Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for TLSv1.3 #588

Merged
merged 2 commits into from
Sep 8, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
command: clang-format -i -style=file src/*.{c,h} misc/*.{c,h} nasl/*.{c,h} && git diff --exit-code
test_units:
docker:
- image: greenbone/build-env-openvas-scanner-master-debian-stretch-gcc-core
- image: greenbone/build-env-openvas-scanner-master-debian-buster-gcc-core
steps:
- run:
working_directory: ~/gvm-libs
Expand All @@ -26,7 +26,7 @@ jobs:
command: mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make tests && CTEST_OUTPUT_ON_FAILURE=1 make test
build_gcc_core:
docker:
- image: greenbone/build-env-openvas-scanner-master-debian-stretch-gcc-core
- image: greenbone/build-env-openvas-scanner-master-debian-buster-gcc-core
steps:
- run:
working_directory: ~/gvm-libs
Expand All @@ -42,7 +42,7 @@ jobs:
command: mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make install
scan_build:
docker:
- image: greenbone/build-env-openvas-scanner-master-debian-stretch-clang-core
- image: greenbone/build-env-openvas-scanner-master-debian-buster-clang-core
steps:
- run:
working_directory: ~/gvm-libs
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

### Added
- Extend nasl lint to detect if function parameter is used twice. [#590](https://github.com/greenbone/openvas/pull/590)
- Add support for TLSv1.3. [#588](https://github.com/greenbone/openvas/pull/588)

### Fixed
- Fork vhosts before creating the socket.[#576](https://github.com/greenbone/openvas/pull/576)
Expand Down
12 changes: 12 additions & 0 deletions misc/network.c
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,9 @@ set_gnutls_protocol (gnutls_session_t session, openvas_encaps_t encaps,
case OPENVAS_ENCAPS_TLSv12:
priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+ARCFOUR-128:%COMPAT";
break;
case OPENVAS_ENCAPS_TLSv13:
priorities = "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:%COMPAT";
break;
case OPENVAS_ENCAPS_SSLv23: /* Compatibility mode */
priorities =
"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:%COMPAT";
Expand Down Expand Up @@ -799,6 +802,8 @@ socket_get_ssl_version (int fd)
return OPENVAS_ENCAPS_TLSv11;
case GNUTLS_TLS1_2:
return OPENVAS_ENCAPS_TLSv12;
case GNUTLS_TLS1_3:
return OPENVAS_ENCAPS_TLSv13;
default:
return -1;
}
Expand Down Expand Up @@ -926,6 +931,7 @@ open_stream_connection_ext (struct script_infos *args, unsigned int port,
case OPENVAS_ENCAPS_TLSv1:
case OPENVAS_ENCAPS_TLSv11:
case OPENVAS_ENCAPS_TLSv12:
case OPENVAS_ENCAPS_TLSv13:
case OPENVAS_ENCAPS_TLScustom:
case OPENVAS_ENCAPS_SSLv2:
break;
Expand Down Expand Up @@ -974,6 +980,7 @@ open_stream_connection_ext (struct script_infos *args, unsigned int port,
case OPENVAS_ENCAPS_TLSv1:
case OPENVAS_ENCAPS_TLSv11:
case OPENVAS_ENCAPS_TLSv12:
case OPENVAS_ENCAPS_TLSv13:
case OPENVAS_ENCAPS_TLScustom:
cert = kb_item_get_str (kb, "SSL/cert");
key = kb_item_get_str (kb, "SSL/key");
Expand Down Expand Up @@ -1154,6 +1161,7 @@ read_stream_connection_unbuffered (int fd, void *buf0, int min_len, int max_len)
case OPENVAS_ENCAPS_TLSv1:
case OPENVAS_ENCAPS_TLSv11:
case OPENVAS_ENCAPS_TLSv12:
case OPENVAS_ENCAPS_TLSv13:
case OPENVAS_ENCAPS_TLScustom:
if (getpid () != fp->pid)
{
Expand Down Expand Up @@ -1340,6 +1348,7 @@ write_stream_connection4 (int fd, void *buf0, int n, int i_opt)
case OPENVAS_ENCAPS_TLSv1:
case OPENVAS_ENCAPS_TLSv11:
case OPENVAS_ENCAPS_TLSv12:
case OPENVAS_ENCAPS_TLSv13:
case OPENVAS_ENCAPS_TLScustom:

/* i_opt ignored for SSL */
Expand Down Expand Up @@ -1584,6 +1593,8 @@ get_encaps_name (openvas_encaps_t code)
return "TLSv11";
case OPENVAS_ENCAPS_TLSv12:
return "TLSv12";
case OPENVAS_ENCAPS_TLSv13:
return "TLSv13";
case OPENVAS_ENCAPS_TLScustom:
return "TLScustom";
default:
Expand All @@ -1607,6 +1618,7 @@ get_encaps_through (openvas_encaps_t code)
case OPENVAS_ENCAPS_TLSv1:
case OPENVAS_ENCAPS_TLSv11:
case OPENVAS_ENCAPS_TLSv12:
case OPENVAS_ENCAPS_TLSv13:
case OPENVAS_ENCAPS_TLScustom:
return " through SSL";
default:
Expand Down
1 change: 1 addition & 0 deletions misc/network.h
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ typedef enum openvas_encaps
OPENVAS_ENCAPS_TLSv1,
OPENVAS_ENCAPS_TLSv11,
OPENVAS_ENCAPS_TLSv12,
OPENVAS_ENCAPS_TLSv13,
OPENVAS_ENCAPS_TLScustom, /* SSL/TLS using custom priorities. */
OPENVAS_ENCAPS_MAX,
} openvas_encaps_t;
Expand Down
1 change: 1 addition & 0 deletions nasl/nasl_host.c
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,7 @@ nasl_this_host_name (lex_ctxt *lexic)
* - @a ENCAPS_TLSv1 TLS version 1.0
* - @a ENCAPS_TLSv11 TLS version 1.1
* - @a ENCAPS_TLSv12 TLS version 1.2
* - @a ENCAPS_TLSv13 TLS version 1.3
* - @a ENCAPS_TLScustom SSL or TLS with custom priorities
*
* @nasluparam
Expand Down