lib/priority: defer setting system-wide priority string

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

lib/priority: split up update_system_wide_priority_string

This is done in preparation for deferring priority string evaluation.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

priority: compile out GOST algorithms IDs if they are disabled

When compiled with --disable-gost, gnutls-cli --priority NORMAL --list
still prints GOST algorithms for ciphers, MACs, and signatures.  This
change adds compile time checks to suppress them.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'bump-max-algorithm' into 'master'

bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS

See merge request gnutls/gnutls!1538

Merge branch 'typos' into 'master'

Fix typos

See merge request gnutls/gnutls!1537

Merge branch 'zfridric_devel3' into 'master'

Disable some tests in fips mode

See merge request gnutls/gnutls!1536

bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS

Fedora 36 LEGACY crypto-policy uses allowlisting format
and is long enough to blow past the 64 priority string
elements mark, causing, effectively, priority string truncation.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Fix typos

Signed-off-by: Dimitris Apostolou <dimitris.apostolou@icloud.com>

Disable some tests in fips mode

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Merge branch 'wip/dueno/iana-cs' into 'master'

gnutls_ciphersuite_get: new function to get unique ciphersuite name

Closes #1291

See merge request gnutls/gnutls!1513

Merge branch 'wip/dueno/fips-pkcs12' into 'master'

pkcs12: tighten algorithm checks under FIPS

See merge request gnutls/gnutls!1531

_gnutls_pkcs_raw_{decrypt,encrypt}_data: use public crypto API

These functions previously used the internal crypto
API (_gnutls_cipher_*) which does not have algorithm checks for FIPS.

This change switches the code to use the public crypto
API (gnutls_cipher_*) to trigger proper state transitions under FIPS
mode.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

pkcs12: mark MAC generation and verification as FIPS non-approved

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/ktls-return-value' into 'master'

gnutls_transport_is_ktls_enabled: fix return value of stub

See merge request gnutls/gnutls!1534

gnutls_transport_is_ktls_enabled: fix return value of stub

Signed-off-by: Daiki Ueno <ueno@gnu.org>

gnutls_ciphersuite_get: new function to get unique ciphersuite name

The existing method to obtain the name of the currently negotiated TLS
ciphersuite is as follows:

- call gnutls_cipher_get, gnutls_mac_get, gnutls_kx_get
- call gnutls_cipher_suite_get_name with the value from the above functions

This process is cumbersome and only works with TLS 1.2 or earlier;
moreover the returned names are GnuTLS specific.

This change adds a new function gnutls_ciphersuite_get to eliminate
those limitations.  It returns the "canonical" name of the
ciphersuite, which is mostly identical to the ones registered in IANA,
with an exception for compatibility.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/nettle-master' into 'master'

.gitlab-ci.yml: fix nettle installation path

See merge request gnutls/gnutls!1492

tls-fuzzer: prolong timeout for FFDHE tests

Signed-off-by: Daiki Ueno <ueno@gnu.org>

.gitlab-ci.yml: prolong timeout for fedora-nettle-minigmp/test

Signed-off-by: Daiki Ueno <ueno@gnu.org>

.gitlab-ci.yml: fix nettle installation path

.fedora-nettle/build clones the nettle into "nettle-git" and
temporarily change the working directory while buidling it.  After
moving back to the original working directory, the installation path
should be prefixed with "${PWD}/nettle-git/".

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/fips-rsa-keygen' into 'master'

rsa_generate_fips186_4_keypair: accept a few more modulus sizes

See merge request gnutls/gnutls!1523

certtool --generate-privkey: update warnings on RSA key sizes

Signed-off-by: Daiki Ueno <ueno@gnu.org>

rsa_generate_fips186_4_keypair: accept a few more modulus sizes

While _rsa_generate_fips186_4_keypair was modified to accept modulus
sizes other than 2048 and 3076, rsa_generate_fips186_4_keypair, which
calls that function, was not updated to accept such modulus sizes.

Spotted by Alexander Sosedkin.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/fedora35' into 'master'

.gitlab-ci.yml: update Fedora images to Fedora 35

See merge request gnutls/gnutls!1527

.gitlab-ci.yml: update Fedora images to Fedora 35

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'bump-soname' into 'master'

Bump libgnutlsxx soname due to ABI break

Closes #1318

See merge request gnutls/gnutls!1528

Bump libgnutlsxx soname due to ABI break

db_check_entry and db_check_entry now have const parameters

Signed-off-by: Seppo Yli-Olli <seppo.yliolli@gmail.com>

Merge branch 'wip/dueno/tpmtool' into 'master'

Make --with-tpm2 not conflict with --with-tpm

Closes #1313

See merge request gnutls/gnutls!1526

Merge branch 'ktls-record-send-fix' into 'master'

ktls: fix _gnutls_ktls_send_control_msg return value

Closes #1314

See merge request gnutls/gnutls!1525

Merge branch 'aes-gcm-sizes' into 'master'

buffer size checks in accelerated cipher implementations

See merge request gnutls/gnutls!1521

Merge branch 'wip/dueno/doc-fixes2' into 'master'

Minor fixes after 3.7.3 (mainly documentation)

See merge request gnutls/gnutls!1524

configure.ac: make --with-tpm and --with-tpm2 independent

These features are not mutually exclusive, so it doesn't make sense to
disable the TPM 1.2 support with TPM 2.0 support.

Reported by Jan Palus in:
https://gitlab.com/gnutls/gnutls/-/issues/1313

Signed-off-by: Daiki Ueno <ueno@gnu.org>

gen-getopt.py: avoid struct member name clash with C keywords

Signed-off-by: Daiki Ueno <ueno@gnu.org>

tests: tcp_connect: avoid resource leak on error path

Signed-off-by: Daiki Ueno <ueno@gnu.org>

README.md: fix versions in build status and add 3.6.x

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'ktls_fix' into 'master'

KTLS: hotfix

See merge request gnutls/gnutls!1522

ktls: fix _gnutls_ktls_send_control_msg return value

always returned 0 on success while contract mandates to return number of
bytes sent

Fixes #1314

Signed-off-by: Jan Palus <jpalus@fastmail.com>

release-steps: fix markup

Signed-off-by: Daiki Ueno <ueno@gnu.org>

KTLS: hotfix

fixed: keys will be set only when both sockets were enabled for ktls
fixed: session->internals.ktls_enabled left uninitialized for non
ktls-enabled build

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

lib/accelerated: use unlikely on buffer length checks more consistently

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

lib/accelerated: rearranged several size checks to avoid overflow

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/scripts/common: fix skipping over x86-specific tests

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/slow/test-hash-large: output GNUTLS_CPUID_OVERRIDE hints

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/slow/cipher-api-test: add happy paths, specific error checks etc

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

lib/accelerated: report GNUTLS_E_SHORT_MEMORY_BUFFER in many places

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'tmp-2022-testsuite-more-bashism' into 'master'

testsuite: Fix missed instances of &> redirection

See merge request gnutls/gnutls!1519

Merge branch 'tmp-2022-testsuite-infinite-loop' into 'master'

testsuite: Fix endless loop on /bin/sh without $RANDOM

Closes #1315

See merge request gnutls/gnutls!1520

.gitlab-ci.yml: enable hardware acceleration in UB+ASAN jobs

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

tests/slow/cipher-api-test: actually test for short buffer...

... avoiding the case when different failures mask the intended one

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

lib/accelerated/x86/aes-gcm-x86-pclmul-avx: add short buffer checks

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

testsuite: Fix endless loop on /bin/sh without $RANDOM

Closes #1315
Signed-off-by: Andreas Metzler <ametzler@bebt.de>

testsuite: Fix missed instances of &> redirection

Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Merge branch 'tmp-2022-testsuite-bashism' into 'master'

Avoid &> redirection bashism in testsuite

See merge request gnutls/gnutls!1518

Avoid &> redirection bashism in testsuite

Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Merge branch 'wip/dueno/release-3.7.3' into 'master'

Release 3.7.3

See merge request gnutls/gnutls!1517

Release 3.7.3

Signed-off-by: Daiki Ueno <ueno@gnu.org>

tests: privkey-keygen: fix memory leak

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509: fix thread-safety in gnutls_x509_trust_list_verify_crt2

This function previously used gnutls_x509_trust_list_get_issuer
without GNUTLS_TL_GET_COPY flag, which is required when the function
is called from multi-threaded application and PKCS #11 trust store is
in use.

Reported and the change suggested by Remi Gacogne in:
https://gitlab.com/gnutls/gnutls/-/issues/1277

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/fips-module-version' into 'master'

fips: add mechanism to embed FIPS module name in the library

See merge request gnutls/gnutls!1508

cli: add --list-config option

With this option gnutls-cli prints the build-time configuration of the
library, retrieved through gnutls_get_library_config.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

fips: add build option to embed FIPS module info in library config

This adds a couple of configure options, --with-fips140-module-name
and --with-fips140-module-version, which packagers can use to embed
FIPS module information in the library.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

global: add API to retrieve library configuration at run time

Signed-off-by: Daiki Ueno <ueno@gnu.org>

configure.ac: emit feature summary as C macro

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/build-fixes3' into 'master'

Minor build fixes for 3.7.3 release (part 2)

See merge request gnutls/gnutls!1516

tests: suppress GCC -fanalyzer warnings

Signed-off-by: Daiki Ueno <ueno@gnu.org>

.gitignore: ignore more files

Signed-off-by: Daiki Ueno <ueno@gnu.org>

src: avoid overriding noinst_PROGRAMS

In src, we now have two helper programs: systemkey and dumpcfg.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

build: hide maintainer tool invocation behind AM_V_GEN

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/remove-autogen' into 'master'

remove autogen dependency

Closes #775, #774, and #773

See merge request gnutls/gnutls!1506

tests: use more aliases in tests for better alias testing coverage

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

.gitlab-ci.yml: run static analyzers on Python files

This runs a couple of code analysis on the Python scripts added to
remove AutoGen dependency.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

.gitlab-ci.yml: bump cache key for python3 detection

Signed-off-by: Daiki Ueno <ueno@gnu.org>

README.md: mention Python as requirement instead of AutoGen

Signed-off-by: Daiki Ueno <ueno@gnu.org>

src: remove AutoGen .def files

As neither the tools nor documentation depends on AutoGen, we don't
need to include the AutoGen definition files.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

doc: generate man-pages from JSON

This replaces man-pages generation previously provided by the autogen
-Tagman.tpl command with a Python script (gen-cmd-man.py).

Signed-off-by: Daiki Ueno <ueno@gnu.org>

doc: generate texinfo files from JSON

This replaces texinfo generation previously provided by the autogen
-Tagtexi.tpl command with a Python script (gen-cmd-texi.py).

Signed-off-by: Daiki Ueno <ueno@gnu.org>

src: remove included copy of libopts

As no tools link with libopts anymore, we don't need to include it in
the distribution.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

src: replace autoopts/libopts with minimal config parser

This replaces configuration file parsing code previously provided by
<autoopts/options.h>, with a minimal compatible implementation.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

src: generate option handling code from JSON

This replaces AutoGen based command-line parser with a Python
script (gen-getopt.py), which takes JSON description as the input.
The included JSON files were converted one-off using the parse-autogen
program: https://gitlab.com/dueno/parse-autogen.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

python: add library for handling JSON-based option description

This adds the jsonopts Python module used by the command-line parser
generator and documentation generators in the following commits.  This
also bumps the required Python interpreter version to 3.6.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>

Merge branch 'wip/dueno/gost-pkcs12' into 'master'

pkcs12: use the correct MAC algorithm for GOST key generation

Closes #1225

See merge request gnutls/gnutls!1514

pkcs12: use the correct MAC algorithm for GOST key generation

According to the latest TC-26 requirements, the MAC algorithm used for
PBKDF2 should always be HMAC_GOSTR3411_2012_512.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/build-fixes2' into 'master'

Minor build fixes before the 3.7.3 release

See merge request gnutls/gnutls!1511

Merge branch 'wip/dueno/cpuid' into 'master'

accelerated: fix CPU feature detection for Intel CPUs

See merge request gnutls/gnutls!1487

Merge branch 'curve-keygen-allowlist-test' into 'master'

Extend system-override-curves-allowlist test with key generation

See merge request gnutls/gnutls!1500

tests: simple: check if the digest algorithm is compiled in

When the library is built with --disable-gost, gnutls_digest_get_id
returns GNUTLS_DIG_UNKNOWN for GOST algorithms.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509: fix potential wrong usage of memcpy

Spotted by GCC analyzer:

  common.c:552:17: warning: use of NULL 'out.data' where non-null expected [CWE-476] [-Wanalyzer-null-argument]
    552 |                 memcpy(output_data, out.data, (size_t) out.size);
        |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Daiki Ueno <ueno@gnu.org>

cert-auth: suppress false-positive warnings with GCC analyzer

When compiled with gcc -fanalyzer, it reports:

  cert.c: In function '_gnutls_pcert_to_auth_info':
  cert.c:85:17: error: dereference of NULL 'info' [CWE-476] [-Werror=analyzer-null-dereference]
     85 |         if (info->raw_certificate_list != NULL) {

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/pkcs12' into 'master'

certtool: --to-p12: use modern algorithms by default

See merge request gnutls/gnutls!1499

gnutls_pkcs12_generate_mac: use SHA256 by default

Signed-off-by: Daiki Ueno <ueno@gnu.org>

.gitlab-ci.yml: reduce PKCS#12 iteration count while testing

Signed-off-by: Daiki Ueno <ueno@gnu.org>

tests: check algorithms for generating PKCS#12 file

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Merge branch 'wip/dueno/fipscontext' into 'master'

fips: add functions to inspect thread-local FIPS operation state

See merge request gnutls/gnutls!1465

cipher-api-test: mention why it is written using fork

Signed-off-by: Daiki Ueno <ueno@gnu.org>

fips: plumb service indicator to symmetric key crypto operations

Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>

fips: plumb service indicator to public key crypto operations

This installs service indicator state transitions in certain public
key operations in gnutls_crypto_pk_st, namely:

* fallible operations
  - encrypt
  - sign
  - generate_keys
  - derive

* infallible operations
  - decrypt, decrypt2
  - verify

other operations, such as generate_params, are not considered as
crypto operation.  Note that fallible operations above mean that those
return value could indicate error, while infallible operations do not
have distinction between errors and failures: decrypt/verify failures
are treated as a successful completion of the operation.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>

_gnutls_pkcs_generate_key: use HMAC-SHA256 for PBKDF2

Signed-off-by: Daiki Ueno <ueno@gnu.org>

pkcs12: determine iteration count for MAC at build time

Signed-off-by: Daiki Ueno <ueno@gnu.org>

pkcs7: determine iteration count for PBKDF2 at build time

Signed-off-by: Daiki Ueno <ueno@gnu.org>

certtool: --to-p12: use modern algorithms by default

Currently certtool uses PKCS12-3DES-SHA1 for encrypting keys in
PKCS#12, while it is suggested to migrate to more modern algorithms,
namely AES-128-CBC with PBKDF2 and SHA-256:
https://bugzilla.redhat.com/show_bug.cgi?id=1759982

Signed-off-by: Daiki Ueno <ueno@gnu.org>