certtool: always set extensions from template

Previously we would only set these extensions specific with add_extension
when generating using --generate-certificate. The change makes sure these
options are considered even when generating an extension from a certificate
request. Issue reported on the mailing list.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: check certificate generation from certificate request

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'tmp-fix-serv-exit' into 'master'

gnutls-serv: do not exit on command failure

Closes #868

See merge request gnutls/gnutls!1129

Merge branch 'abi-fix' into 'master'

abi-check: fix include paths

See merge request gnutls/gnutls!1139

Merge branch 'tmp-check-same-certs' into 'master'

_gnutls_verify_crt_status: apply algorithm checks to trusted CAs and other cert improvements

Closes #877

See merge request gnutls/gnutls!1140

tests: ensure test suite does not apply global config

When running the test suite we do not apply the global
gnutls configration as it may change options that are
tested.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls-cli: improved output of --benchmark-tls-kx

It is now printed in a way that separates the tests. Example:
```
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
 - 179.19 transactions/sec
 - avg. handshake time: 5.57 ms
 - standard deviation: 0.57

(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
 - 182.24 transactions/sec
 - avg. handshake time: 5.48 ms
 - standard deviation: 0.64
```

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-cli: benchmark-tls-kx can work with sub-ms accuracy

This allows micro and nanoseconds to be reported if necessary,
and it changes reporting of sample variance to standard deviation
giving a possibly better overview as it is in the same units as
the average.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'gost-split-4' into 'master'

gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests

See merge request gnutls/gnutls!1137

gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests

Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT
support by the server.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

README.md: updated to list fuzz coverage results [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc: update reference to the default configuration file

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

_gnutls_verify_crt_status: apply algorithm checks to trusted CAs

If a CA is found in the trusted list, check in addition to
time validity, whether the algorithms comply to the expected
level. This addresses the problem of accepting CAs which would
have been marked as insecure otherwise.

Resolves: #877

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

certtool: added option to apply a certificate verification profile

This applies to the --verify and --verify-chain commands.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Export profile ID/name handling functions

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

is_level_acceptable: apply the system-wide profile in all verifications

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Introduced check to reject certificates with non-digits in time field

According to RFC5280 we should reject such certificates.

Resolves: #870

Signed-off-by: Lili Quan <13132239506@163.com>

abi-check: fix include paths

If GnuTLS is built outside of source tree, abicheck will miss gnutls.h
header which is generated in the build tree. Expand arguments to include
it.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'gost-split-3' into 'master'

Add GOST-CNT ciphersuite support

See merge request gnutls/gnutls!1119

doc: document GROUP-GOST-ALL keyword

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

NEWS: add news entry, describing TLS 1.3 vs GOST issues

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

ext/signature: use GOST signatures for GOST ciphersiuites

draft-smyshlyaev-tls12-gost-suites limits SignatureAndHash algorithms
in CertificateRequest message to GOST values if GOST cipher suite is
selected.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

tls13-server-kx-neg: add test for GOST-enabled server and client

If both client and server have enabled TLS 1.3 and GOST-CNT
ciphersuites, they should correctly negotiate a connection, but using
TLS 1.2 version.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

tests: added testcases for ciphersuite/KX negotiation with VKO-GOST

This verifies whether the ciphersuite negotiation will detect and
reject incompatible data present in credentials.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

tests: add tests for KX-GOST-VKO using different key variants

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add GOST cipher suites

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

priority: add GROUP-GOST-ALL keyword

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Support GOST certificate request values

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

lib: fix group selection in case of GOST cipher suites

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'tmp-ext-fuzzer' into 'master'

fuzzer: added fuzzer for gnutls_ext_raw_parse() [ci skip]

See merge request gnutls/gnutls!1133

Sync with fuzzers from OSS-Fuzz

Only lots of corpora removed (by merge step). Not sure why.
But there are several new UBs detected.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Amend fuzz scripts and README for clang-8

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Add fuzz corpora for gnutls_ext_raw_parse_fuzzer

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

fuzzer: added fuzzer for gnutls_ext_raw_parse()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_ocsp_status_request_is_checked: mark explicitly as unsigned the return type

Also some documentation updates.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

README.md: updated CI build badge [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Provide flag to identify sessions that an OCSP response was requested

That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be
checked by a server application to determine whether the
client has requested stapled OCSP responses.

This includes minor cleanups in the status request handling code.

Resolves: #829

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'tmp-more-const-1' into 'master'

Add const to function arguments in lib/x509

See merge request gnutls/gnutls!1007

abi: updated to latest const changes and added NEWS entry

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Add const to function arguments in lib/x509

This change does not introduce functionality changes.
It just adds const promises to the caller.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

gnutls-serv: do not exit on command failure

If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv
would simply quit. This prevents using this tool in a test environment
like tlsfuzzer. Ensure that we don't quit on error.

Resolves: #868

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'AVOID_INTERNALS' into 'master'

lib: remove obsolete AVOID_INTERNALS

See merge request gnutls/gnutls!1127

.triage-policies.yml: updated to work with latest gitlab-triage [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

lib: remove obsolete AVOID_INTERNALS

Although commit 1f246c381e8a7449d84b143ffe50a0818622d2a3 enabled
the self-check functions unconditionally, the #ifdefs AVOID_INTERNALS
remained in lib/crypto-selftests-pk.c.

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Revert "Released 3.6.11.1 including missing files"

This reverts commit 1e9c9ba0c0798b5566902e6c5ab83418826dd7f5.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Released 3.6.11.1 including missing files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'tmp-libopts-fix' into 'master'

libopts: include new files into dist

Closes #867

See merge request gnutls/gnutls!1126

libopts: include new files into dist

This also includes --enable-local-libopts flag to make dist
to catch future regressions.

Resolves: #867

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

released 3.6.11

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Write OCSP status request debug information to logfile, if set

The status information not part of the payload data and should be
separate when using --logfile.

Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Send log messages about loading client credentials to logfile, if set

Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

.travis.yml: explicitly install openssl to address build issue

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

NEWS: documented AES-CFB8 fix [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

bumped version

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.travis.yml: update submodules [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

base64: minor improvements in OOM handling and test suite

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'tmp-fix-base64' into 'master'

gnutls_base64_decode2() succeeds decoding the empty string

Closes #834

See merge request gnutls/gnutls!1124

gnutls_base64_decode2() succeeds decoding the empty string

This is a behavioral change of the API but it conforms to
the RFC4648 expectations.

Resolves: #834

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Revert "tests: ignore datefudge-check check when running on command line"

This commit was breaking CI on FreeBSD systems.

This reverts commit 1fe4f8e289d666979618fbb909983ac05aad11ac.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'tmp-fix-crl-dist-points' into 'master'

Add CRL distribution points to non-self-signed certificates

Closes #765

See merge request gnutls/gnutls!1123

certtool: always include the CRL distribution points on CAs

Previously we would omit the CRL distribution points from a non-self
signed CA certificate, even if contained in the template.

Resolves: #765

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: ignore datefudge-check check when running on command line

That allows running the tests individually without make or setting
top_builddir variable.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'minimal-check' into 'master'

Run tests under minimal configuration

See merge request gnutls/gnutls!1122

tests: make tests pass with disabled GOST  algorithms

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

gitlab-ci: enable running make check on minimal build

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'wip-cross-compilation' into 'master'

Fix cross-compilation of the Guile bindings

See merge request gnutls/gnutls!1120

Merge branch 'fix-coverity' into 'master'

vko: fix possible unitilized scalar access

See merge request gnutls/gnutls!1118

guile: Silence auto-compilation warning for 'guild'.

Reported by Helmut Grohne <helmut@subdivi.de>
and Andreas Metzler <ametzler@bebt.de>
at <https://bugs.debian.org/943905>.

* guile/Makefile.am (%.go): Pass "GUILE_AUTO_COMPILE=0" to avoid
warnings about 'guild' needing to be compiled.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

vko: fix possible unitilized scalar access

Fix error path in _gnutls_gost_keytrans_decrypt. If
_asn1_strict_der_decode() fails, cleanup path will try to
gnutls_pk_params_release(&pub), which will access unitialized pub
variable. Fix by deleting asn1 sctructure directly.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

guile: Do not attempt to load shared object when cross-compiling.

Reported by Helmut Grohne <helmut@subdivi.de>
and Andreas Metzler <ametzler@bebt.de>
at <https://bugs.debian.org/943905>.

* configure.ac: Add 'CROSS_COMPILING' conditional.
* guile/Makefile.am (CROSS_COMPILING_VARIABLE): New variable.
(%.go): Use it.
* guile/modules/gnutls.in <top level>: Do not call 'load-extension'
when "GNUTLS_GUILE_CROSS_COMPILING" is defined.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Merge branch 'gost-split-2' into 'master'

GOST key exchange support

See merge request gnutls/gnutls!1097

Merge branch 'tmp-cfb8-fixes' into 'master'

nettle: backport fixes to cfb8_decrypt

See merge request gnutls/gnutls!1117

Add support for VKO GOST key exchange

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

.gitlab-ci.yml: bump configure cache version

Signed-off-by: Daiki Ueno <dueno@redhat.com>

crypto-selftests: test CFB8 ciphers with different chunksizes

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Daiki Ueno <dueno@redhat.com>

nettle: use included CFB8 implementation if nettle is 3.5

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Merge branch 'prf-crash' into 'master'

prf: don't crash when called before handshake completion

See merge request gnutls/gnutls!1116

groups: add function to return group by curve

Two GOST groups will have two curves attached. Add function to retrieve
group by curve, rather than by group id.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

ecc: define curve->group relationship

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Declare groups corresponding to GOST curves

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add GOST key transport support

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

nettle: add support for GOST key derivation

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

_gnutls_pk_derive: add argument for nonce

GOST VKO key derivation needs another opaque argument (called UKM).
Add an argument to _gnutls_pk_derive to accomodate that keying material.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

nettle/gost: add support for GOST VKO algorithm

GOST VKO is a variant of ECDHE algorithm.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

nettle/gost: provide GOST keywrapping support

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

prf: don't crash when called before handshake completion

If a gnutls_prf*() function is called before the handshake is completed,
return GNUTLS_E_INVALID_REQUEST instead of crashing.

Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>

nettle: backport fixes to cfb8_decrypt

cfb8: don't truncate output IV if input is shorter than block size:
https://git.lysator.liu.se/nettle/nettle/commit/f4a9c842621baf5d71aa9cc3989851f44dc46861

Signed-off-by: Daiki Ueno <dueno@redhat.com>

gnutls_privkey_sign_data2: removed unnecessary text [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'crt-vrfy-final' into 'master'

tls-sig: reverse bytes in TLS signatures for GOST signatures

See merge request gnutls/gnutls!1114

Merge branch 'tmp-update-ci-to-f31' into 'master'

Update CI to F31

See merge request gnutls/gnutls!1113

.gitlab-ci.yml: do not inline strcmp in valgrind build

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: removed unnecessary use of --enable-valgrind-tests

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'master' into 'master'

nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD.

See merge request gnutls/gnutls!1109

Add NEWS entry for the NetBSD KERN_ARND change.

Signed-off-by: Nia Alarie <nia@NetBSD.org>

tls-sig: reverse bytes in TLS signatures for GOST signatures

GOST TLS suites have one peculiarity: CertificateVerify message uses
byte order opposite to the rest of GOST signature usage (BE instead of
LE). So, reverse byte order in signatures in TLS code. For now this
applies only to TLS 1.2 code. GOST TLS 1.3 ciphersuites will also follow
this approach. Legacy TLS 1.0 ciphersuites also had this peculiarity.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'logfile-doc-improvement' into 'master'

doc: describe how to make gnutls-cli quiet for pipe usage

Closes #845

See merge request gnutls/gnutls!1108

Merge branch 'remove-uint24' into 'master'

lib: simplify uint24 handling

See merge request gnutls/gnutls!1107

.gitlab-ci.yml: updated CI environment to F31

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: include config.h in rawpk-api.c

This seems to have impacted windows compilation.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>