
| |
- diff --git a/lib/system/ktls.c b/lib/system/ktls.c
|
| |
- index 70b9b9b3a..5da0a8069 100644
|
| |
- --- a/lib/system/ktls.c
|
| |
- +++ b/lib/system/ktls.c
|
| |
- @@ -269,6 +269,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable
|
| |
- default:
|
| |
- assert(0);
|
| |
- }
|
| |
- + // set callback for sending handshake messages
|
| |
- + gnutls_handshake_set_read_function(session,
|
| |
- + _gnutls_ktls_send_handshake_msg);
|
| |
- }
|
| |
-
|
| |
- return in;
|
| |
- @@ -355,6 +358,15 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
|
| |
- return data_size;
|
| |
- }
|
| |
-
|
| |
- +int _gnutls_ktls_send_handshake_msg(gnutls_session_t session,
|
| |
- + gnutls_record_encryption_level_t level,
|
| |
- + gnutls_handshake_description_t htype,
|
| |
- + const void *data, size_t data_size)
|
| |
- +{
|
| |
- + return _gnutls_ktls_send_control_msg(session, GNUTLS_HANDSHAKE,
|
| |
- + data, data_size);
|
| |
- +}
|
| |
- +
|
| |
- int _gnutls_ktls_recv_control_msg(gnutls_session_t session,
|
| |
- unsigned char *record_type, void *data, size_t data_size)
|
| |
- {
|
| |
- @@ -481,6 +493,15 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
|
| |
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
|
| |
- }
|
| |
-
|
| |
- +int _gnutls_ktls_send_handshake_msg(gnutls_session_t session,
|
| |
- + gnutls_record_encryption_level_t level,
|
| |
- + gnutls_handshake_description_t htype,
|
| |
- + const void *data, size_t data_size)
|
| |
- +{
|
| |
- + (void)level;
|
| |
- + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
|
| |
- +}
|
| |
- +
|
| |
- int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type,
|
| |
- void *data, size_t data_size) {
|
| |
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
|
| |
- diff --git a/lib/system/ktls.h b/lib/system/ktls.h
|
| |
- index c8059092d..8d61a49df 100644
|
| |
- --- a/lib/system/ktls.h
|
| |
- +++ b/lib/system/ktls.h
|
| |
- @@ -10,6 +10,11 @@ int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable
|
| |
- ssize_t _gnutls_ktls_send_file(gnutls_session_t session, int fd,
|
| |
- off_t *offset, size_t count);
|
| |
-
|
| |
- +int _gnutls_ktls_send_handshake_msg(gnutls_session_t session,
|
| |
- + gnutls_record_encryption_level_t level,
|
| |
- + gnutls_handshake_description_t htype,
|
| |
- + const void *data, size_t data_size);
|
| |
- +
|
| |
- int _gnutls_ktls_send_control_msg(gnutls_session_t session, unsigned char record_type,
|
| |
- const void *data, size_t data_size);
|
| |
- #define _gnutls_ktls_send(x, y, z) _gnutls_ktls_send_control_msg(x, GNUTLS_APPLICATION_DATA, y, z);
|
| |
- --
|
| |
- 2.39.0
|
| |
-
|
| |
-
|
| |
- From 7128338208d092275ac72785f85019d16951fab9 Mon Sep 17 00:00:00 2001
|
| |
- From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- Date: Mon, 22 Aug 2022 10:50:37 +0200
|
| |
- Subject: [PATCH 4/7] KTLS: receive key update
|
| |
-
|
| |
- handle received GNUTLS_HANDSHAKE_KEY_UPDATE set keys accordingly
|
| |
-
|
| |
- Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- ---
|
| |
- lib/system/ktls.c | 8 +++++++-
|
| |
- 1 file changed, 7 insertions(+), 1 deletion(-)
|
| |
-
|
| |
- diff --git a/lib/system/ktls.c b/lib/system/ktls.c
|
| |
- index 5da0a8069..f3cb343ae 100644
|
| |
- --- a/lib/system/ktls.c
|
| |
- +++ b/lib/system/ktls.c
|
| |
- @@ -452,7 +452,13 @@ int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type,
|
| |
- ret = 0;
|
| |
- break;
|
| |
- case GNUTLS_HANDSHAKE:
|
| |
- - // ignore post-handshake messages
|
| |
- + ret = gnutls_handshake_write(session,
|
| |
- + GNUTLS_ENCRYPTION_LEVEL_APPLICATION,
|
| |
- + data, ret);
|
| |
- +
|
| |
- + if (ret < 0)
|
| |
- + return gnutls_assert_val(ret);
|
| |
- +
|
| |
- if (type != record_type)
|
| |
- return GNUTLS_E_AGAIN;
|
| |
- break;
|
| |
- --
|
| |
- 2.39.0
|
| |
-
|
| |
-
|
| |
- From 14eadde1f2cdfaf858dc2029dac5503e48a49935 Mon Sep 17 00:00:00 2001
|
| |
- From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- Date: Fri, 5 Aug 2022 16:38:02 +0200
|
| |
- Subject: [PATCH 5/7] KTLS: set write alert callback
|
| |
-
|
| |
- Use callback for sending alerts.
|
| |
-
|
| |
- Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- ---
|
| |
- lib/alert.c | 13 ++++---------
|
| |
- lib/system/ktls.c | 15 +++++++++++++++
|
| |
- lib/system/ktls.h | 5 +++++
|
| |
- 3 files changed, 24 insertions(+), 9 deletions(-)
|
| |
-
|
| |
- diff --git a/lib/alert.c b/lib/alert.c
|
| |
- index 50bd1d3de..fda8cd79f 100644
|
| |
- --- a/lib/alert.c
|
| |
- +++ b/lib/alert.c
|
| |
- @@ -182,15 +182,10 @@ gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level,
|
| |
- return ret;
|
| |
- }
|
| |
-
|
| |
- - if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) {
|
| |
- - ret =
|
| |
- - _gnutls_ktls_send_control_msg(session, GNUTLS_ALERT, data, 2);
|
| |
- - } else {
|
| |
- - ret =
|
| |
- - _gnutls_send_int(session, GNUTLS_ALERT, -1,
|
| |
- - EPOCH_WRITE_CURRENT, data, 2,
|
| |
- - MBUFFER_FLUSH);
|
| |
- - }
|
| |
- + ret = _gnutls_send_int(session, GNUTLS_ALERT, -1,
|
| |
- + EPOCH_WRITE_CURRENT, data, 2,
|
| |
- + MBUFFER_FLUSH);
|
| |
- +
|
| |
- return (ret < 0) ? ret : 0;
|
| |
- }
|
| |
-
|
| |
- diff --git a/lib/system/ktls.c b/lib/system/ktls.c
|
| |
- index f3cb343ae..703775960 100644
|
| |
- --- a/lib/system/ktls.c
|
| |
- +++ b/lib/system/ktls.c
|
| |
- @@ -269,9 +269,13 @@ int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable
|
| |
- default:
|
| |
- assert(0);
|
| |
- }
|
| |
- +
|
| |
- // set callback for sending handshake messages
|
| |
- gnutls_handshake_set_read_function(session,
|
| |
- _gnutls_ktls_send_handshake_msg);
|
| |
- +
|
| |
- + // set callback for sending alert messages
|
| |
- + gnutls_alert_set_read_function(session, _gnutls_ktls_send_alert_msg);
|
| |
- }
|
| |
-
|
| |
- return in;
|
| |
- @@ -367,6 +371,17 @@ int _gnutls_ktls_send_handshake_msg(gnutls_session_t session,
|
| |
- data, data_size);
|
| |
- }
|
| |
-
|
| |
- +int _gnutls_ktls_send_alert_msg(gnutls_session_t session,
|
| |
- + gnutls_record_encryption_level_t level,
|
| |
- + gnutls_alert_level_t alert_level,
|
| |
- + gnutls_alert_description_t alert_desc)
|
| |
- +{
|
| |
- + uint8_t data[2];
|
| |
- + data[0] = (uint8_t) alert_level;
|
| |
- + data[1] = (uint8_t) alert_desc;
|
| |
- + return _gnutls_ktls_send_control_msg(session, GNUTLS_ALERT, data, 2);
|
| |
- +}
|
| |
- +
|
| |
- int _gnutls_ktls_recv_control_msg(gnutls_session_t session,
|
| |
- unsigned char *record_type, void *data, size_t data_size)
|
| |
- {
|
| |
- diff --git a/lib/system/ktls.h b/lib/system/ktls.h
|
| |
- index 8d61a49df..64e1c9c1c 100644
|
| |
- --- a/lib/system/ktls.h
|
| |
- +++ b/lib/system/ktls.h
|
| |
- @@ -15,6 +15,11 @@ int _gnutls_ktls_send_handshake_msg(gnutls_session_t session,
|
| |
- gnutls_handshake_description_t htype,
|
| |
- const void *data, size_t data_size);
|
| |
-
|
| |
- +int _gnutls_ktls_send_alert_msg(gnutls_session_t session,
|
| |
- + gnutls_record_encryption_level_t level,
|
| |
- + gnutls_alert_level_t alert_level,
|
| |
- + gnutls_alert_description_t alert_desc);
|
| |
- +
|
| |
- int _gnutls_ktls_send_control_msg(gnutls_session_t session, unsigned char record_type,
|
| |
- const void *data, size_t data_size);
|
| |
- #define _gnutls_ktls_send(x, y, z) _gnutls_ktls_send_control_msg(x, GNUTLS_APPLICATION_DATA, y, z);
|
| |
- --
|
| |
- 2.39.0
|
| |
-
|
| |
-
|
| |
- From 38b8708d66e592c09edf2745c921436f56607a96 Mon Sep 17 00:00:00 2001
|
| |
- From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- Date: Tue, 9 Aug 2022 12:11:16 +0200
|
| |
- Subject: [PATCH 6/7] KTLS: rekey test
|
| |
-
|
| |
- Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- ---
|
| |
- tests/Makefile.am | 2 +
|
| |
- tests/ktls_keyupdate.c | 381 ++++++++++++++++++++++++++++++++++++++++
|
| |
- tests/ktls_keyupdate.sh | 46 +++++
|
| |
- 3 files changed, 429 insertions(+)
|
| |
- create mode 100644 tests/ktls_keyupdate.c
|
| |
- create mode 100755 tests/ktls_keyupdate.sh
|
| |
-
|
| |
- diff --git a/tests/Makefile.am b/tests/Makefile.am
|
| |
- index 1122886b3..2d345d478 100644
|
| |
- --- a/tests/Makefile.am
|
| |
- +++ b/tests/Makefile.am
|
| |
- @@ -500,6 +500,8 @@ endif
|
| |
- if ENABLE_KTLS
|
| |
- indirect_tests += gnutls_ktls
|
| |
- dist_check_SCRIPTS += ktls.sh
|
| |
- +indirect_tests += ktls_keyupdate
|
| |
- +dist_check_SCRIPTS += ktls_keyupdate.sh
|
| |
- endif
|
| |
-
|
| |
- if !WINDOWS
|
| |
- diff --git a/tests/ktls_keyupdate.c b/tests/ktls_keyupdate.c
|
| |
- new file mode 100644
|
| |
- index 000000000..9fbff38ae
|
| |
- --- /dev/null
|
| |
- +++ b/tests/ktls_keyupdate.c
|
| |
- @@ -0,0 +1,381 @@
|
| |
- +// Copyright (C) 2022 Red Hat, Inc.
|
| |
- +//
|
| |
- +// Author: Frantisek Krenzelok
|
| |
- +//
|
| |
- +// This file is part of GnuTLS.
|
| |
- +//
|
| |
- +// GnuTLS is free software; you can redistribute it and/or modify it
|
| |
- +// under the terms of the GNU General Public License as published by the
|
| |
- +// Free Software Foundation; either version 3 of the License, or (at
|
| |
- +// your option) any later version.
|
| |
- +//
|
| |
- +// GnuTLS is distributed in the hope that it will be useful, but
|
| |
- +// WITHOUT ANY WARRANTY; without even the implied warranty of
|
| |
- +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
| |
- +// General Public License for more details.
|
| |
- +//
|
| |
- +// You should have received a copy of the GNU General Public License
|
| |
- +// along with GnuTLS; if not, write to the Free Software Foundation,
|
| |
- +// Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
| |
- +
|
| |
- +#ifdef HAVE_CONFIG_H
|
| |
- +#include <config.h>
|
| |
- +#endif
|
| |
- +
|
| |
- +#include <stdio.h>
|
| |
- +#include <stdlib.h>
|
| |
- +#include <string.h>
|
| |
- +#include <sys/types.h>
|
| |
- +#include <netinet/in.h>
|
| |
- +#include <sys/socket.h>
|
| |
- +#include <sys/wait.h>
|
| |
- +#include <arpa/inet.h>
|
| |
- +#include <unistd.h>
|
| |
- +#include <gnutls/gnutls.h>
|
| |
- +#include <gnutls/crypto.h>
|
| |
- +#include <gnutls/dtls.h>
|
| |
- +#include <gnutls/socket.h>
|
| |
- +#include <signal.h>
|
| |
- +#include <assert.h>
|
| |
- +#include <errno.h>
|
| |
- +
|
| |
- +#include "cert-common.h"
|
| |
- +#include "utils.h"
|
| |
- +
|
| |
- +#if defined(_WIN32)
|
| |
- +
|
| |
- +int main(void)
|
| |
- +{
|
| |
- + exit(77);
|
| |
- +}
|
| |
- +
|
| |
- +#else
|
| |
- +
|
| |
- +
|
| |
- +#define MAX_BUF 1024
|
| |
- +#define MSG "Hello world!"
|
| |
- +
|
| |
- +#define HANDSHAKE(session, name, ret)\
|
| |
- +{\
|
| |
- + do {\
|
| |
- + ret = gnutls_handshake(session);\
|
| |
- + }\
|
| |
- + while (ret < 0 && gnutls_error_is_fatal(ret) == 0);\
|
| |
- + if (ret < 0) {\
|
| |
- + fail("%s: Handshake failed\n", name);\
|
| |
- + goto end;\
|
| |
- + }\
|
| |
- +}
|
| |
- +
|
| |
- +#define SEND_MSG(session, name, ret)\
|
| |
- +{\
|
| |
- + do {\
|
| |
- + ret = gnutls_record_send(session, MSG, strlen(MSG)+1);\
|
| |
- + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);\
|
| |
- + if (ret < 0) {\
|
| |
- + fail("%s: data sending has failed (%s)\n",name,\
|
| |
- + gnutls_strerror(ret));\
|
| |
- + goto end;\
|
| |
- + }\
|
| |
- +}
|
| |
- +
|
| |
- +#define RECV_MSG(session, name, buffer, buffer_len, ret)\
|
| |
- +{\
|
| |
- + memset(buffer, 0, sizeof(buffer));\
|
| |
- + do{\
|
| |
- + ret = gnutls_record_recv(session, buffer, sizeof(buffer));\
|
| |
- + }\
|
| |
- + while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);\
|
| |
- + if (ret == 0) {\
|
| |
- + success("%s: Peer has closed the TLS connection\n", name);\
|
| |
- + goto end;\
|
| |
- + } else if (ret < 0) {\
|
| |
- + fail("%s: Error -> %s\n", name, gnutls_strerror(ret));\
|
| |
- + goto end;\
|
| |
- + }\
|
| |
- + if(strncmp(buffer, MSG, ret)){\
|
| |
- + fail("%s: Message doesn't match\n", name);\
|
| |
- + goto end;\
|
| |
- + }\
|
| |
- +}
|
| |
- +
|
| |
- +#define KEY_UPDATE(session, name, peer_req, ret)\
|
| |
- +{\
|
| |
- + do {\
|
| |
- + ret = gnutls_session_key_update(session, peer_req);\
|
| |
- + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);\
|
| |
- + if (ret < 0) {\
|
| |
- + fail("%s: key update has failed (%s)\n", name, \
|
| |
- + gnutls_strerror(ret));\
|
| |
- + goto end;\
|
| |
- + }\
|
| |
- +}
|
| |
- +
|
| |
- +#define CHECK_KTLS_ENABLED(session, ret)\
|
| |
- +{\
|
| |
- + ret = gnutls_transport_is_ktls_enabled(session);\
|
| |
- + if (!(ret & GNUTLS_KTLS_RECV)){\
|
| |
- + fail("client: KTLS was not properly initialized\n");\
|
| |
- + goto end;\
|
| |
- + }\
|
| |
- +}
|
| |
- +
|
| |
- +static void server_log_func(int level, const char *str)
|
| |
- +{
|
| |
- + fprintf(stderr, "server|<%d>| %s", level, str);
|
| |
- +}
|
| |
- +
|
| |
- +static void client_log_func(int level, const char *str)
|
| |
- +{
|
| |
- + fprintf(stderr, "client|<%d>| %s", level, str);
|
| |
- +}
|
| |
- +
|
| |
- +
|
| |
- +static void client(int fd, const char *prio, int pipe)
|
| |
- +{
|
| |
- + const char *name = "client";
|
| |
- + int ret;
|
| |
- + char foo;
|
| |
- + char buffer[MAX_BUF + 1];
|
| |
- + gnutls_certificate_credentials_t x509_cred;
|
| |
- + gnutls_session_t session;
|
| |
- +
|
| |
- + global_init();
|
| |
- +
|
| |
- + if (debug) {
|
| |
- + gnutls_global_set_log_function(client_log_func);
|
| |
- + gnutls_global_set_log_level(7);
|
| |
- + }
|
| |
- +
|
| |
- + gnutls_certificate_allocate_credentials(&x509_cred);
|
| |
- +
|
| |
- + gnutls_init(&session, GNUTLS_CLIENT);
|
| |
- + gnutls_handshake_set_timeout(session, 0);
|
| |
- +
|
| |
- + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0);
|
| |
- +
|
| |
- + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
|
| |
- +
|
| |
- + gnutls_transport_set_int(session, fd);
|
| |
- +
|
| |
- + HANDSHAKE(session, name, ret);
|
| |
- +
|
| |
- + CHECK_KTLS_ENABLED(session, ret)
|
| |
- +
|
| |
- + // Test 0: Try sending/receiving data
|
| |
- + RECV_MSG(session, name, buffer, MAX_BUF+1, ret)
|
| |
- + SEND_MSG(session, name, ret)
|
| |
- +
|
| |
- + CHECK_KTLS_ENABLED(session, ret)
|
| |
- +
|
| |
- + // Test 1: Servers does key update
|
| |
- + read(pipe, &foo, 1);
|
| |
- + RECV_MSG(session, name, buffer, MAX_BUF+1, ret)
|
| |
- + SEND_MSG(session, name, ret)
|
| |
- +
|
| |
- + CHECK_KTLS_ENABLED(session, ret)
|
| |
- +
|
| |
- + // Test 2: Does key update witch request
|
| |
- + read(pipe, &foo, 1);
|
| |
- + RECV_MSG(session, name, buffer, MAX_BUF+1, ret)
|
| |
- + SEND_MSG(session, name, ret)
|
| |
- +
|
| |
- + CHECK_KTLS_ENABLED(session, ret)
|
| |
- +
|
| |
- + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
|
| |
- + if (ret < 0) {
|
| |
- + fail("client: error in closing session: %s\n", gnutls_strerror(ret));
|
| |
- + }
|
| |
- +
|
| |
- + ret = 0;
|
| |
- + end:
|
| |
- +
|
| |
- + close(fd);
|
| |
- +
|
| |
- + gnutls_deinit(session);
|
| |
- +
|
| |
- + gnutls_certificate_free_credentials(x509_cred);
|
| |
- +
|
| |
- + gnutls_global_deinit();
|
| |
- +
|
| |
- + if (ret != 0)
|
| |
- + exit(1);
|
| |
- +}
|
| |
- +
|
| |
- +pid_t child;
|
| |
- +static void terminate(void)
|
| |
- +{
|
| |
- + assert(child);
|
| |
- + kill(child, SIGTERM);
|
| |
- + exit(1);
|
| |
- +}
|
| |
- +
|
| |
- +static void server(int fd, const char *prio, int pipe)
|
| |
- +{
|
| |
- + const char *name = "server";
|
| |
- + int ret;
|
| |
- + char bar = 0;
|
| |
- + char buffer[MAX_BUF + 1];
|
| |
- + gnutls_certificate_credentials_t x509_cred;
|
| |
- + gnutls_session_t session;
|
| |
- +
|
| |
- + global_init();
|
| |
- +
|
| |
- + if (debug) {
|
| |
- + gnutls_global_set_log_function(server_log_func);
|
| |
- + gnutls_global_set_log_level(7);
|
| |
- + }
|
| |
- +
|
| |
- + gnutls_certificate_allocate_credentials(&x509_cred);
|
| |
- + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
|
| |
- + &server_key,
|
| |
- + GNUTLS_X509_FMT_PEM);
|
| |
- + if (ret < 0)
|
| |
- + exit(1);
|
| |
- +
|
| |
- + gnutls_init(&session, GNUTLS_SERVER);
|
| |
- + gnutls_handshake_set_timeout(session, 0);
|
| |
- +
|
| |
- + assert(gnutls_priority_set_direct(session, prio, NULL)>=0);
|
| |
- +
|
| |
- + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
|
| |
- +
|
| |
- + gnutls_transport_set_int(session, fd);
|
| |
- +
|
| |
- + HANDSHAKE(session, name, ret)
|
| |
- +
|
| |
- + CHECK_KTLS_ENABLED(session, ret)
|
| |
- +
|
| |
- + success("Test 0: sending/receiving data\n");
|
| |
- + SEND_MSG(session, name, ret)
|
| |
- + RECV_MSG(session, name, buffer, MAX_BUF+1, ret)
|
| |
- +
|
| |
- + CHECK_KTLS_ENABLED(session, ret)
|
| |
- +
|
| |
- + success("Test 1: server key update without request\n");
|
| |
- + KEY_UPDATE(session, name, 0, ret)
|
| |
- + write(pipe, &bar, 1);
|
| |
- + SEND_MSG(session, name, ret)
|
| |
- + RECV_MSG(session, name, buffer, MAX_BUF+1, ret)
|
| |
- +
|
| |
- + CHECK_KTLS_ENABLED(session, ret)
|
| |
- +
|
| |
- + success("Test 2: server key update with request\n");
|
| |
- + KEY_UPDATE(session, name, GNUTLS_KU_PEER, ret)
|
| |
- + write(pipe, &bar, 1);
|
| |
- + SEND_MSG(session, name, ret)
|
| |
- + RECV_MSG(session, name, buffer, MAX_BUF+1, ret)
|
| |
- +
|
| |
- + CHECK_KTLS_ENABLED(session, ret)
|
| |
- +
|
| |
- + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
|
| |
- + if (ret < 0) {
|
| |
- + fail("server: error in closing session: %s\n", gnutls_strerror(ret));
|
| |
- + }
|
| |
- +
|
| |
- + ret = 0;
|
| |
- +end:
|
| |
- + close(fd);
|
| |
- + gnutls_deinit(session);
|
| |
- +
|
| |
- + gnutls_certificate_free_credentials(x509_cred);
|
| |
- +
|
| |
- + gnutls_global_deinit();
|
| |
- +
|
| |
- + if (ret){
|
| |
- + terminate();
|
| |
- + }
|
| |
- +
|
| |
- + if (debug)
|
| |
- + success("server: finished\n");
|
| |
- +}
|
| |
- +
|
| |
- +static void ch_handler(int sig)
|
| |
- +{
|
| |
- + return;
|
| |
- +}
|
| |
- +
|
| |
- +static void run(const char *prio)
|
| |
- +{
|
| |
- + int ret;
|
| |
- + struct sockaddr_in saddr;
|
| |
- + socklen_t addrlen;
|
| |
- + int listener;
|
| |
- + int fd;
|
| |
- +
|
| |
- + int sync_pipe[2]; //used for synchronization
|
| |
- + pipe(sync_pipe);
|
| |
- +
|
| |
- + success("running ktls test with %s\n", prio);
|
| |
- +
|
| |
- + signal(SIGCHLD, ch_handler);
|
| |
- + signal(SIGPIPE, SIG_IGN);
|
| |
- +
|
| |
- + listener = socket(AF_INET, SOCK_STREAM, 0);
|
| |
- + if (listener == -1){
|
| |
- + fail("error in listener(): %s\n", strerror(errno));
|
| |
- + }
|
| |
- +
|
| |
- + memset(&saddr, 0, sizeof(saddr));
|
| |
- + saddr.sin_family = AF_INET;
|
| |
- + saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
|
| |
- + saddr.sin_port = 0;
|
| |
- +
|
| |
- + ret = bind(listener, (struct sockaddr*)&saddr, sizeof(saddr));
|
| |
- + if (ret == -1){
|
| |
- + fail("error in bind(): %s\n", strerror(errno));
|
| |
- + }
|
| |
- +
|
| |
- + addrlen = sizeof(saddr);
|
| |
- + ret = getsockname(listener, (struct sockaddr*)&saddr, &addrlen);
|
| |
- + if (ret == -1){
|
| |
- + fail("error in getsockname(): %s\n", strerror(errno));
|
| |
- + }
|
| |
- +
|
| |
- + child = fork();
|
| |
- + if (child < 0) {
|
| |
- + fail("error in fork(): %s\n", strerror(errno));
|
| |
- + exit(1);
|
| |
- + }
|
| |
- +
|
| |
- + if (child) {
|
| |
- + int status;
|
| |
- + /* parent */
|
| |
- + ret = listen(listener, 1);
|
| |
- + if (ret == -1) {
|
| |
- + fail("error in listen(): %s\n", strerror(errno));
|
| |
- + }
|
| |
- +
|
| |
- + fd = accept(listener, NULL, NULL);
|
| |
- + if (fd == -1) {
|
| |
- + fail("error in accept(): %s\n", strerror(errno));
|
| |
- + }
|
| |
- +
|
| |
- + close(sync_pipe[0]);
|
| |
- + server(fd, prio, sync_pipe[1]);
|
| |
- +
|
| |
- + wait(&status);
|
| |
- + check_wait_status(status);
|
| |
- + } else {
|
| |
- + fd = socket(AF_INET, SOCK_STREAM, 0);
|
| |
- + if (fd == -1){
|
| |
- + fail("error in socket(): %s\n", strerror(errno));
|
| |
- + exit(1);
|
| |
- + }
|
| |
- +
|
| |
- + usleep(1000000);
|
| |
- + connect(fd, (struct sockaddr*)&saddr, addrlen);
|
| |
- +
|
| |
- + close(sync_pipe[1]);
|
| |
- + client(fd, prio, sync_pipe[0]);
|
| |
- + exit(0);
|
| |
- + }
|
| |
- +}
|
| |
- +
|
| |
- +void doit(void)
|
| |
- +{
|
| |
- + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
|
| |
- + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
|
| |
- +}
|
| |
- +
|
| |
- +#endif /* _WIN32 */
|
| |
- diff --git a/tests/ktls_keyupdate.sh b/tests/ktls_keyupdate.sh
|
| |
- new file mode 100755
|
| |
- index 000000000..d072acafc
|
| |
- --- /dev/null
|
| |
- +++ b/tests/ktls_keyupdate.sh
|
| |
- @@ -0,0 +1,46 @@
|
| |
- +#!/bin/sh
|
| |
- +
|
| |
- +# Copyright (C) 2022 Red Hat, Inc.
|
| |
- +#
|
| |
- +# Author: Daiki Ueno
|
| |
- +#
|
| |
- +# This file is part of GnuTLS.
|
| |
- +#
|
| |
- +# GnuTLS is free software; you can redistribute it and/or modify it
|
| |
- +# under the terms of the GNU General Public License as published by the
|
| |
- +# Free Software Foundation; either version 3 of the License, or (at
|
| |
- +# your option) any later version.
|
| |
- +#
|
| |
- +# GnuTLS is distributed in the hope that it will be useful, but
|
| |
- +# WITHOUT ANY WARRANTY; without even the implied warranty of
|
| |
- +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
| |
- +# General Public License for more details.
|
| |
- +#
|
| |
- +# You should have received a copy of the GNU General Public License
|
| |
- +# along with GnuTLS; if not, write to the Free Software Foundation,
|
| |
- +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
| |
- +
|
| |
- +: ${builddir=.}
|
| |
- +
|
| |
- +. "$srcdir/scripts/common.sh"
|
| |
- +
|
| |
- +if ! grep '^tls ' /proc/modules 2>&1 /dev/null; then
|
| |
- + exit 77
|
| |
- +fi
|
| |
- +
|
| |
- +testdir=`create_testdir ktls_keyupdate`
|
| |
- +
|
| |
- +cfg="$testdir/config"
|
| |
- +
|
| |
- +cat <<EOF > "$cfg"
|
| |
- +[global]
|
| |
- +ktls = true
|
| |
- +EOF
|
| |
- +
|
| |
- +GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 \
|
| |
- +GNUTLS_SYSTEM_PRIORITY_FILE="$cfg" \
|
| |
- +"$builddir/ktls_keyupdate" "$@"
|
| |
- +rc=$?
|
| |
- +
|
| |
- +rm -rf "$testdir"
|
| |
- +exit $rc
|
| |
- --
|
| |
- 2.39.0
|
| |
-
|
| |
-
|
| |
- From 67843b3a8e28e4c74296caea2d1019065c87afb3 Mon Sep 17 00:00:00 2001
|
| |
- From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- Date: Mon, 5 Sep 2022 13:05:17 +0200
|
| |
- Subject: [PATCH 7/7] KTLS: fallback to default
|
| |
-
|
| |
- If an error occurs during setting of keys either initial or key update
|
| |
- then fallback to default mode of operation (disable ktls) and let the
|
| |
- user know
|
| |
-
|
| |
- Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
- ---
|
| |
- lib/handshake.c | 7 ++++++-
|
| |
- lib/tls13/key_update.c | 23 +++++++++++++++++++----
|
| |
- 2 files changed, 25 insertions(+), 5 deletions(-)
|
| |
-
|
| |
- diff --git a/lib/handshake.c b/lib/handshake.c
|
| |
- index cb2bc3ae9..14bcdea56 100644
|
| |
- --- a/lib/handshake.c
|
| |
- +++ b/lib/handshake.c
|
| |
- @@ -2924,7 +2924,12 @@ int gnutls_handshake(gnutls_session_t session)
|
| |
-
|
| |
- #ifdef ENABLE_KTLS
|
| |
- if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_DUPLEX)) {
|
| |
- - _gnutls_ktls_set_keys(session, GNUTLS_KTLS_DUPLEX);
|
| |
- + ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_DUPLEX);
|
| |
- + if (ret < 0) {
|
| |
- + session->internals.ktls_enabled = 0;
|
| |
- + _gnutls_audit_log(session,
|
| |
- + "disabling KTLS: failed to set keys\n");
|
| |
- + }
|
| |
- }
|
| |
- #endif
|
| |
-
|
| |
- diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c
|
| |
- index 10c0a9110..acfda4129 100644
|
| |
- --- a/lib/tls13/key_update.c
|
| |
- +++ b/lib/tls13/key_update.c
|
| |
- @@ -32,6 +32,20 @@
|
| |
- #define KEY_UPDATES_WINDOW 1000
|
| |
- #define KEY_UPDATES_PER_WINDOW 8
|
| |
-
|
| |
- +/*
|
| |
- + * Sets kTLS keys if enabled.
|
| |
- + * If this operation fails with GNUTLS_E_INTERNAL_ERROR, KTLS is disabled
|
| |
- + * because KTLS most likely doesn't support key update.
|
| |
- + */
|
| |
- +#define SET_KTLS_KEYS(session, interface)\
|
| |
- +{\
|
| |
- + if(_gnutls_ktls_set_keys(session, interface) < 0) {\
|
| |
- + session->internals.ktls_enabled = 0;\
|
| |
- + _gnutls_audit_log(session, \
|
| |
- + "disabling KTLS: couldn't update keys\n");\
|
| |
- + }\
|
| |
- +}
|
| |
- +
|
| |
- static int update_keys(gnutls_session_t session, hs_stage_t stage)
|
| |
- {
|
| |
- int ret;
|
| |
- @@ -51,15 +65,16 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage)
|
| |
- if (session->internals.recv_state == RECV_STATE_EARLY_START) {
|
| |
- ret = _tls13_write_connection_state_init(session, stage);
|
| |
- if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND))
|
| |
- - ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_SEND);
|
| |
- + SET_KTLS_KEYS(session, GNUTLS_KTLS_SEND)
|
| |
- } else {
|
| |
- ret = _tls13_connection_state_init(session, stage);
|
| |
- + if (ret < 0)
|
| |
- + return gnutls_assert_val(ret);
|
| |
-
|
| |
- if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND) && stage == STAGE_UPD_OURS)
|
| |
- - ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_SEND);
|
| |
- + SET_KTLS_KEYS(session, GNUTLS_KTLS_SEND)
|
| |
- else if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) && stage == STAGE_UPD_PEERS)
|
| |
- - ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_RECV);
|
| |
- -
|
| |
- + SET_KTLS_KEYS(session, GNUTLS_KTLS_RECV)
|
| |
- }
|
| |
- if (ret < 0)
|
| |
- return gnutls_assert_val(ret);
|
| |
- --
|
| |
- 2.39.0
|
| |
-
|
| |
Upstream tag: 3.8.0
Upstream commit: 516e466b