[gnutls-devel] auditing gnutls

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Mar 7 08:50:21 CET 2014 

Hello,
 It seems there are more eyes looking at gnutls now, so to make things
easier, here is a list of the parts of gnutls (and also libtasn1) that
are exposed to network/untrusted data and have more need for auditing.

If you are able to audit the code please check the master branch (see
instructions at http://www.gnutls.org/devel.html ), and in case you are
able to successfully audit one of the following paths, please edit
the files reviewed and add a header under the author:
'Reviewed-By: Your Name (date)'
or 'Reviewed X.509 certificate verfication: Your name (date)'

Then make a patch with any changes you see fit (e.g. fixes or
simplifications of complex code) and send it to this list (preferably)
or to me directly.

If you cannot audit, but you know others that want and can, please
forward that mail to them. The reward for significant flaw finders is
eternal fame, and a @gnutls.org email address.

Note that there are people that have requested access to the coverity
gnutls logs. These are for a very old gnutls version and they don't
reveal anything that isn't also visible by clang's scan-build.


*********
The list:
*********

1. X.509 certificate verification starting from
gnutls_certificate_verify_peers3() - gnutls_cert.c
(may require PKIX details from RFC5280)

2. X.509 certificate verification starting from
gnutls_x509_trust_list_verify_crt() - x509/verify-high.c

3. X.509 certificate verification starting from
gnutls_x509_trust_list_verify_named_crt() - x509/verify-high.c

4. TOFU certificate verification starting from
gnutls_verify_stored_pubkey() - verify-tofu.c

5. TLS record parsing starting from gnutls_record_recv() to
gnutls_decrypt() - gnutls_record.c / gnutls_cipher.c
(may require TLS record details from RFC2246)

6. TLS handshake for RSA key exchange - gnutls_handshake() from
gnutls_handshake.c and auth/rsa.c.
(may require TLS details from rfc5246)

7. TLS handshake for DHE-RSA key exchange - gnutls_handshake() from
gnutls_handshake.c and auth/dhe.c.
(may require TLS details from rfc5246)

8. TLS handshake for ECDHE-ECDSA key exchange - gnutls_handshake() from
gnutls_handshake.c and auth/ecdhe.c.
(may require TLS details from rfc4492)

9 TLS handshake as a state machine starting from gnutls_handshake in
gnutls_handshake.c.

10. Random generator starting from gnutls_rnd() / random.c, and
nettle/rnd.c. This generator should work on multi-threaded systems and
after fork.

11. X.509 certificate parsing at x509/x509.c.
(may require PKIX details from RFC5280)

12. (X.509 certificate) DER decoding at libtasn1's asn1_der_decoding.
Check code from the upstream repository at:
https://www.gnu.org/software/libtasn1/
(that's a task for the brave)

regards,
Nikos

More information about the Gnutls-devel mailing list