Simplified the generation of ChangeLog [ci skip]

Removed the dependency on git2cl and utilize git log directly.
git2cl seems to provide incorrect output.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added global locks on tls-fuzzer tests

They both require access to the same port and thus cannot
be run in parallel.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

cert: ensure that there are no leftovers in certificate msg

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

testsuite: added tlsfuzzer certificate requiring tests

This enhances the testsuite by running all the tlsfuzzer
fuzzer tests which require certificates from server.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

alert: return GNUTLS_A_BAD_CERTIFICATE on GNUTLS_E_PK_SIG_VERIFY_FAILED

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: updated pkcs12 corpus

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: added PKCS#12 file parser fuzzer

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

ocsp-test: disable under windows

This test was failing because datefudge couldn't run under win32.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Revert "ocsp-test: disable under windows"

This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc.

.travis.yml: no longer install pkg-config

Travis build seem to fail for some reason since pkg-config is already
installed.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

ocsp-test: disable under windows

This test was failing because datefudge couldn't run under win32.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: increase time of artifact expiration

This allows to re-run failed builds on the depending stages
during that time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls.pc: Removed P11_KIT_LIBS from Libs.private

It was already being included in Requires.private. Reported
by Andreas Metzler.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls.pc: don't include zlib twice in private libs

tests: create-chain.sh: do not explicitly set serial

We were previously exporting certificates with serial number being
zero, which is not allowed by RFC5280.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added mini-x509-ipaddr

This is a unit test for GNUTLS_DT_IP_ADDRESS as used in
gnutls_certificate_verify_peers().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Introduced GNUTLS_DT_IP_ADDRESS

This allows verifying an IP address using gnutls_certificate_verify_peers()
or gnutls_x509_trust_list_verify_crt2().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: check whether we fallback to CN unconditionally

This is a unit test for:
"gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally"

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally

Do not fallback to checking the CN of a certificate for a hostname
if supported names such as IP addresses were found in gnutls_x509_crt_check_hostname2().
This behavioral change is in order to satisfy the RFC6125 requirement
of not falling back to CN in that case. Reported by Suphannee Sivakorn.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added unit test of GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Introduced verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES

This flag when provided to the gnutls_x509_crt_check_hostname2() function
(and its callers), will prevent IP matching of the subject alternative
name. This can be utilized by applications which directly check for
IP addresses using gnutls_x509_crt_check_ip().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added unit test for gnutls_x509_crt_check_ip

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Added gnutls_x509_crt_check_ip()

This function allows to directly verify IP addresses on a certificate.
That is a first step towards making gnutls_x509_crt_check_hostname2()
not verify IP addresses.

Based on discussion and suggestion by Suphannee Sivakorn. See
https://lists.gnupg.org/pipermail/gnutls-devel/2017-March/008368.html

Relates #185

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added unit test of gnutls_pubkey_verify_data2 override flags

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: keygen -> privkey-keygen

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

_gnutls_check_key_cert_match: allow broken sigs

That ensures that when loading a certificate pair with SHA1, when
SHA1 is disabled will not cause the server to fail to load.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitignore: more files to ignore

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Use a common function to decide acceptable signatures

That is, ensure that results from all verification functions,
including gnutls_pubkey_verify_data2(), will be consistent with
SHA1 and other algorithms deprecation.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

check_ocsp_response: utilize the same flags as in certificate verification

That ensures that overrides like using broken algorithms are considered
in OCSP validation.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

extensions: print the name/type of any unexpected extension

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added script to check pkg-config operation

That is, whether the generated gnutls.pc will function for
compiling and linking.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls.pc: don't pass the libtool vars to Libs.private

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: improved tls-rehandshake tests

Used common definitions from cert-common.h for certificates,
and improved error detection in tls-rehandshake-cert-2.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: check whether a rehandshake without a cert works

That is, check whether if on initial handshake the server requests
a certificate, but on the following rehandshake he doesn't, whether
the client behaves as expected. This tests:
1f685db853db6e48c77c6dbde0cdf716a7303baa

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

handshake: reset cert request state on handshake init

That addresses a bug which on client side on case of an initial
handshake with a client certificate, we continue to send this
certificate even if on rehandshake we were not requested with on.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Revert "nettle/rnd: use gettime() instead of gnutls_time()"

This reverts commit c4842a21f65c7fc9a27932eb1792b1fc9e65f722.
The time() syscall is also implemented as syscall() and is in
fact performing better than gettime().

README.md: corrected typo [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

nettle/rnd: use gettime() instead of gnutls_time()

The gnulib gettime() maps to gettimeofday() or clock_gettime()
which are both implemented as fast system calls - see vdso(7)-
and as such are available without a switch to kernel mode.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: updated RNG documentation to reflect the previous changes

nettle/rnd: re-seed both key and nonce levels based on time

The time(0) is quite cheap on modern operating systems, and thus we
can rely on it to provide improved assurance in the output randomness.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

nettle/pk: use nonce level for RSA padding

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

README.md: corrected link for coverage in master [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Avoid deprecation warnings when including gnutls/abstract.h

Since ac3de8f5, when all openpgp functionality was deprecated, a
library user including gnutls/abstract.h gets warnings about
deprecated declarations, like this:

gnutls/openpgp.h:328:10: warning: ‘gnutls_openpgp_recv_key_func’ is deprecated [-Wdeprecated-declarations]
          gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED;

This warning is emitted since the gnutls_openpgp_set_recv_key_function
prototype uses the deprecated typedef gnutls_openpgp_recv_key_func.

By omitting the deprecation attribute from this individual
typedef, we avoid the spurious warnings in calling code which just
includes gnutls/abstract.h without actually using anything related
to openpgp.

Signed-off-by: Martin Storsjo <martin@martin.st>

gnutls.h: added definitions to obtain the maximum element in several enumerations

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added basic unit tests for several string functions of libs

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: certtool-crl-decoding: ignore lines warning about SHA1 deprecation

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: check the flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1

In addition verify whether the GNUTLS_VERIFY_ALLOW_BROKEN flag
works when MD5 is present.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Introduced flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1

This allows performing a verification with only SHA1 allowed
from the broken algorithms. This can be used to fine-tune
verification in case default verification fails, to detect
whether the failed algorithm was SHA1.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Introduced the %VERIFY_ALLOW_BROKEN priority string option

This allows enabling broken signature algorithms in certificate verification.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Allow reverting the SHA1 ban as a signature algorithm

This allows distributors to decide not to ban SHA1. This
option may be removed in the future.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

p11tool: test-sign operation using SHA256 instead of SHA1

This avoids the errors returned from the verification functions due to
SHA1 usage.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: updated to account SHA1 move to broken set

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

algorithms: tag SHA1 as insecure algorithm

Although SHA1 was considered to be risky to use the past few years,
there has been no demonstration of breakage. As of 2017-2-23 there has
been a demonstrated collision in SHA1, and even though the attack was
a costly one, it provided the incentive to should move SHA1 into
the broken hashes list together with MD5 and MD2.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

README.md: updated coverage links [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: removed unneeded ifdef in tlsext-decoding.c

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: updated RNG design

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

nettle/rnd: introduced time limit for key generator

That is, force re-key of the KEY and RANDOM PRNG after 2 hours
of operation, irrespective of the amount of data having been output.
At the same time, increase limits for key and nonce generators,
to prevent a large amount of system calls in busy servers.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

_gnutls_pk_generate_keys: separate between ephemeral and long-term keys

That allows using the faster generator for ephemeral keys.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

nettle/pk: use the nonce level for digital signatures

That is, we do not really require high quality secret data for the generation
of signatures. A better approach would be to switch to predictable signatures (RFC6979).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: limit submodule update to avoid fetch

This should reduce both the bandwidth and the time of the fetch.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Fix a typo in a variable name in an m4 script

Signed-off-by: Martin Storsjo <martin@martin.st>

build: disable valgrind tests by default

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

.gitlab-ci.yml: ubsan build utilizes -Werror for the library

That brings back the -Werror for building, after its removal from
clang-analyzer build.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: remove -Werror compilation from scan-build

When we pass '--status-bugs' to the command in combination with
'-Werror' in CFLAGS it has the following side effects. In a failed
due to Werror build, scan-build fails to find any issues, and
marks the run as successfully completed. Hence, removes the -Werror
from clang-analyzer.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

build: tests: resolve as-needed issue with seccomp

Incorrect ordering of -lseccomp:
<snip>
-Wl,--as-needed ../lib/.libs/libgnutls.so -lseccomp ./.libs/libutils.a
./.libs/libutils.a(seccomp.o): In function seccomp_init'
seccomp.c:(.text+0x2b): undefined reference to `seccomp_init'
<snip>

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

fuzz: Corrected default options in fuzz scripts [ci skip]

This change assumes that afl-fuzz (and not libfuzzer) will be used
by default.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls_pkcs11_privkey_init: document limitation on created object [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

pkcs11: re-open privkey session handle on CKR_SESSION_HANDLE_INVALID

When initializing a private key operation, attempt to re-open the key
if CKR_SESSION_HANDLE_INVALID is received.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: pkcs11-mock lib: check object session sanity prior to using it

This avoids crashes when the object is used after a fork but prior
to the session being re-established.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added an OCSP response parsing coverage test

This inputs a large set of valid and invalid OCSP files
in the OCSP parser with the intention to stress test its
error checking, and prevent regressions.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added a certificate parsing coverage test

This inputs a large set of valid and invalid certificates in
the certificate parser with the intention to stress test its
error checking, and prevent regressions.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitignore: more files to ignore

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added unit tests for gnutls_pkcs11_token_get_mechanism

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: included unit test for gnutls_pkcs11_obj_export

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added unit test for gnutls_pkcs11_reinit()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added unit tests for gnutls_pkcs11_obj_get_info

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_pkcs11_obj_get_info: don't include the terminator into output size

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: cert-tests: openpgp-certs: align test redirection

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

tests: suppressions.valgrind: supress fillin_rpath

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

tests: remove unused suppressions.valgrind

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

lib: unconditionally enable the self-check functions

These functions were previously made available only in FIPS140-2
mode. Enabling them unconditionally allows applications to directly
utilize that functionality for testing the gnutls library.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: added unit test for gnutls_pkcs11_get_pin_function

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: moved ocsp-tests to main directory

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

pkcs11: re-open private key session inside a locked section

This prevents clashes when the same operation is carried in other
threads.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

pkcs11: introduced locks to PKCS#11 private key structure

This allows to run PKCS#11 private key operations such as signing
and decryption in parallel.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: introduced check for parallel operation (signatures) in PKCS#11 mode

That is, verify that parallel signatures using a single gnutls_pkcs11_privkey_t
context work.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: scripts: suppress which errors

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

pkcs11: during scan, leave the provider loop asap

This optimizes access when multiple provider modules are available,
by avoiding scanning irrelevant ones.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.

This addresses:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824

Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

fuzz: document how to run AFL [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: added initial corpus for the OCSP request parser

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: added initial corpus for OCSP response parser

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: added OCSP structure parsers

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: increased minimized set of X.509 certificates

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>