allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks

In 9829ef9a we introduced a wrapper over the older callback functions
which didn't handle this case.

Resolves #528

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'fix-cert-callbacks' into 'master'

cert-cred: fix possible segfault when resetting cert retrieval function

Closes #528

See merge request gnutls/gnutls!714

cert-cred: fix possible segfault when resetting cert retrieval function

Reset get_cert_callback3 callback to NULL if provided callback is NULL.
Otherwise after the certificate request call_legacy_cert_cb1 /
call_legacy_cert_cb2 will try to unconditionally call legacy_cert_cb1 /
legacy_cert_cb2 callback (set to NULL) leading to segfault.

Fixes: 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'misc-fixes' into 'master'

Few small patches

See merge request gnutls/gnutls!715

kx: for uniformity print master secret size

During keys setup phase debug log will contain sizes of all keys and
secrets, except master secret. Dump MS length (48) to log for
uniformity.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

constate: dump full key block to log

Include full key block to the debug log.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

constate: dump MAC keys to debug log

_gnutls_set_keys() can dump client/server write keys/ivs to debug log,
but it skips MAC keys. Add MAC keys to log.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

constate: drop unused variable in _gnutls_set_keys

_gnutls_set_keys() creates rrnd as client random + server random, but
does not use it (it was used before for export key generation, but was
not removed when dropping support for export cipher suites).

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Fixes: 8bdb8d53aa5b4c5d04255b6c9b5f2dac8b23d51b

cert auth: simplify certificate selection code

Merge pubkey_is_compat_with_cs() and select_sign_algorithm() functions
to ease extension of certificate selection code.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'tmp-fix-521' into 'master'

Remove trailing dot from hostname input

See merge request gnutls/gnutls!709

Remove trailing dot from hostname input

Fixes #532

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Merge branch 'tmp-fix-pkcs8-export' into 'master'

Addressed issue with ECDSA key export under PKCS#8

Closes #516

See merge request gnutls/gnutls!707

gnutls_x509_privkey_import_ecc_raw: encode parameters on import

That makes the structure fully usable after import. In _encode_privkey()
use the lower-level _gnutls_x509_export_int2() for key encoding as the
call to higher gnutls_x509_privkey_export2() could result to an infinite
recursion when keys are incomplete.

Introduced additional tests for PKCS#8 key import and export.

Resolves: #516

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'certtool-gost-paramset' into 'master'

certtool: use gnutls_gost_paramset_get_name

See merge request gnutls/gnutls!710

certtool: use gnutls_gost_paramset_get_name

gost_param_name() predates gnutls_gost_paramset_get_name() and
gnutls_gost_paramset_t. Use current API functions instead of hand-coding
new functions.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

gnutls-cli: do not fail if CKA_ID is too long

Increased the buffer needed to read reasonable-sized CKA_IDs
and avoid failure when the CKA_ID is too long.

Resolves #520

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: combined abi-check and TLS1.3 check runs

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: handshake-timeout: reverted virt-time.h usage

The tests nature (waiting on a socket) didn't fit well with the virt-time
implementation. Reverted to original real-time wait and improved error
detection in child process.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls_priority_init: fix err_pos on invalid strings

When the provided string would be resolved (e.g., due to a @ priority
being used), to a different string, then do not attempt to
detect the right location of the error. It will not be useful to the caller.

This addresses the issue of test suite failure when --with-system-priority-file
and --with-default-priority-string are provided. It also enhances the test suite
with these options being active.

Resolves #517

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

examples: tlsproxy: use snprintf instead of strncpy

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc: simplified documentation on threads

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

examples: tlsproxy: eliminated warnings

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: updated win32 targets

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls-cli: mark legacy options as deprecated

This removes the --ranges and --disable-extensions options from
the default listing of options. They are disfunctional and may
be removed in the future.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.travis.yml: update brew and use nettle 3.4

Resolves #480

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: Werror build runs with -std=c99

This ensures that the errors reported will be relevant
for the required version of the standard.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

bumped versions

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

_gnutls_resolve_priorities: avoid gnu extension for ?: construct

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

NEWS: doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

nettle/rnd-fips: updated documentation

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-cli: improve error reporting with -l --priority option

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

cipher-listings: use the sed found by configure script and make it portable

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: tls-fuzzer: separated SSL3.0 from TLS1.x tests

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-cli-debug: do not attempt SSL3.0 negotiation when not enabled

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

priorities: ensure that SSL3.0 enablement fails early when disabled

That is, that a priority string with only SSL3.0 present is discarded as
invalid.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

The SSL 3.0 protocol is disabled on compile time by default

It can be re-enabled by specifying --enable-ssl3-support on configure script.
This is the first step before removing support for the protocol completely.

Relates #103

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: gnutls-cli-debug.sh: corrected run under FIPS mode

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: minor text updates

Updated text for gnutls_session_ext_master_secret_status and for
GNUTLS_NO_EXTENSIONS flag which is defunc.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls-cli-debug: fix EtM and extended master secret discovery

In particular do not set the GNUTLS_NO_EXTENSIONS flag by default,
and only enable block ciphers for the EtM check.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: improved unit test of gnutls-cli-debug

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls-cli-debug: generalized cipher tests

That is, tests now check for either the 128-bit or the 256-bit
of the cipher consistently.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-cli-debug: removed legacy tests no longer applicable

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-cli-debug: detect TLS1.3 support

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-cli-debug: when testing servers enable all ciphers

Resolves #515

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc: update for TLS 1.3

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Merge branch 'tmp-fix-multi-async-msg' into 'master'

Fix issue preventing the parsing of certain async messages

Closes #510 and #504

See merge request gnutls/gnutls!694

_gnutls13_recv_async_handshake: process multiple and split handshake messages

It is permitted to concatenate multiple async handshake messages in a single
record message as well as split large messages (NST) into multiple records.
Modified _gnutls13_recv_async_handshake() to process them correctly, instead
of assuming that they are formatted as one message per record.

Resolves #510
Resolves #504

Relates #511

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: check whether multiple tickets can be sent/received

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_session_ticket_send: allow sending multiple tickets in one go

This allows combining the tickets in a single record message when
possible.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'tmp-limit-ticket-age' into 'master'

limit the age of session tickets

Closes #476

See merge request gnutls/gnutls!697

tests: handshake-timeout: use virt_sec_sleep() to avoid long delays in test

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

generate_session_ticket: tickets cannot extend the original session time

That is, on a resumed session the server would not issue new tickets
that would have extended the lifetime of the originally issued ticket.

Resolves #476

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

pre_shared_key: do not send extension when no identities are present

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: corrected priority strings in session-tickets-ok and other cleanups

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc: mention session ticket behavior under TLS1.3

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

generate_session_ticket: use a 4-byte nonce by default

It is not necessary to use large nonces.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

pre_shared_key: use time_t type for ticket_age variable

This is guarranteed to allow negative values, and also be 32-bits.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

generate_session_ticket: fixed comment

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

lib: document digest and paramset in gost key import functions

Document behaviour of gnutls_pubkey_import_gost_raw,
gnutls_privkey_import_gost_raw and gnutls_x509_privkey_import_gost_raw.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

lib/x509: use new function to deduce default GOST paramset

Use new _gnutls_gost_paramset_default() function to deduce default GOST
paramset, instead of hardcoding if/else in several places.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

lib: remove undefined behaviour when handling GOST paramset

Initial version of GOST patchset used param < 0 to represent unknown
value. Later special enum entry GNUTLS_GOST_PARAMSET_UNKNOWN was
introduced. Fix several leftovers comparing params to 0 directly.

Closes #505.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'tmp-def-priority2' into 'master'

gnutls_set_default_priority2: introduced

See merge request gnutls/gnutls!680

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_priority_init2,gnutls_set_default_priority_append: introduced

This allows enhancing the default priority with additional
options, allowing an application to introduce stricter (or weaker)
settings without requiring it to override all settings.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

configure: Fix progress message for --enable-tls13-support

Signed-off-by: Andreas Metzler <ametzler@bebt.de>

tests: tls-fuzzer-alpn: operate on random port

This allows parallel run of the test with other tlsfuzzer tests.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

configure: added option --enable-tls13-support

The new option enables TLS1.3 draft-28 support unconditionally.
Updated the test suite to run when TLS1.3 is enabled by default,
and added a CI run with TLS1.3 enabled.

Resolves #424

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

_gnutls_figure_common_ciphersuite: apply rfc7919 requirements only under TLS1.2

Under TLS1.3 there is no requirement to return insufficient security depending
on the FFDHE group negotiation.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

supported_versions: do not parse in server side when TLS1.3 is disabled

This allows a server to negotiate older versions using the previous TLS
negotiation scheme.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

protocols: bumped TLS1.3 protocol to draft-28

Resolves #506

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: mini-record-timing: avoid warning for too large stack usage

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'tmp-fix-rsae-negotiation' into 'master'

sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS

Closes #500

See merge request gnutls/gnutls!693

tlsfuzzer: updated to include RSA and RSA-PSS related tests

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS

If the signature algorithm sets the `cert_pk` field, ignore the
`pk` field completely. Not doing that would make the RSAE signature
algorithms with RSA-PSS certificates which is against the intended
use of `cert_pk`.

Resolves #500

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tlsproxy: included but not as submodule

This allows updating the example when necessary within the repository
and reduces the amount of external dependencies for CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tlsproxy: removed submodule

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: introduced tests about crypto API failures on illegal use

This ensures that any mistakes in using the crypto API are propagated
to the higher level calls, or result to an abort().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls_aead_cipher_encryptv: eliminate signed/unsigned warnings under x86

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

accelerated: error on the cases where the nettle API would have errored

This ensures that illegal uses of the API would be propagated to
the higher levels.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls_cipher_add_auth: propagate error codes

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'tmp-32-bit-time_t' into 'master'

tests: verify that certtool will fail with a 32-bit time_t

Closes #370

See merge request gnutls/gnutls!691

certtool: properly print an int64_t value

Also included the gnulib inttype module for portability.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

certtool: print information on time_t restrictions on failure

This informs the user of the tool why dates after 2038 cannot
be expressed on systems with a 32-bit time_t.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: verify that certtool operates as expected with dates after 2038

That is, whether it works with a time_t of 64-bit size, and fails
with a time_t of 32-bit size.

Resolves #370

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: check explicitly the size of time_t

Previously we were disabling the 2038 tests on 32-bit systems,
but there can be 32-bit systems with a 64-bit time_t. Ensure
that we run the right tests.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: better guarding of variable SKIP_DATEFUDGE_CHECK

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'tmp-post-handshake-auth' into 'master'

post-handshake authentication improvements

Closes #490 and #489

See merge request gnutls/gnutls!687

tests: ignore PIPE signal on TLS1.3-related tests

This was inadvertently omitted and that could cause unexpected
issues when one of the peers would close the connection earlier
than expected.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: check for GNUTLS_E_GOT_APPLICATION_DATA on post-handshake auth

That is, check whether GNUTLS_E_GOT_APPLICATION_DATA is received as
documented, and whether post-handshake auth can complete while this
is being sent.

Resolves #490

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

post-handshake: return GNUTLS_E_GOT_APPLICATION_DATA as documented to

Relates #490

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: introduced test for post-handshake auth + PSK

Relates #489

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tls13 handshake: allow certificate messages after handshake

This allows post-handshake authentication even when PSK
is negotiated.

Resolves #489

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH

This allows a server application to detect whether the client
would support post handshake authentication or not without initiating
via gnutls_reauth().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-serv: make --disable-client-cert and --require-client-cert options incompatible

That is refuse to run when both options are specified.

Resolves #502

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: verify whether GNUTLS_TLS_VERSION_MAX is negotiated on default mode

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'tmp-ci-cleanups' into 'master'

Fixes + cleanups for .gitlab-ci.yml

See merge request gnutls/gnutls!690

Fixes + cleanups for .gitlab-ci.yml