p11tool: remove duplicate branch

The GNUTLS_PKCS11_OBJ_ATTR_MATCH and GNUTLS_PKCS11_OBJ_ATTR_ALL
attributes are the same, so there is no need to handle them
separately.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Add strdup-posix gnulib module

Some files in gl/tests won't build in environments without
strdup(), e.g. MinGW on Debian. The gnulib docs advise to
explicitly add the module.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

testcompat-tls13-openssl: fix openssl interactions

 * Do not require certificate validation on tests where no certificate is sent
 * Rekey test performs data transfer after re-key

This introduces a dependency on the expect package for testing, and
updates openssl to address an issue in post-handshake auth interop
testing.

Resolves #488

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-serv: when post-handshake auth is asked; require a certificate

This allows testing post-handshake authentication using gnutls-serv.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

key update: corrected generation of keys

Resolves #485

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-cli: wait for all server data prior to closing connection

This cleans-up the existing code which was disfunctional and
allows detecting errors which happen after we transmit data
to the server.

Relates #485

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitignore: added new test executables

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: eliminated compiler warnings

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Update .gitignore files according to bootstrap

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

src: fix regenerating autogen files if builddir = srcdir

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'timespec-overflow2' into 'master'

avoid more possible overflows when substracting timespecs

See merge request gnutls/gnutls!685

convert from milliseconds to timespec without loop

Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

use timespec_sub_ms() instead of open coding it

Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

avoid overflow when substracting timespecs if rdtsc is not available

This may still overflow on platforms where unsigned long is 32 bit (e.g. 32 bit
Un*x, any Windows) when the delta is more than 4 seconds.

Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

lib/nettle/gost: support building with mini-nettle/mini-gmp

Do not depend directly on gmp.h.

Closes: #497
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

avoid rounding errors and overflows when substracting timespecs

The current Unix time will cause overflows if multiplied with 1000, which could
lead to rounding errors afterwards. Do the substractions first so all numbers
stay small enough to fit into unsigned ints.

Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>

Merge branch 'tmp-fix-fips-generation' into 'master'

wrap_nettle_pk_generate_keys: retry on provable key generation

Closes #283

See merge request gnutls/gnutls!681

wrap_nettle_pk_generate_keys: retry on provable key generation

This resolves issue with occasional failures under RSA key generation
in FIPS140-2 mode.

Resolves #283

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'auto-sync-translations' into 'master'

Let ./bootstrap sync from translationproject.org

Closes #470

See merge request gnutls/gnutls!678

Let ./bootstrap sync from translationproject.org

This makes manual updating of the translations obsolete.
From now on, builds and tarballs will always have the latest translations
included.

We should not forget to inform translationproject.org to update the
translations before a release. How to do that is described at
https://translationproject.org/html/maintainers.html (6. Announcing).

gnutls_session_get_desc: fixed desc printing of custom groups

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

aarch64: use getauxval() if available to discover cpu caps

This improves CPU detection by avoiding the parsing of
of a human-readable file and allows operation under debian
multilib qemu setup.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: no need for submodule update on cross-builds

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: use qemu for aarch64 testing

This eliminates the need (and costs) to maintain a separate baremetal
system.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: corrected typo

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: skip submodule initialization when not necessary

This prevents unnecessary download of submodules on CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: updated x86 CI builds with better datefudge detection

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: debian stretch build replaced by buster

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'gost-no-tls' into 'master'

GOST certificates/PKCS#7/PKCS#12 support

See merge request gnutls/gnutls!654

tests: add PKCS#12 test script for GOST 28147-89-encrypted files

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

certtool: honour --hash option when generating PKCS#12 files

Use algorithm specified with --hash option when generating MAC for
PKCS#12 file, allowing user to select algorithms other than SHA-1.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

tests: expand pkcs7 test to also check GOST files

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

test: test GOST keys import/export

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

certtool: ask if certificate will be used for data encryption

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

tests: add common gost certificates for tests

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Support key matching with GOST keys

GOST keys do not support signing non-GOST hashes, so use correct digest
algorithm when verifying that GOST public and private keys match.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add generated GOST credentials for tests

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Use GOST R 34.11-94 when generating key for PKCS data to be encrypted with GOST 28147-89

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

certtool: support generating GOST-encrypted PKCS#8/12 files

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add gost certificates to chainverify tests

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Expand x509 sign/verify test with GOST algorithms

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

oids: expand to include GOST digests/signatures

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

tests: privkey-keygen: adapt to support GOST algorithms

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Support GOST private keys generation

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

certtool: support dumping GOST private key information

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add several DN entry definitions used by qualified GOST signatures

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

certool: export GOST privkeys only in PKCS#8 format

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add support for PKCS12 files using GOST MAC

Local PKCS12-based standard derives from RFC 7292 (PKCS #12) in using
PBKDF2 to generate MAC key rather than using PKCS12 scheme.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add support for PBES2/PBKDF2 using GOST algorithms

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Support PKCS#12 key derivation with GOST digests

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add support for importing/exporting GOST private keys

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Support importing/exporting X.509 GOST public keys

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add ASN.1 definitions for GOST keys

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

nettle: add support for GOST 34.10 public keys

There is no support for GOST public keys derivation, as it is used only
for TLS or PKCS#7 with encrypted content.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add few functions to support basic operations with GOST public keys

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add declarations for GOST R 34.10 signatures

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Define GOST R 34.10 curves

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add declarations to support GOST public keys

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add support for I/O of little-endian MPI

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

nettle: add support for unsigned LE MPIs

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

nettle: add support for GOST 34.11 hash functions

Add support for GOST R 34.11-94 and Streebog (256/512) functions.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

nettle: support GOST28147-89 in CFB mode

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add declarations for GOST 28147-89 cipher in CFB mode

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add declarations for GOST R 34.11 (-94 and -2012) digest algorithms

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Import GOST-supporting part from Nettle pending patches

Nettle upstream takes significant time to accept GOST-related patches.
As per Nikos' suggestion, push relevant parts to GnuTLS, so that they
can be tested in wild at the same time supporting GOST ciphersuite code.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

.gitlab-ci.yml: disable gost in minimal build

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Add configure argument to disable GOST support

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Merge branch 'tmp-fix-order-extensions' into 'master'

extensions: corrected order of pre-shared-key and dumbfw

Closes #473

See merge request gnutls/gnutls!659

_gnutls_parse_hello_extensions: enforce that pre-shared-key extension is last

This is a requirement in draft-ietf-tls-tls13-28 4.2.11 section:
   The "pre_shared_key" extension MUST be the last extension in the
   ClientHello (this facilitates implementation as described below).
   Servers MUST check that it is the last extension and otherwise fail
   the handshake with an "illegal_parameter" alert.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: check whether we send the pre-shared key extension after dumbfw

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: corrected typo in comment

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

extensions: corrected order of pre-shared-key and dumbfw

The pre-shared-key MUST always be last under TLS1.3 while the
dumbfw extension should be last in order to do proper evaluation
of extension size (gnutls requirement). As such the protocol
requirement takes precedence.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'fix-warnings-in-testsuite' into 'master'

Fix test code for -Werror

See merge request gnutls/gnutls!675

Fix test code for -Werror

Merge branch 'tmp-supplemental-no-tls13' into 'master'

Disable TLS1.3 when supplemental data extensions are enabled

Closes #479

See merge request gnutls/gnutls!673

tests: updated supplemental tests for TLS1.3

This includes tests that verify that TLS1.3 is not negotiated
when supplemental data are set in client and/or server side.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_supplemental_register: disable TLS 1.3 globally

This allows using the registered supplemental data handlers, since
these are not used under TLS 1.3.

Resolves #479

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_session_supplemental_register: disable TLS1.3 when set

This allows using the registered supplemental data handlers, since
these are not used under TLS 1.3.

Resolves #479

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'exclude-fuzz-corpora' into 'master'

Remove oss-fuzz copora from tarball

Closes #461

See merge request gnutls/gnutls!671

Remove oss-fuzz copora from tarball

The size of the corpora is huge and not needed for normal builds.

This patch also fixes test run issues on Windows.

gnutls-cli: introduce the rekey1 inline command

That allows performing a rekey locally and with the
peer.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'tmp-safe-padding-removal-made-optional' into 'master'

Safe padding removal was made optional

Closes #466

See merge request gnutls/gnutls!669

document new behavior on safe padding removal

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

record: fail with invalid request when attempting to send no pad and no data

Previously we were returning an internal error which seems to be incorrect
in that case.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: enhance padding check

This introduces tests for zero-data transfers with padding as well
as padding and de-padding with safe padding flag set.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-cli: added CCM run under TLS1.2 in benchmark mode

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

cipher: made TLS1.3 safe padding check optional

This patch introduces the gnutls_init() flag GNUTLS_SAFE_PADDING_CHECK
which makes the TLS1.3 safe padding check optional. That way applications
which do not utilize the TLS1.3 padding do not get penalized by the performance
drop in TLS1.3 packet processing. This addresses a regression in TLS1.3
packet processing performance.

Resolves: #466

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_session_get_id: document restrictions

This documents the fact that a TLS session ID cannot be relied
to be unique or to even have a meaningful value.

Resolves #484

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: verify that resumed session ID matches original

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'fix-files-update' into 'master'

Fix make files-update for out-of-tree builds

See merge request gnutls/gnutls!674

Makefile.am: move autogen files update to src/Makefile.am

Move autogen'ed files update to src/Makefile.am to simplify code and
support out-of-tree builds.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Makefile.am: files-update: support out-of-tree builds

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

symbol-check: fix typo to make it work for out-of-tree builds

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

aarch64: update elf files to correspond to the macosx version

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

macosx: include aarch64 asm files

Relates #475

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'tmp-fix-tags' into 'master'

Makefile.am: abi-check: fetch fresh tags

See merge request gnutls/gnutls!668

Makefile.am: abi-check: fetch fresh tags

This addresses the issue of failed abi-check CI runs on
forked repositories.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>