_gnutls_proc_srp_client_kx: use same type in subtracted values

This ensures that there are no issues with subtracting those values.
Note that the second is read from an uint16_t and thus it is always
positive regardless its type.

Resolves #244

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzzer: Move regression corpora from tests/ to fuzz/

See fuzz/README.md for the corresponding paths.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

fuzzer: Suppress leak in libgmp <= 6.1.2

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

fuzzer: Suppress unsigned integer overflow in rnd-fuzzer.c

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

fuzzer: Initial check in for improved fuzzing

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

fuzzer: added a fuzzer target

This allows to compile the library with flags which will add predictable
random generation and eliminate some crypto checks, in order for the
library to be used for testing (fuzzying).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_x509_privkey_export: made a wrapper over gnutls_x509_privkey_export2()

In addition, improved function description.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-http-serv: use RSA-PSS key

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: use certtool to check RSA-PSS to RSA conversion

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

certtool: introduced --to-rsa option

This allows converting an RSA-PSS key to raw RSA.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added unit tests for gnutls_privkey_import_ext4

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_privkey_import_ext4: introduced to allow signing with RSA-PSS or Ed25519 keys

That function allows a signing callback which passes the signature
algorithm, providing all the information to callback for signing.
It also introduces GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO flag which
allows the library to query the private key of the supported
signature algorithms.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

reduce common asserts to assist in debugging the library

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: algorithms.texi: include list of groups but skip compression methods

Compression methods are no longer relevant or supported, and groups
replace the elliptic curves.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: improved elliptic curve and group documentation

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc: mention the AES-DRBG random generator [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: improved detection of 64-bit systems

We now use the ${ac_cv_sizeof_unsigned_long_int} variable which
gives the numbers used in the host system, not the build one.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: updated for new x86 host

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: replaced the f23 x86 build with a f26 x86 build

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

fuzz: explicitly initialize and deinitialize the library [ci skip]

This enables the fuzzers to run even when statically linked.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

handshake: eliminated unnecessary function wrappers

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_int.h: reduce memory occupied by ext_data

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_int.h: reduced the maximum number of epoch states we keep

There was no need to keep 16 epochs, as we typically we have only
one or two active.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_int.h: removed unused variable from state

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

extensions: simplified requirements from send callback

The callback no longer needs to return the number of sent data;
they are now calculated by the caller.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

ext/ecc: renamed Supported curves extension

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls-serv: --require-client-cert no longer implies --verify-client-cert

That is, it is now possible to require a client certificate without
verifying it.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

CONTRIBUTING.md: corrected typo [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

CONTRIBUTING.md: added section on symbol versioning

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

libgnutls.map: separated symbols introduced in 3.6.0

This separation assists tools like rpm which can detect
the right version of the library to use, by using the
symbol version.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added reproducer for private key import leak

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=561

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

rnd: use time_t for prng_reseed_time

This ensures that all time comparisons are done
under the same type.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_x509_privkey_import_pkcs8: fixed memory leak on incorrect key import

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added reproducer for memory leak in SRP server

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2859

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_srp_verifier: corrected memory leak

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added reproducer for memory leak in RSA-PSK

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2863

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

rsa-psk: corrected memory leak on invalid decrypt

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

p11tool: --generate-xxx options were replaced by generate-privkey

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Fix memleaks in gnutls_x509_trust_list_add_crls()

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Fix memleak in gnutls_x509_crl_list_import()

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

publickey: fixed incorrect assignment

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

mac: simplified iteration functions

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

corrected input to gnutls_sign_supports_pk_algorithm

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

extensions: corrected flag check

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: updated for new rsa-pss key in doc/credentials

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

cert selection: prioritize RSA-PSS certs over RSA

RSA and RSA-PSS can both be used for RSA-PSS operations, and
as such without prioritizing RSA-PSS certificates it is unknown
which certificate will be used for an RSA-PSS operation. The
reason we want to have only RSA-PSS keys used for RSA-PSS operations
is to cover the use case where a server uses a legacy RSA certificate
for clients that don't support RSA-PSS and an RSA-PSS certificate
for the rest, thus separating the keys used for these client
groups. That separation ensures that any issue on PKCS#1 1.5
(legacy RSA), would not affect sessions which use RSA-PSS.

Resolves #243

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_certificate_credentials_t: combine privkey into cert_st structure

This reduces the number of applications and allows for easier
use of the structure information, as they are now self-contained
for most uses.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: verify whether the RSA-PSS key is preferred on RSA-PSS sigs

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

certtool: eliminated unused variable

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added negative tests in provable-privkey

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

gnutls_pk_params_st: separate flags/qbits and curve

Previously we were using the field flags to store the
size of q in case of GNUTLS_PK_DH, some key generation flags
in case of GNUTLS_PK_RSA, and the curve in case of elliptic
curve key. Separate this into multiple fields to reduce
confusion on the field.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: check whether validation parameters are lost on key re-import

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

certtool: improved documentation on --provable option

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

certtool: create mapping between --load-x and --info options

That allows using:
certtool --certificate-info --load-certificate FILE
and
certtool --certificate-info --infile FILE

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

certtool: removed definitions of non-existing functions

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: updated for the new provable private key format

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls_x509_privkey_verify_seed: improved error on missing validation parameters

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

certtool: silence warnings related to --pkcs8

There is no reason to bug the user with such details by default.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

certtool: better print provable key validation parameters

That is, include hash in the printable set, and keep spaces
from next fields.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

certtool: provable private keys are always exported in PKCS#8 form

That allows the provable parameters to be included.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

x509: no longer emit the previous custom format for provable parameters

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

x509: store and read provable seed in PKCS#8 form of key

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Added information on OID registry

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

pkix.asn: removed unused DomainParameters

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

x509: separated PKIX1 attributes parsing code for cert request handling

This allows other code to utilize it.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

_gnutls_fbase64_decode will always return non-zero

That is, document that fact and update its callers to remove
checks for zero.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

_gnutls_base64_decode: reject all zero-length string encodings on decoding

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

wrap_nettle_pk_fixup: added sanity check in RSA-PSS param checking

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

_decode_pkcs8_rsa_key: signal error in RSA privkey decoding

Addresses oss-fuzz issue:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: added reproducer for private key crash

Found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: added unit test of gnutls_x509_crt_list_import

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: added reproducer applications for psk and srp fuzzers

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls_server_fuzzer: added ed25519 key/cert

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

removed references for "new" semantics of PEM base64 encode and decode

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

base64: reverted the raw semantics from the PEM encoding/decoding functions

Keeping the complex semantics with NULL headers would most likely cause
issues in the future.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

base64: test the new base64 encoding and decoding functions

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

base64: uniformly use GNUTLS_E_BASE64_DECODING_ERROR for decoding errors

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

base64: introduced new functions for base64 encoding

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

tests: gnutls_x509_privkey_import: enhanced to test DER key import

It seems that this function was not tested for multiple cases of
private keys in DER mode.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

gnutls_x509_privkey_import: allow importing ed25519 PKCS#8 keys in DER form

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

sign/digest: separate "brokenness" of signatures and hash algorithms

That is, allow digital signatures to be marked as broken irrespective
of their used hash, and restrict hash brokenness to preimage resistance.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

sign: use C99 syntax for signature algorithm's table

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

.gitlab-ci.yml: enable multiple undefined sub-sanitizers

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

p11tool: auto-generate the list of PKCS#11 mechanisms from p11-kit

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added unit test for gnutls_x509_privkey_import

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added TLS negotiation with various keys under PKCS#11

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

x509_privkey: handle keys which can only have PKCS#8 form transparently

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: updated for errors returned due to early signature selection

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

tests: added check for the negotiation of ext keys

That is, check whether we can negotiate TLS with ext abstract
key types, and whether the algorithms which cannot be used
with that key type, gracefully fail.

Relates #234

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or GNUTLS_PK_EDDSA_ED25519

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

_gnutls_check_key_cert_match: use the new API for signing

This ensures that the same signature algorithm is used for
signing and verification.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>