.gitlab-ci.yml: move destructive tests after trust store tests

That is, to ensure they are only run after the trust store
is complete and that it doesn't affect its output.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: include the 8192-bit SRP prime into param checks

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

srp: added the 8192-bit prime

As we now reject any primes not in the SRP spec, we include
that parameter to ensure we can handle clients within the
spec but with large parameters.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

srp: reject any parameters not in the SRP draft

This implements the SHOULD requirement from RFC5054, i.e., to
only accept group parameters that come from a trusted source,
such as those listed in Appendix A.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: srp-client: decreased acceptable prime bits to 1024 [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: combined key and cert tests

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: windows subdir is only included on windows builds

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: dtls subdir was merged into main tests

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: srp-client: restrict prime bits to 1537 [ci skip]

That avoids timeouts in the oss-fuzz infrastructure:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3277

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: corrected typo

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc: better detect acronym keyword on latex output

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: latex: resolve all citation issues

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: citations translate into references in texinfo

That makes the citations to be links in the generated html manual.

Resolves: #321

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

p11tool: renamed pkcs11_set_pin() to allow static linking

Resolves #322

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

cfg.mk: do not include reproducer files into syntax checks

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_x509_ext_import_proxy: corrected memory leak

Also added reproducer for the memory leak found.

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3159

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tools: do not access unused variables

This avoids warnings by static analyzers.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: disabled gcc warnings on CI builds and use dash

That should decrease the time spent in configure. Based on suggestions
by Tim Ruehsen.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: use configure cache file and ccache

That reduces the total time spent per build by caching configure
checks, and compilation artifacts.

Also that patch set no longer uploads coverage files as artifacts.
These files are not generally useful, and removing that "feature"
will reduce CI running time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

doc: corrected typo [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: list-tokens: not only list but also verify whether module is operational

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

pkcs11: refuse to load modules with duplicate information

That is, when ck_info matches, we soft fail loading the module.
That is, because in several cases the pointers got by p11-kit
may differ for the same modules.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: enhanced PKCS#11 loading test

Test whether implicit initialization in trusted module (e.g.,
via verification), would result to proper initialization of additional
modules once a PCKS#11 function is called.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added PKCS#11 module loading test

This checks:
 1. Whether all modules are loaded from p11-kit when
    no explicit gnutls_pkcs11_init() is called and
    pkcs11 calls are accessed.
 2. Whether only the trusted modules are loaded from
    p11-kit and no other PKCS#11 calls than PKCS#11
    cert validation is performed.
 3. Whether the trusted modules are loaded when
    gnutls_pkcs11_init() is called with manual
    flag.

Resolves #315
Resolves #316

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode

When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init()
is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11
trust store was not loaded, and thus prevent any certificate validation.

This change allows initializing the trust modules only even if generic
PKCS#11 support is disabled by the application.

Relates #316

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

pkcs11: introduce multiple levels of loading

That allows to load the PKCS#11 trusted modules (on systems which use them)
without loading all the potentially present PKCS#11 modules.

Relates #315

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

CONTRIBUTING.md: added a short text on reviewing code [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Fix non-null warning

Help the compiler understand the control flow in the MATCH_FUNC and
INVALID_MATCH_FUNC macros.

Because we are using macros, the compiler is not able to correlate the
replaced values of the macro variables to each other yielding non-null
warnings. Introduce a C variable to mimic the macro variable helping
the compiler understanding the control flow.

tests: test whether PKCS#11 generation works without login

Resolves #147

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

p11tool: attempt to auto-login when the token requires it

In operations like generation or writing objects, run as if --login
was given if the token is marked to require login.

Relates #147

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

p11tool: print PKCS#11 token flags in --list-tokens

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

pkcs11: forward token flags to applications

That is, gnutls_pkcs11_token_get_flags() will not return the
most common/useful PKCS#11 token flags, in addition to trusted and HW
flags.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_server_name_set: Clarify meaning of the name_length parameter [ci skip]

Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>

doc: mention SHA224 removal in upgrade guide

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

bumped version

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-serv: print the right error code on OCSP request setting

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

ocsptool: doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

cmp_hsk_types: fixed check for SSLv2 hello

Previously, if SSLv2 hello support was disabled, the check for
the expected TLS message was incorrect.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: improve documentation on provable private keys

Resolves #301

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

doc: enhanced text on PKCS#7 and public keys

Resolves #302

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: check whether key IDs with SHA512 are corrected calculated

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

certtool: allow using SHA512 for key IDs

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

_gnutls_get_key_id: introduce flag GNUTLS_KEYID_USE_SHA512

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: check fingerprint generation with SHA512

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

certtool: allow using --fingerprint with sha384 or sha512

Resolves #295

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Modernize gtk-doc support

Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from
gtk-doc git head (that is 1.26 +
c08cc78562c59082fc83b55b58747177510b7a70).
Disable gtkdoc-check.

Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Fix autoreconf invocation to actually run autopoint

Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>

CONTRIBUTING.md: added some text on introducing new APIs [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: re-purposed client_dsa_key test to match new behavior of the library

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: update TLS 1.2 tests to account for RSA-PSS client signatures

On commit de4f55b4dcf4bbe8f788e1f8f5bd59cd596f7d36:
"signature: on client side, refuse to negotiate non-enabled signature schemes"

the behavior of allowing a client to utilize disabled for the session
signatures, and thus the negotiated signatures now match the ones
in the session's priority string.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

signature: on client side, refuse to negotiate non-enabled signature schemes

That amends/reverts commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4:
"On client side allow signing with the signature algorithm of our cert"

Previously, when we initially disabled DSA, we allowed client certificates
which can do DSA-SHA1 to be utilized to ease migration from these certificates.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

_gnutls_epoch_gc: ensure there are no stray epochs after gc

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

constate: simplified allocation of epochs

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

_gnutls_epoch_get(): simplified use

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_x509_crt/q_set_spki: always initialize the spki structure

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls-cli: always initialize the inline commands struct

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls-cli-debug: eliminated memory leaks

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

ocsptool: eliminate memory leaks

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

certtool: use assert to protect var access

The code correctly uses the variables, but the assert ensures
that static analyzers follow the intended paths too.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

srptool: removed unused variables

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

psktool: remove unused variables

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls-cli: fix memory leak

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tools: eliminated dead assignments

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

ocsptool: check chain size on verification

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

.gitlab-ci.yml: use static analyzer and Werror build in src

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: enhanced resumption checks with same and different SNI

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

server name: refuse to resume a session which server name doesn't match

That is, follow the RFC6066 requirement that server:
"MUST NOT accept the request to resume the session if the
server_name extension contains a different name."

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls-cli: eliminate few memory leaks

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: New test for SNI parsing during cache-based session resumption

Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Ensure the SNI extension is parsed during cache-based resumption

This patch changes the parse_type of the SNI extension to
GNUTLS_EXT_MANDATORY to ensure it is parsed during every handshake.

With SNI previously classified as GNUTLS_EXT_APPLICATION, GnuTLS
servers ignored the SNI extension when resuming a TLS session from
cache, because "application" level extensions are skipped during
resumption. As a result, gnutls_server_name_get() always returned
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when called on the resumed
session, breaking virtual server systems.

According to RFC 6066, Section 3 the SNI extension must be parsed on
session resumption if implemented at all:

  "A server that implements this extension MUST NOT accept the request
  to resume the session if the server_name extension contains a
  different name."

This change allows applications using GnuTLS to match SNI data on
resumed sessions.

Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>

tests: explicitly check for gnutls.pc in pkgconfig.sh

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

test: use proper library name in pkgconfig.sh error message

If there is a -R flag in p11-kit-1.pc file, pkgconfig.sh test will still
reference libidn2.pc, rather than proper source of the message. Also
move the test for library flags before updating PKG_CONFIG_PATH.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

tests: use libidn2 in pkgconfig.sh

Since abe6a12b9766219163f99d7807a0b07fbe5f590c GnuTLS does not support
libidn1. Switch pkgconfig.sh test to use libidn2.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

parse-datetime: Fix buffer overflow

tlsfuzzer: document the reason of failure of few fragmentation tests

It seems that gnutls does not accept records carrying handshake messages
that contain less bytes than necessary to recover the handshake header.
The TLS protocol allows that option, and other implementations seem to
accept that fragmentation.

Relates #272

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

parse_handshake_header: removed duplicate check

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

ecdh: return more appropriate error code on empty packet

This makes tlsfuzzer's test-x25519 detect the right error
code on empty message. Previously this issue was masked by our
refusal to accept 1-byte sized fragments.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

parse_handshake_header: allow 1-byte sized fragments

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added reproducer for DTLS infinite loop

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

pkcs11/get_key_algo_type(): Always initialize bits variable

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

tests/base64-raw: Remove unused variable

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

gnutls.h: Remove redundant function declarations

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

x509: removed debugging code [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: modified the MD5 signature algorithm negotiation tests

Since GnuTLS can no longer negotiate MD5, we utilize a byte stream
of a connection which advertises MD5, and we make sure we detect the
right error code for the rejection of MD5 signature.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tlsfuzzer: no longer include tests involving SHA224 signatures

We no longer support them.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

algorithms/sign: removed TLS identifiers for legacy algorithms

That is, for the MD5-using algorithms, as well as for the DSA2
signature algorithms that were never really used with TLS 1.2.

Kept DSA-SHA1 in order to be used by TLS 1.2 and legacy applications.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

algorithms/sign: legacy signature algorithms were moved toward the end of the list

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

algorithms/sign: no longer enable SHA224 hash in signatures

TLS 1.3 requires that SHA224 MUST NOT be used, and given the
fact that SHA224 was never widespread used in TLS 1.2, there
is no reason to keep these algorithms at all.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tlsfuzzer: added large client hello tests

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

win32: removed no longer used subdir

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: added warning cppcheck checks

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: removed initialization step

That is, combine syntax-check with the static analyzers run. That
provides more parallelism per build and reduces the overall time
spent on a successful run.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: added README on FreeBSD CI setup

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: added FreeBSD build

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>