tests/mini-dtls-fragments: implement a basic DTLS test

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'typo-test-fix' into 'master'

tests: fix typo in skip message

See merge request gnutls/gnutls!2101

tests: fix typo in skip message

Otherwise we try to execute the skip message which results in noise
in the log. Copy the other places we skip and echo to stderr.

Signed-off-by: Sam James <sam@gentoo.org>

Merge branch 'wip/dueno/hpke2' into 'master'

Minor cleanup of HPKE API

See merge request gnutls/gnutls!2097

Merge branch 'wip/dueno/minor-fixes' into 'master'

Minor fixes for 3.8.13 release

Closes #1797 and #1855

See merge request gnutls/gnutls!2099

Merge branch 'wip/dueno/mldsa-pk-from-sk-followup' into 'master'

nettle: sanity check ML-DSA private key in pk_fixup

See merge request gnutls/gnutls!2093

nettle: support truncated authentication tag in Nettle 4 build

Reported by Joshua Rogers.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

tests: execise client cert selection for RSA-PSS-RSAE algorithms

This adds a test case for 8366cd25ff81ddf27a7a5d885f64a3fdcc0c5125, by
extending send-client-cert test with only RSA-PSS-* signature
algorithms are indicated by the server.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

NEWS: mention gnutls_pkcs11_obj_get_pk_algorithm as a new function

Signed-off-by: Daiki Ueno <ueno@gnu.org>

doc/Makefile: add stamp_error_codes to EXTRA_DIST

This also moves stamp_* to MAINTAINERCLEANFILES from DISTCLEANFILES,
which should not include what's in the tarball.

Fixes: #1797
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Modified-by: Daiki Ueno <ueno@gnu.org>

tests: match automake variables for pkcs11-obj-get-pk-algorithm

Signed-off-by: Daiki Ueno <ueno@gnu.org>

build: switch to using static_assert instead of verify

Gnulib now emulates static_assert in C23, prefer it over verify.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'fix-tls-1.3-handshake' into 'master'

Fix TLS 1.3 handshake

Closes #1842

See merge request gnutls/gnutls!2095

.gitlab-ci.yml: enable HPKE in Fedora builds

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke/hpke-builders: use a relative include

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

hpke-key-management: use memcmp instead of manual comparison

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke-key-management: fix the license header

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: rework public key serialization logic with existing facilities

Instead of manually serializing or deserializing KEM public keys, use
_gnutls_ecc_ansi_x962_{import,export} for NIST curves and copy
raw_pub from gnutls_pk_params_st for Edwards curves.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: use _gnutls_set_datum as possible

Signed-off-by: Daiki Ueno <ueno@gnu.org>

configure: make it possible to toggle HPKE support

This adds a configure option to toggle support for HPKE. Currently the
feature is disabled, until the API is considered stable.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

NEWS: expand HPKE entry with a bit more detail

Signed-off-by: Daiki Ueno <ueno@gnu.org>

doc: add HPKE section in "Using GnuTLS as a cryptographic library"

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: fix documentation comments

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: stop exposing gnutls_hpke_get_enc_size from public API

Given gnutls_hpke_encap allocates the "enc" anyway, having a special
function to get the size doesn't make much sense.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: rename gnutls_hpke_generate_keypair to _derive_keypair

As the gnutls_hpke_generate_keypair function always generates a key
from IKM, rename it to _derive_keypair to match the terminology in
RFC 9180.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: stop exposing testing functions from public API

This removes gnutls_hpke_set_seq, which was unused, and renames
gnutls_hpke_get_seq and gnutls_hpke_set_ikme to be clear that they are
testing functions.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: give all additional information to encap/decap at once

This merges gnutls_hpke_set_{psk,sender_privkey,sender_pubkey} into
gnutls_hpke_encap and gnutls_hpke_decap to avoid copying keys.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

gnutls_hpke_generate_keypair: expect initialized keys

This moves responsibility of initializing gnutls_pubkey_t or
gnutls_privkey_t to the caller of the function, to match the existing
convention in gnutls_privkey_generate*.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: add "const" qualifier to gnutls_pubkey_t/gnutls_privkey_t

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: remove unnecessary "const" qualifier to enum types

Since they are a scalar, enum types are always constant.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke-tests: remove unnecessary cleanup label

As `fail` exits the program, the cleanup label will never be reached
upon error case.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: fix gtk-doc markup for gnutls_hpke_{mode,role}_t

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hpke: shorten function names by stripping _context_

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/news-3.8.13' into 'master'

NEWS: add entries for 3.8.13 [ci skip]

See merge request gnutls/gnutls!2091

NEWS: add entries for 3.8.13 [ci skip]

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'dev/ddudas/hpke' into 'master'

Expose HPKE through abstract key API

See merge request gnutls/gnutls!1976

Updated NEWS and HPKE functions release version.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Removed libgnutls_hpke.la

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Fixed memory leaks.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Removed file commited by mistake.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Added minitasn1 dependency to HPKE Makefile

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Make raw pubkey optional for raw privkey import.

If no raw pubkey is provided when importing raw
privkey, then derive the pubkey from privkey.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Replaced buf+size pairs with datum

Also removed _gnutls_hpke prefix from
static functions.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Remove GNUTLS_ prefix from private HPKE macros

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Replace int to bool as return type for boolean functions

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Created separate HPKE module

Added lib/hpke/Makefile.am and moved
files from lib/hpke/helpers to lib/hpke.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Added gnutls/hpke.h

Moved every HPKE-related definitions and
declarations from gnutls/abstract.h to
the new gnutls/hpke.h.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

HPKE API rework.

Aligned the HPKE with RFC9180.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Added HPKE API for DHKEM.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Merge branch 'fix-p11tool-same-url' into 'master'

Add new API to fetch privkey type

Closes #1467

See merge request gnutls/gnutls!2074

Fix TLS 1.3 handshake

Add the signature_algorithms_cert to the list of allowed algorithms if
present, and fallback to the signature_algorithms otherwise.

This better fit [RFC8446 section 4.2.3][1]:

> If no "signature_algorithms_cert" extension is present, then the
> "signature_algorithms" extension also applies to signatures appearing
> in certificates.

This fix TLS 1.3 handshake with Java after [JDK-8349583][2].

[1]: https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
[2]: https://bugs.openjdk.org/browse/JDK-8349583

Signed-off-by: Romain Tartière <romain@blogreen.org>

Add unit test for gnutls_pkcs11_obj_get_pk_algorithm

Signed-off-by: Ghadi Elie Rahme <ghadi.rahme@canonical.com>

Merge branch 'tests-kryoptic-sha3' into 'master'

tests/pkcs11-provider/pkcs11-provider-hmac: uncomment SHA-3 tests

See merge request gnutls/gnutls!2094

tests/pkcs11-provider/pkcs11-provider-hmac: uncomment SHA-3 tests

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

p11tool: use object reference to list data

Closes #1467

Signed-off-by: Ghadi Elie Rahme <ghadi.rahme@canonical.com>

lib/pkcs11.c: fix dangling pointer in pkcs11_read_pubkey

Fixes a dangling pointer affecting CKK_EC_EDWARD. if _gnutls_pubkey_parse_ecc_eddsa_params
or _gnutls_ecc_curve_get_params fail, the cleanup section will be executed freeing tmpX
and leaving the datum in pobj dangling.

Signed-off-by: Ghadi Elie Rahme <ghadi.rahme@canonical.com>

auto-generated files update

Signed-off-by: Ghadi Elie Rahme <ghadi.rahme@canonical.com>

lib/pkcs11: Add new API to fetch privkey type

Signed-off-by: Ghadi Elie Rahme <ghadi.rahme@canonical.com>

Merge branch 'wip/dueno/nc-tree-followup' into 'master'

x509/name_constraints: minor fixes after !2083

See merge request gnutls/gnutls!2092

nettle: sanity check ML-DSA private key in pk_fixup

The caller should set raw_priv properly before calling pk_fixup. Add a
sanity check following the EdDSA case.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509/name_constraints: use stdbool more

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509/name_constraints: remove unnecessary manual cleanup

There was a duplicate cleanup logic at the exit from
namename_constraints_init: one done manually and the other with
name_constraints_deinit. Remove the former as it's redundant.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'dev/ddudas/debug/compilation-warnings' into 'master'

Fixed some compilation warnings

See merge request gnutls/gnutls!2090

Updated cligen submodule

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Fixed some compilation warnings

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

Merge branch 'wip/dueno/mldsa-pk-from-sk' into 'master'

nettle: support deriving ML-DSA public key from expanded secret key

Closes #1723

See merge request gnutls/gnutls!2088

Merge branch 'master' into 'master'

aarch64: Enable GCS

Closes #1764

See merge request gnutls/gnutls!2038

nettle: support deriving ML-DSA public key from expanded secret key

RFC 9881 defines 3 private key formats for ML-DSA: "seed",
"expandedKey" and both. When it is "expandedKey", a non-trivial
conversion is required to derive a public key, which is now
implemented in leancrypto through lc_dilithium_pk_from_sk. This patch
modifies the pk_fixup backend function to use it to derive a public
key when importing a private key.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

aarch64: Enable GCS

Signed-off-by: Guillaume Gardet <guillaume.gardet@arm.com>

nettle: use "switch" instead of "if" in wrap_nettle_pk_fixup

This makes it easier to conditionalize code with #ifdef.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

privkey_to_pubkey: use constants to access public key parameters

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'master' into 'master'

Check client certificate usage in serv

See merge request gnutls/gnutls!2087

Merge branch 'wip/dueno/nc-tree' into 'master'

x509/name_constraints: rework with rbtree-list

See merge request gnutls/gnutls!2083

Use client certificate in gnutls-cli test

Signed-off-by: Joachim Vandersmissen <git@jvdsn.com>

Merge branch 'wip/dueno/doc-update' into 'master'

cli,serv: make it explicit that they are a testing program

See merge request gnutls/gnutls!2086

SECURITY.md: suggest CVSS v3.1 [ci skip]

Signed-off-by: Daiki Ueno <ueno@gnu.org>

SECURITY.md: don't impose normal process for low severity issues

Signed-off-by: Daiki Ueno <ueno@gnu.org>

SECURITY.md: make it explicit that testing programs are out of scope

Signed-off-by: Daiki Ueno <ueno@gnu.org>

cli,serv: make it explicit that they are a testing program

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509/name_constraints: refactor intersection/union with iterators

This refactors the loops in name_constraints_node_list_intersect and
name_constraints_node_list_union with gl_list_iterator_t, as well as
factor out the partitioning logic in _intersect to _partition.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Check client certificate usage in serv

Signed-off-by: Joachim Vandersmissen <git@jvdsn.com>

x509/name_constraints: redefine type_bitmask_t as unsigned long

Previously type_bitmask_t was defined as uint8_t, which were
zero-extended to a machine word when doing bit-wise operations.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

hello_ext: move static assertions from gnutls_int.h to hello_ext.c

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509/name_constraints: extensively use bool instead of unsigned

Signed-off-by: Daiki Ueno <ueno@gnu.org>

_gnutls_x509_name_constraints_is_empty: remove type argument

The type argument is only used in
gnutls_x509_name_constraints_check_crt defined in the same
file. Create a helper function name_constraints_contains_type split
from _gnutls_x509_name_constraints_is_empty to cater for that.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509/name_constraints: extensively use gnutls_x509_subject_alt_name_t

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509/name_constraints: rework with rbtree-list

Instead of sorting permitted sets on demand, use a sorted list backed
by a binary tree to represent the sorted view of the sets. The
amortized complexity should be O(log n) as before.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/utils' into 'master'

mem,str,datum: rename `_steal_*` to `_take_*`

See merge request gnutls/gnutls!2085

mem: make _gnutls_take_pointer type safer

This changes the source parameter of _gnutls_take_pointer from "void **"
to "void *", while adding automatic cast using typeof.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

mem,str,datum: rename _steal_* to _take_*

While the name of _gnutls_steal_* functions was inspired by GLib's
g_steal_* family, it doesn't seem to be intuitive at first glance,
possibly because of the negative meaning of the word "steal". Let's
call it _gnutls_take_*, following the example of TAKE_* macros in
systemd and Option::take in Rust.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'ci-f43' into 'master'

.gitlab-ci.yml: move fedora jobs to Fedora 43

See merge request gnutls/gnutls!2082

Merge branch 'devel-ci-local' into 'master'

devel/ci-local.sh: add a gitlab-ci-local wrapper

See merge request gnutls/gnutls!2077

.gitlab-ci.yml: move fedora jobs to Fedora 43

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

devel/ci-local.sh: add a gitlab-ci-local wrapper

gitlab-ci-local doesn't play nicely with gnutls out of the box.
This adds a wrapper that smoothes several wrinkles out:
1. if you're using worktrees, bootstrapping submodules fails
2. there's no way to pass arbitrary arguments like `--remote` to podman
3. `artifacts: untracked: true` doesn't work without `paths` specified
4. commit-check job is skipped by default

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'c99' into 'master'

configure: make the C99 detection more resiliant

Closes #1806

See merge request gnutls/gnutls!2081

configure: make the C99 detection more resiliant

autoconf 2.73 will default to C23 by default, which means that the >C99
detection logic in configure.ac will fail because it only handles c11
and c99.

Instead of adding c23 to the list and then breaking again in the future,
flip the logic around (as suggested by Zack Weinberg) and check
explicitly for just c89.

Closes #1806.

Signed-off-by: Ross Burton <ross.burton@arm.com>

Merge branch 'ktls-chacha-iv-fix' into 'master'

ktls: fix ChaCha20-Poly1305 IV passing for TLS 1.2

See merge request gnutls/gnutls!2079

ktls: simplify ChaCha20‑Poly1305 IV passing

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

ktls: fix ChaCha20-Poly1305 IV passing for TLS 1.2

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'wip/dueno/remove-nettle-bundle' into 'master'

Remove no longer used files copied from Nettle

See merge request gnutls/gnutls!2078