Author: Zoltan Fridrich Date: Thu Feb 9 09:39:41 2023 +0100 Release 3.7.9 Signed-off-by: Zoltan Fridrich Author: Zoltan Fridrich Date: Tue Jan 3 09:06:01 2023 +0100 Update year of copyright notices in doc/gnutls.texi Signed-off-by: Zoltan Fridrich Author: Hubert Kario Date: Wed Feb 8 14:43:45 2023 +0100 document the CVE fix Signed-off-by: Hubert Kario Author: Hubert Kario Date: Wed Feb 8 14:32:09 2023 +0100 rsa: remove dead code since the `ok` variable isn't used any more, we can remove all code used to calculate it Signed-off-by: Hubert Kario Author: Alexander Sosedkin Date: Tue Aug 9 16:05:53 2022 +0200 auth/rsa: side-step potential side-channel Remove branching that depends on secret data. Signed-off-by: Alexander Sosedkin Signed-off-by: Hubert Kario Tested-by: Hubert Kario Author: Alexander Sosedkin Date: Wed Sep 21 14:56:49 2022 +0200 Release 3.7.8 Not bumping LT_CURRENT / LT_AGE since abi-check reports no changes. Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Wed Sep 21 14:26:55 2022 +0200 NEWS: add an entry for allowlisting-relaxing functions restriction Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Mon Sep 19 07:40:01 2022 +0900 accelerated: avoid symbol export mismatch with _gnutls_x86_cpuid_s If the LD doesn't have support for version scripts, _gnutls_x86_cpuid_s is exported through libtool's --export-symbols-regex and that causes link error with clang: libtool: link: nmedit -s .libs/libgnutls-symbols.expsym .libs/libgnutls.30.dylib /Library/Developer/CommandLineTools/usr/bin/nmedit: error: symbols names listed in: .libs/libgnutls-symbols.expsym not in: /opt/local/var/macports/build/_Users_marius_Development_MacPorts_ports_devel_gnutls/gnutls-devel/work/gnutls-3.7.5/lib/.libs/libgnutls.30.dylib __gnutls_x86_cpuid_s make[4]: *** [libgnutls.la] Error 1 This patch renames _gnutls_x86_cpuid_s to GNUTLS_x86_cpuid_s to avoid the issue. Problem investigated and fix suggested by Clemens Lang in: https://gitlab.com/gnutls/gnutls/-/issues/1370#note_967832583 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Sep 18 17:38:46 2022 +0900 compress-cert: support compression of client certificates Previously the compress_certificate extension was sent by the server as part of ServerHello, which violates RFC 8879. This patch instead send it as an extension of CertificateRequest. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Fri Sep 9 13:32:16 2022 +0200 Report system config file location via gnutls-cli Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Sat Aug 20 11:06:07 2022 +0900 src: request tls-exporter only when unique master secrets are used This is to comply with RFC9266 4.2. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Aug 29 06:41:46 2022 +0900 gnutls_session_channel_binding: perform check on "tls-exporter" According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret. This adds a check whether either TLS 1.3 or extended master secret extension is negotiated. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Aug 20 10:58:23 2022 +0900 doc: mention GNUTLS_CB_TLS_EXPORTER Signed-off-by: Daiki Ueno Author: Doug Nazar Date: Tue Aug 16 01:47:49 2022 -0400 cipher: Ensure correct alignment Unsigned math is required to calculate the current alignment. Signed-off-by: Doug Nazar Author: Tobias Heider Date: Tue Aug 23 13:47:38 2022 +0200 Unload custom allocators in gnutls_crypto_deinit() Closes #1398 Signed-off-by: Tobias Heider Author: Daiki Ueno Date: Mon Aug 15 09:39:18 2022 +0900 accelerated: clear AVX bits if it cannot be queried through XSAVE The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32 Architectures Software Developer’s Manual". GnuTLS previously only followed that algorithm when registering the crypto backend, while the CRYPTOGAMS derived SHA code assembly expects that the extension bits are propagated to _gnutls_x86_cpuid_s. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Aug 18 09:01:20 2022 +0900 srptool: resurrect default value for -i The default option value for -i (--index) was dropped during the cligen conversion. This adds it back for compatibility with the existing command line usage. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Aug 18 09:00:44 2022 +0900 cligen: update git submodule Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Tue Aug 16 10:34:05 2022 +0200 tests: add fips-rsa-sizes Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Wed Feb 16 14:36:48 2022 +0100 update documentation on allowlisting API (in a separate commit so that it's easier to compare) Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Wed Feb 16 14:28:18 2022 +0100 plumb allowlisting API through the config, restrict usage to early times Signed-off-by: Alexander Sosedkin Author: Martin Storsjo Date: Mon Aug 15 23:50:16 2022 +0300 windows: Avoid -Wint-conversion errors Clang 15 made "incompatible pointer to integer conversion" an error instead of a plain warning. This fixes errors like these: system/keys-win.c:257:13: error: incompatible pointer to integer conversion initializing 'HCRYPTHASH' (aka 'unsigned long') with an expression of type 'void *' [-Wint-conversion] HCRYPTHASH hHash = NULL; ^ ~~~~ Signed-off-by: Martin Storsjo Author: Alexander Sosedkin Date: Tue Feb 15 16:26:52 2022 +0100 lib/priority: extract parts of cfg_apply into cfg_*_set_array* Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Feb 14 18:00:25 2022 +0100 lib/priority: move sigalgs filtering to set_ciphersuite_list Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Wed Aug 3 16:39:47 2022 +0900 nettle: mark RSA SigVer operation approved for known modulus sizes SP800-131A rev2 suggests certain RSA modulus sizes under 2048 bits (1024, 1280, 1536, and 1792) may continue to be used for signature verification but not for signature generation. This loosen the current service indicator report to approve them. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Aug 9 12:55:04 2022 +0900 nettle: check RSA modulus size in bits rather than bytes Previously we checked RSA modulus size clamped to byte unit instead of bits. This makes the check stricter by explicitly calculating the modulus size in bits. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Tue Aug 9 12:08:24 2022 +0200 fips: disable GNUTLS_CIPHER_3DES_CBC self-test Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Mon Aug 8 13:54:13 2022 +0900 .gitlab-ci.yml: mark all CI jobs interruptible This allows previous pipelines to be cancelled if a new job is submitted subsequently: https://docs.gitlab.com/ee/ci/yaml/#interruptible Suggested-by: Zoltán Fridrich Signed-off-by: Daiki Ueno Author: Stanislav Zidek Date: Mon Aug 8 23:07:21 2022 +0200 Moved TLS interoperability tests to submodule. Signed-off-by: Stanislav Zidek Author: Andreas Metzler Date: Sun Jul 31 10:28:15 2022 +0200 Avoid &> redirection bashism in testsuite Broken by 7b700dbcd5907944a7dd2f74cd26ad8586cd4bac Signed-off-by: Andreas Metzler Author: Stanislav Zidek Date: Thu Feb 11 13:57:27 2021 +0100 interoperability testing with openssl GitLab CI extended to run 2way interoperability tests with openssl on Fedora. Also prepared for adding further interoperability tests once they are in better shape. Signed-off-by: Stanislav Zidek Author: Daiki Ueno Date: Thu Aug 4 16:37:51 2022 +0900 _gnutls_decrypt_pbes1_des_md5_data: use public crypto API This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd. In the decryption code path with PBES1, algorithm checks for FIPS was not applied, because it used internal functions that bypass those checks. Signed-off-by: Daiki Ueno Author: Simon Josefsson Date: Sat Jul 30 21:06:42 2022 +0200 Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266. Signed-off-by: Simon Josefsson Author: František Krenželok Date: Fri Jul 29 10:38:42 2022 +0200 KTLS: hotfix session->internals.pull_func is set to system_read during gnutls_init() so check for user set pull/push function added in commit mentioned bellow will never pass. source: 2d3cba6bb21acb40141180298f3924c73c7de8f8 Signed-off-by: Frantisek Krenzelok Author: Zoltan Fridrich Date: Thu Jul 28 12:49:59 2022 +0200 Release 3.7.7 Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Tue Jul 26 11:39:57 2022 +0900 socket: only set pull/push functions when --save-*-trace is used This allows gnutls-cli to use KTLS for the transport, unless either --save-client-trace or --save-server-trace is used. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jul 26 11:38:41 2022 +0900 handshake: do not enable KTLS if custom pull/push functions are set If gnutls_transport_set_pull_function or gnutls_transport_set_push_function is used, we can't assume the underlying transport handle is an FD. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Fri Jul 22 12:00:11 2022 +0200 Fix double free during gnutls_pkcs7_verify Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Wed Jul 27 20:23:26 2022 +0900 guile: revert gnutls/build/tests.scm to use use-modules This partially reverts e727eb7901a3f1754de970c8529925ae3d591b90. For some reason, the usage of #:use-module causes some behavioral difference that affects reauth.scm test. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Mon Jul 25 16:07:54 2022 +0200 Fix memory leak in gnutls_pkcs7_import Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Thu Jul 14 15:19:23 2022 +0900 crypto-api: add block cipher API with automatic padding This adds a couple of functions gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3, which add or remove padding as necessary if the length of the plaintext is not a multiple of the block size. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 22 11:54:29 2022 +0900 tests: temporarily disable checking against unresolvable hosts *.dane.verisignlabs.com and fedoraproject.org are no longer resolvable. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jul 20 15:00:10 2022 +0900 src: add __attribute__((malloc)) to safe_open_rw This silences -Wsuggest-attribute=malloc warning with GCC 12. While we could use ATTRIBUTE_DEALLOC(fclose, 1), it is currently not possible to use it until Gnulib is updated. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jul 20 14:54:48 2022 +0900 src: add NULL check on return value of realloc used in tests Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jun 30 21:24:23 2022 +0900 tests: resume-with-previous-stek: initialize session data Spotted by gcc-analyzer 12. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jun 30 21:23:31 2022 +0900 tests: add __attribute__((__noreturn__)) to _fail and fail_ignore To suppress warnings with gcc-analyzer 12. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jun 30 21:13:53 2022 +0900 crypto-selftests: fix decryption check condition in test_cipher_aead Spotted by gcc-analyzer 12. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jun 30 20:57:30 2022 +0900 x509, tpm2: use asn1_node instead of deprecated ASN1_TYPE Signed-off-by: Daiki Ueno Author: Ludovic Courtès Date: Sun Jul 10 23:41:26 2022 +0200 guile: Allow session record ports to have a 'close' procedure. This addition makes it easy to close the backing file descriptor or port of a session when its record port is closed. * guile/src/core.c (SCM_GNUTLS_SESSION_RECORD_PORT_SESSION): Add SCM_CAR. (SCM_GNUTLS_SESSION_RECORD_PORT_CLOSE_PROCEDURE) (SCM_GNUTLS_SET_SESSION_RECORD_PORT_CLOSE) (SCM_GNUTLS_SESSION_RECORD_PORT_P) (SCM_VALIDATE_SESSION_RECORD_PORT): New macros. (make_session_record_port): Change "stream" argument to a pair. (close_session_record_port): New function. (scm_gnutls_session_record_port): Add optional 'close' parameter and honor it. (scm_gnutls_set_session_record_port_close_x): New function. (scm_init_gnutls_session_record_port_type): Add call to 'scm_set_port_close' and 'scm_set_port_needs_close_on_gc'. * guile/tests/session-record-port.scm: Test it. * NEWS: Update. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Sun Jul 10 17:03:03 2022 +0200 guile: Remove support for the 1.8.x series. The last Guile 1.8.x release dates back to 2010. * configure.ac: Remove 1.8 from 'GUILE_PKG'. * doc/gnutls-guile.texi (Guile Preparations): Remove mention of Guile 1.8. * guile/src/core.c (mark_session_record_port) (free_session_record_port): Remove. (scm_init_gnutls_session_record_port_type): Remove corresponding 'scm_set_port_mark' and 'scm_set_port_free' calls. * guile/modules/gnutls.in: Remove top-level 'cond-expand' forms for Guile 1.8. * guile/modules/gnutls/build/tests.scm: Likewise. * NEWS: Update. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Sun Jul 10 17:02:17 2022 +0200 maint: Update guile.m4. * m4/guile.m4: Update from Guile 3.0.7. Signed-off-by: Ludovic Courtès Author: Brad Smith Date: Fri Jul 15 22:44:03 2022 -0400 accelerated: aarch64: add OpenBSD/aarch64 support Signed-off-by: Brad Smith Author: Daiki Ueno Date: Mon Jun 27 11:14:50 2022 +0900 cipher: limit plaintext length supplied to AES-GCM According to SP800-38D 5.2.1.1, input data length of AES-GCM encryption function must be less than or equal to 2^39-256 bits. Signed-off-by: Daiki Ueno Author: Ludovic Courtès Date: Sun Jul 10 18:54:54 2022 +0200 guile: Session record port treats premature termination as EOF. * guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Treat GNUTLS_E_PREMATURE_TERMINATION as EOF. (read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise. * guile/tests/premature-termination.scm: New file. * guile/Makefile.am (TESTS): Add it. * NEWS: Update. Signed-off-by: Ludovic Courtès Author: Richard Costa Date: Sat Jul 9 00:50:21 2022 +0000 Add self-test code inside a FIPS context Self-test code exercise lots of different FIPS-related code with side-effects. So, in order to prevent it from losing information when executing inside another context, we create an appropriated one. If the self-test fails, then the library is placed in error state, so it doesn't matter for other contexts. Signed-off-by: Richard Maciel Costa Author: Zoltan Fridrich Date: Tue May 10 15:20:45 2022 +0200 Increase the limit of TLS PSK usernames from 128 to 65535 characters Co-authored-by: Hannes Reinecke Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Fri Apr 1 08:04:57 2022 +0200 fips: make service indicator logging louder Previously, the only way to monitor the FIPS context transtion was to increase logging level to debug (2), which produces unrelated output. This changes the minimum logging level to audit (1) for when the transition happens. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jun 27 09:29:13 2022 +0900 nettle: restrict output size of HKDF-Expand to 255 * HashLen RFC 5869 2.3 requires that requested output length of HKDF-Expand to be equal to or less than 255 times hash output size. Inspired by the report by Guido Vranken in: https://lists.gnupg.org/pipermail/gcrypt-devel/2022-June/005328.html Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Tue Jun 28 17:22:36 2022 +0200 tests/fips-test: minor extension Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Tue Jun 28 13:46:44 2022 +0900 .gitlab-ci.yml: add fedora-ktls pipeline This is to ensure that the same testsuite succeeds even if we compile the library with --enable-ktls and KTLS is enabled with a run-time configuration. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 28 10:53:55 2022 +0900 ktls: _gnutls_ktls_enable: fix GNUTLS_KTLS_SEND calculation Previously, if the first setsockopt for GNUTLS_KTLS_RECV fails and the same socket is used for both sending and receiving, GNUTLS_KTLS_SEND was unconditionally set. This fixes the conditions and also adds more logging. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 28 10:23:33 2022 +0900 handshake: do not reset KTLS enablement in gnutls_handshake As gnutls_handshake can be repeatedly called upon non-blocking setup, we shouldn't try to call setsockopt for KTLS upon every call. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 28 09:37:22 2022 +0900 tests: enable KTLS config while running gnutls_ktls test Signed-off-by: Daiki Ueno Author: Gregor Jasny Date: Tue Jun 21 11:18:16 2022 +0200 README.md: explicitly install libtasn1-bin Signed-off-by: Gregor Jasny Author: František Krenželok Date: Tue Jun 14 16:16:11 2022 +0200 KTLS: disable by default enable by config KTLS will be disabled by default when build with `--enable-ktls` to enable it, use config file option `ktls = true` in [global] section. Signed-off-by: Frantisek Krenzelok Author: Daiki Ueno Date: Fri Jun 3 15:43:00 2022 +0900 fips: provide function to manually run FIPS self-tests FIPS140-3 IG 10.3.E Periodic Self-Testing says: At security levels 1 and 2, acceptable means for initiating the periodic self-tests include a provided service, resetting, rebooting or power cycling. Neither resetting, rebooting, nor power-cycling is suitable because those involve operations outside of the module. Therefore this patch adds a new API to manually run the substance of FIPS140 self-tests. Suggeested by Richard Costa and Stephan Mueller in: https://gitlab.com/gnutls/gnutls/-/issues/1364 Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Wed May 18 15:38:21 2022 +0200 tests/suite/tls-fuzzer: remove most of the -n limiters... ... since tlsfuzzer now sets reasonable (~<10s/script) limits for most of the scripts by default Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Wed May 18 13:41:18 2022 +0200 tests/suite/tls-fuzzer: pin current error messages with -X Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Sun May 29 10:54:48 2022 +0900 build: Revert "Disable test scripts on windows" This reverts commit d2b99e3b3429e9b9a6fbff46598fd4c6a0910f65. It turned out that the test failures under mingw were caused by a regression in wine 7.5, possibly: https://bugs.winehq.org/show_bug.cgi?id=52743 Now that the latest wine package based on wine 7.9 has no issues with running those test scripts, this enables them again in the build process. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Fri May 27 09:17:55 2022 +0200 Release 3.7.6 Signed-off-by: Zoltan Fridrich Author: Asad Mehmood Date: Mon May 23 14:35:46 2022 +0000 libdane: fix typo in Makefile.am Signed-off-by: Asad Mehmood Author: Zoltan Fridrich Date: Fri May 13 14:37:05 2022 +0200 Add release steps for windows builds Signed-off-by: Zoltan Fridrich Author: Zoltan Fridrich Date: Wed May 18 11:43:26 2022 +0200 Fix out-of-bounds memcpy in gnutls_realloc_zero() Co-authored-by: Tobias Heider Co-authored-by: Daiki Ueno Signed-off-by: Zoltan Fridrich Author: Zoltan Fridrich Date: Thu May 19 10:27:51 2022 +0200 Disable test scripts on windows This is a temporary solution to avoid failures of test scripts when ran on windows Signed-off-by: Zoltan Fridrich Author: Zoltan Fridrich Date: Thu May 12 10:38:23 2022 +0200 Release 3.7.5 Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Tue May 10 09:52:26 2022 +0200 cligen: update git submodule Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Fri Apr 29 12:28:50 2022 +0200 Improve certificate sanity checks Signed-off-by: Zoltan Fridrich Author: Tim Kosse Date: Mon Mar 28 17:49:22 2022 +0200 Fix psk_ke_modes_recv_params() wrongly setting HSK_PSK_KE_MODE_INVALID If the preferred side (as per session->internals.priorities->server_precedence) only supports one algorithm and if it is not the first in the other side's list of algorithms, then psk_ke_modes_recv_params did wrongly set session->internals.hsk_flags to HSK_PSK_KE_MODE_INVALID. Fixes #1303 This issue was originally discovered while analyzing https://forum.filezilla-project.org/viewtopic.php?t=54333 Signed-off-by: Tim Kosse Co-authored-by: Daiki Ueno Author: Daiki Ueno Date: Sat May 7 10:07:01 2022 +0200 tests/cmocka-common.h: include before As documented in , must be included before . Suggested by Brad Smith in: https://gitlab.com/gnutls/gnutls/-/issues/1360 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 29 12:01:53 2022 +0200 configure.ac: check if compiler supports -Wa,-march=all Clang from LLVM 13.0.0 caused a segumentation fault if an unknown architecture is supplied through -march. While this has been fixed in 13.0.1, until it is widely deployed this adds a configure check as a safeguard: https://github.com/llvm/llvm-project/commit/d31f8cc6884ba3cc3e088fd57c4c533868e8a8b2 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 15 11:27:20 2022 +0100 gnutls_aead_cipher_set_key: new function This adds gnutls_aead_cipher_set_key, which enables to reuse the same handle but reset the context and key, without releasing the memory. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jan 17 11:48:39 2022 +0100 crypto-api: support AES-SIV with scatter-gather API Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jan 17 11:17:46 2022 +0100 crypto-api: refactor iov_store_st operations This replaces copy_from_iov to more generic append_from_iov. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jan 17 10:36:44 2022 +0100 crypto-api: split scatter-gather AEAD implementation to helper funcs These _encryptv, _encryptv2, and _decryptv2 functions take orthogonal code paths depending on whether the underlying AEAD implementation supports message based API. This patch split the implementation to dedicated helper functions. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jan 17 10:07:02 2022 +0100 crypto-api: add integer overflow checks around copying IOV Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Thu May 5 12:10:46 2022 +0200 Extend fipshmac to take a path to libgnutls.so Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Wed May 4 15:27:16 2022 +0200 .github/workflows/macos.yml: display tests/cert-tests/*.log Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed May 4 15:23:49 2022 +0200 lib/fips.c: suppress -Wdiscarded-qualifiers warning Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed May 4 15:22:16 2022 +0200 .gitignore: ignore tests/tls13/compress-cert* Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed May 4 15:19:17 2022 +0200 tests/cert-tests/pkcs12.sh: use portable sed invocations The BSD sed doesn't recognize '\|' as the alternative operator, and the last '}' must be preceded with a newline. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Sep 21 08:07:25 2021 +0200 tls: add flag to disable session ticket in TLS 1.2 The existing GNUTLS_NO_TICKETS flag affects all versions of TLS, where PFS is assured in TLS 1.3, while it is not in TLS 1.2. This adds a new flag GNUTLS_NO_TICKETS_TLS12 to allow applications to disable session tickets only in TLS 1.2. As the only means of resumption in TLS 1.3 is using session tickets, we could repurpose the GNUTLS_NO_TICKETS flag make it no-op in TLS 1.3. However it would break backward compatibility, so we defer it to the next major release. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Nov 28 11:31:30 2021 +0100 session_ticket: avoid invalid free on error path Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Sep 21 11:08:06 2021 +0200 _gnutls_version_max: return NULL if priorities are not populated Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 2 07:41:12 2022 +0200 m4: update from autoconf-archive Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 17 10:56:35 2022 +0200 .github/workflows/macos.yml: pull in gtk-doc Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Thu Apr 28 12:17:16 2022 +0200 gnutls-cli, gnutls-serv: print supported channel binding Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Sat Sep 4 07:16:18 2021 +0200 .gitlab-ci.yml: replace valgrind checks with ASan Running the full test suite under valgrind wastes a lot of time and may cause intermittent failures due to timeout. We have them mainly for VALGRIND_MAKE_MEM_UNDEFINED client request, though the ASan tests now cover the equivalent after f23c3a6cba43706a6ebb3f9b0018cd658dcc0a72. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Thu Apr 14 11:29:26 2022 +0200 Use packit to automate fedora upstream release Signed-off-by: Zoltan Fridrich Author: Tatsuhiro Tsujikawa Date: Sun Apr 24 17:03:18 2022 +0900 Preserve mbuffer type when linearized Signed-off-by: Tatsuhiro Tsujikawa Author: Brian Wickman Date: Thu Apr 21 05:52:36 2022 +0000 Fix for #1132 Author: Daiki Ueno Date: Mon Apr 11 14:00:16 2022 +0200 .gitignore: ignore files generated by asn1Parser These files are no longer maintained in the repository, after commit 16061937. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 8 10:23:51 2022 +0200 cligen: update git submodule This also reverts commit fd0e28a3 and changes how the cligen python files are included in the distribution. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Tue Apr 12 16:34:52 2022 +0200 Small fips-test refactoring Signed-off-by: Zoltan Fridrich Author: Zoltan Fridrich Date: Mon Apr 11 16:04:38 2022 +0200 Add zeroization of some critical security parameters to comply with FIPS-140-3 requirements Signed-off-by: Zoltan Fridrich Author: Andreas Metzler Date: Sun Apr 10 13:22:22 2022 +0200 Document C++ soname bump in NEWS. Signed-off-by: Andreas Metzler Author: Andreas Metzler Date: Wed Mar 30 18:26:36 2022 +0200 Add missing gtk-doc for GNUTLS_COMP_BROTLI/ZSTD. Signed-off-by: Andreas Metzler Author: Andreas Metzler Date: Wed Mar 30 18:18:12 2022 +0200 Add missing copyright header Signed-off-by: Andreas Metzler Author: Zoltan Fridrich Date: Tue Apr 5 16:28:41 2022 +0200 Add missing FIPS service indicator transitions Signed-off-by: Zoltan Fridrich Author: Zoltan Fridrich Date: Wed Apr 6 15:33:32 2022 +0200 Remove 3DES from FIPS approved algorithms. According to the section 2 of SP800-131A Rev.2, 3DES algorithm will be disallowed for encryption after December 31, 2023: https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final Signed-off-by: Zoltan Fridrich Author: Zoltan Fridrich Date: Fri Apr 1 12:34:12 2022 +0200 Mark HKDF and AES-GCM as approved when used in TLS Co-authored-by: Pedro Monreal Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Thu Mar 31 15:50:51 2022 +0200 bootstrap.conf: use install-sh to copy cligen files Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Mar 19 10:01:09 2022 +0100 lib/{gnutls,pkix}_asn1_tab.c: remove autogenerated files Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Mar 19 10:00:08 2022 +0100 devel/README-ci.freebsd.md: stop mentioning autogen Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Mar 19 09:59:58 2022 +0100 .github/workflows/macos.yml: stop installing autogen Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Mar 19 09:53:54 2022 +0100 configure.ac: always assume GTK_DOC_CHECK macro Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Mar 31 14:28:32 2022 +0200 fips: simplify library integrity checking This removes code duplication by grouping the path and hmac fields in hmac_file structure. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Thu Mar 31 10:13:06 2022 +0200 Increase length limit of PKCS#12 passwords Signed-off-by: Zoltan Fridrich Author: František Krenželok Date: Fri Mar 25 11:31:05 2022 +0100 ktls config documentation Signed-off-by: Frantisek Krenzelok Author: Benjamin Herrenschmidt Date: Thu Mar 31 08:57:07 2022 +1100 Fix off-by one exit condition in pkcs#11 priv keys lookup In function find_privkeys(), the list-> array is allocated to be of size lists->key_ids_size. "current" is the index where the next found key will be written (starts at 0). The current exit condition is thus incorrect: if (current > list->key_ids_size) break; This will allow "current" to be equal to list->key_ids_size which will potentially cause an overflow if more keys are returned by the loop than was originally found when calculating that size. This is very unlikely, but incorrect nonetheless. Fix this by using the more classic construct of testing for the array bound in the loop exit condition, as suggested by Daiki Ueno. Signed-off-by: Benjamin Herrenschmidt Author: Benjamin Herrenschmidt Date: Mon Mar 21 13:45:11 2022 +1100 Fix matching of last key of a pkcs#11 token Retrieving the cert for the last key of a token fails due to an off-by-one bug in find_privkeys(): In the loop that iterates the keys, "current" contains the index of the "next" key slot, which is also the active "count" of populated slots in the output struct find_pkey_list_st. The current statement: list->key_ids_size = current - 1; Means we return a "key_ids_size" of the current count minus one, ie 0 for 1 key etc... However, this isn't what the callers expect, for example: find_multi_objs_cb() does: ret = find_privkeys(sinfo, tinfo, &plist); if (ret < 0) { gnutls_assert(); return ret; } if (plist.key_ids_size == 0) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } So a slot with a single key will fail when trying to find a certificate Subsequent uses of "plist" in that function also show that it's expected to contain the real slot count: for (i = 0; i < plist.key_ids_size; i++) { Signed-off-by: Benjamin Herrenschmidt Author: Zoltan Fridrich Date: Wed Mar 23 16:55:51 2022 +0100 Consolidate FIPS .hmac files Signed-off-by: Zoltan Fridrich Author: František Krenželok Date: Fri Mar 18 11:37:10 2022 +0100 system config disable KTLS Added option for system config `ktls = false` to disable ktls system-wide Signed-off-by: Frantisek Krenzelok Author: Pedro Monreal Date: Tue Mar 22 13:01:53 2022 +0100 lib/crypto-selftests.c: Add a selftest for PBKDF2 that complies with FIPS 140-3. Signed-off-by: Pedro Monreal Author: Tobias Heider Date: Mon Mar 14 16:17:28 2022 +0100 Use custom allocators for GMP to make sure temporary secrets from cryptographic operations in nettle are deleted safely. Signed-off-by: Tobias Heider Author: Daiki Ueno Date: Fri Mar 18 08:10:12 2022 +0100 devel/release-steps.md: expand steps to generate tarball [ci-skip] Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Mar 18 07:54:06 2022 +0100 NEWS: mention couple more changes in 3.7.4 release [ci-skip] Signed-off-by: Daiki Ueno Author: Sam James Date: Fri Mar 18 05:51:29 2022 +0000 configure.ac: fix zstd detection Fixes typo in zstd detection. None of the used autoconf macros will define `has_zstd_h` so configure will (AFAICT) always fail to find zstd, even if it succeeded via pkg-config moments before. Drop it and rely solely on pkg-config as that's the only search we're actually doing. Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1343 Signed-off-by: Sam James Author: Sam James Date: Fri Mar 18 05:40:28 2022 +0000 configure.ac: fix brotli/zstd configure argument name The old `./configure` arguments for brotli and zstd respectively were inconsistent with the `./configure --help` output. Old: --without-libbrotli --without-libzstd (also --with-*) New: --without-brotli --without-zstd (also --with-*) Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1342 Signed-off-by: Sam James Author: Daiki Ueno Date: Wed Mar 16 11:19:29 2022 +0100 cligen: update git submodule To avoid emitting empty "list" substruct in header files, as well as assuming the Python pwd module is always available. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Wed Mar 16 15:42:40 2022 +0100 Release 3.7.4 Signed-off-by: Zoltan Fridrich Author: Zoltan Fridrich Date: Tue Mar 8 18:01:37 2022 +0100 Make gnutls compliant to RFC5280 Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Mon Mar 14 16:03:07 2022 +0100 cli, serv: allow multiple --compress-cert options This eliminates the need of parsing the comma separated list manually. Signed-off-by: Daiki Ueno Author: Tobias Heider Date: Sun Mar 13 23:58:42 2022 +0100 Handle all cases of calloc returning NULL. Signed-off-by: Tobias Heider Author: František Krenželok Date: Fri Mar 11 18:22:18 2022 +0100 Fix global-ini-handler Signed-off-by: Frantisek Krenzelok Author: Daiki Ueno Date: Thu Feb 10 15:58:08 2022 +0100 Make option specification type-safe This switches the CLI code and documentation generation to the external cligen module, which provides more type-safe specification. Signed-off-by: Daiki Ueno Author: Tobias Heider Date: Wed Mar 9 01:18:20 2022 +0100 fips: use GNUTLS_FIPS140_STRICT instead of magic number. Signed-off-by: Tobias Heider Author: Daiki Ueno Date: Wed Mar 9 08:07:58 2022 +0100 locks: define lock functions as a macro When threads are not supported, glthread_* functions are defined as no-op and thus dereferencing lock variables in inline functions will cause compilation error. This change fixes it by redefining our lock functions as a macro so it will also be compiled out. Reported by Fabrice Fontaine in: https://gitlab.com/gnutls/gnutls/-/issues/1330 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Mar 9 07:25:01 2022 +0100 .gitlab-ci.yml: prolong timeout for slow CI jobs Suggested by Marvin Scholz in: https://gitlab.com/gnutls/gnutls/-/merge_requests/1543#note_859825412 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Feb 23 19:48:52 2022 +0100 tpm2: dynamically load tss2 libraries as needed libtss2-esys links to OpenSSL or mbed TLS for cryptography, which may cause packaging issues. This instead dlopen's tss2 libraries as needed so non-TPM applications continue working without loading multiple crypto libraries. Signed-off-by: Daiki Ueno Author: Zoltan Fridrich Date: Wed Jan 12 14:57:42 2022 +0100 Add compress_certificate extension (RFC8879) Signed-off-by: Zoltan Fridrich Author: Craig Gallek Date: Sun Feb 27 10:39:07 2022 -0500 x509: fix return error code for failed decryption without key Decrypting an encrypted private key previously returned GNUTLS_E_DECRYPTION_FAILED when no password was supplied. This changed when decryption via pin callbacks was added in d31b89de. That change should have included a check for callback existence in order to preserve the error path of the no-password case. This adds the check and a test for the previous behavior. Resolves bug #1321 Signed-off-by: Craig Gallek Author: Daiki Ueno Date: Thu Feb 24 09:55:01 2022 +0100 gnutls_record_send_file: make it work with non-blocking I/O When either read() or gnutls_record_send() returns EAGAIN, just return to the caller so it can call this function again, instead of retrying internally. Signed-off-by: Daiki Ueno Author: Marvin Scholz Date: Wed Feb 23 19:03:51 2022 +0100 configure.ac: add missing Libs.private for macOS On macOS the CoreFoundation and Security frameworks are used by GnuTLS, however those were missing in the Libs.private in the .pc resulting in link failures with static builds when relying on the output of pkg-config --static. Signed-off-by: Marvin Scholz Author: František Krenželok Date: Wed Feb 16 11:25:11 2022 +0100 non-KTLS sendfile test Signed-off-by: Frantisek Krenzelok Author: František Krenželok Date: Wed Feb 16 11:23:36 2022 +0100 non-KTLS sendfile Added: sendfile API functionality for non KTLS enabled builds. Signed-off-by: Frantisek Krenzelok Author: Daiki Ueno Date: Tue Feb 22 17:09:46 2022 +0100 algorithms: ensure _list() exclude non-existing algorithms This aligns the behavior of _list() function for sign/pk to the one for cipher/mac: the former previously returned all the algorithms defined, while the latter returns only algorithms compiled in. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Feb 22 17:25:26 2022 +0100 Revert "algorithms: compile out GOST algorithm IDs if they are disabled" This reverts commit aa94bcbdaa55899f4f4ae13dc3e9a8c559354676. Signed-off-by: Daiki Ueno Author: František Krenželok Date: Wed Feb 16 11:22:47 2022 +0100 auto-generated files update Signed-off-by: Frantisek Krenzelok Author: František Krenželok Date: Tue Nov 16 12:05:53 2021 +0100 ktls: sendfile added API function: gnutls_record_send_file(). added: _gnutls_ktls_send_file() function which increases the performance by offloading the file encryption to kernel, thus the data never goes to userspace. updated tests/gnutls_ktls to cover new API Signed-off-by: Frantisek Krenzelok Author: Daiki Ueno Date: Mon Feb 21 16:36:32 2022 +0100 algorithms: compile out GOST algorithm IDs if they are disabled When compiled with --disable-gost, gnutls-cli --list still prints GOST algorithms for public key systems and signatures. This change adds compile time checks to suppress them. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Mon Feb 21 18:19:25 2022 +0100 lib/algorithms: add UB warnings on late allowlisting API invocations Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Feb 14 13:48:37 2022 +0100 lib/priority: defer setting system-wide priority string Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Feb 14 12:44:57 2022 +0100 lib/priority: split up update_system_wide_priority_string This is done in preparation for deferring priority string evaluation. Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Mon Feb 21 16:28:49 2022 +0100 priority: compile out GOST algorithms IDs if they are disabled When compiled with --disable-gost, gnutls-cli --priority NORMAL --list still prints GOST algorithms for ciphers, MACs, and signatures. This change adds compile time checks to suppress them. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Fri Feb 18 11:05:15 2022 +0100 bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS Fedora 36 LEGACY crypto-policy uses allowlisting format and is long enough to blow past the 64 priority string elements mark, causing, effectively, priority string truncation. Signed-off-by: Alexander Sosedkin Author: Dimitris Apostolou Date: Thu Feb 17 17:35:59 2022 +0200 Fix typos Signed-off-by: Dimitris Apostolou Author: Zoltan Fridrich Date: Thu Feb 17 11:46:29 2022 +0100 Disable some tests in fips mode Signed-off-by: Zoltan Fridrich Author: Daiki Ueno Date: Thu Feb 10 17:35:13 2022 +0100 _gnutls_pkcs_raw_{decrypt,encrypt}_data: use public crypto API These functions previously used the internal crypto API (_gnutls_cipher_*) which does not have algorithm checks for FIPS. This change switches the code to use the public crypto API (gnutls_cipher_*) to trigger proper state transitions under FIPS mode. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Feb 10 16:43:08 2022 +0100 pkcs12: mark MAC generation and verification as FIPS non-approved Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Feb 15 17:38:20 2022 +0100 gnutls_transport_is_ktls_enabled: fix return value of stub Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 12 10:37:53 2022 +0100 gnutls_ciphersuite_get: new function to get unique ciphersuite name The existing method to obtain the name of the currently negotiated TLS ciphersuite is as follows: - call gnutls_cipher_get, gnutls_mac_get, gnutls_kx_get - call gnutls_cipher_suite_get_name with the value from the above functions This process is cumbersome and only works with TLS 1.2 or earlier; moreover the returned names are GnuTLS specific. This change adds a new function gnutls_ciphersuite_get to eliminate those limitations. It returns the "canonical" name of the ciphersuite, which is mostly identical to the ones registered in IANA, with an exception for compatibility. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Dec 20 09:28:10 2021 +0100 tls-fuzzer: prolong timeout for FFDHE tests Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Nov 26 20:03:15 2021 +0100 .gitlab-ci.yml: prolong timeout for fedora-nettle-minigmp/test Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Nov 26 09:37:58 2021 +0100 .gitlab-ci.yml: fix nettle installation path .fedora-nettle/build clones the nettle into "nettle-git" and temporarily change the working directory while buidling it. After moving back to the original working directory, the installation path should be prefixed with "${PWD}/nettle-git/". Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Feb 1 15:19:52 2022 +0100 certtool --generate-privkey: update warnings on RSA key sizes Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jan 27 18:17:43 2022 +0100 rsa_generate_fips186_4_keypair: accept a few more modulus sizes While _rsa_generate_fips186_4_keypair was modified to accept modulus sizes other than 2048 and 3076, rsa_generate_fips186_4_keypair, which calls that function, was not updated to accept such modulus sizes. Spotted by Alexander Sosedkin. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 7 11:24:36 2022 +0100 .gitlab-ci.yml: update Fedora images to Fedora 35 Signed-off-by: Daiki Ueno Author: Seppo Yli-Olli Date: Mon Jan 31 18:32:28 2022 +0200 Bump libgnutlsxx soname due to ABI break db_check_entry and db_check_entry now have const parameters Signed-off-by: Seppo Yli-Olli Author: Daiki Ueno Date: Fri Jan 28 07:49:42 2022 +0100 configure.ac: make --with-tpm and --with-tpm2 independent These features are not mutually exclusive, so it doesn't make sense to disable the TPM 1.2 support with TPM 2.0 support. Reported by Jan Palus in: https://gitlab.com/gnutls/gnutls/-/issues/1313 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 28 12:50:56 2022 +0100 gen-getopt.py: avoid struct member name clash with C keywords Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 28 07:55:25 2022 +0100 tests: tcp_connect: avoid resource leak on error path Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 28 08:48:47 2022 +0100 README.md: fix versions in build status and add 3.6.x Signed-off-by: Daiki Ueno Author: Jan Palus Date: Fri Jan 28 11:07:02 2022 +0100 ktls: fix _gnutls_ktls_send_control_msg return value always returned 0 on success while contract mandates to return number of bytes sent Fixes #1314 Signed-off-by: Jan Palus Author: Daiki Ueno Date: Fri Jan 28 06:35:45 2022 +0100 release-steps: fix markup Signed-off-by: Daiki Ueno Author: František Krenželok Date: Thu Jan 27 13:54:21 2022 +0100 KTLS: hotfix fixed: keys will be set only when both sockets were enabled for ktls fixed: session->internals.ktls_enabled left uninitialized for non ktls-enabled build Signed-off-by: Frantisek Krenzelok Author: Alexander Sosedkin Date: Wed Jan 26 16:25:01 2022 +0100 lib/accelerated: use unlikely on buffer length checks more consistently Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Wed Jan 26 16:15:36 2022 +0100 lib/accelerated: rearranged several size checks to avoid overflow Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Tue Jan 25 12:32:59 2022 +0100 tests/scripts/common: fix skipping over x86-specific tests Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Tue Jan 25 13:37:55 2022 +0100 tests/slow/test-hash-large: output GNUTLS_CPUID_OVERRIDE hints Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Tue Jan 25 13:46:46 2022 +0100 tests/slow/cipher-api-test: add happy paths, specific error checks etc Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Tue Jan 25 13:36:19 2022 +0100 lib/accelerated: report GNUTLS_E_SHORT_MEMORY_BUFFER in many places Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Jan 24 17:37:24 2022 +0100 .gitlab-ci.yml: enable hardware acceleration in UB+ASAN jobs Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Jan 24 17:34:35 2022 +0100 tests/slow/cipher-api-test: actually test for short buffer... ... avoiding the case when different failures mask the intended one Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Jan 24 17:33:48 2022 +0100 lib/accelerated/x86/aes-gcm-x86-pclmul-avx: add short buffer checks Signed-off-by: Alexander Sosedkin Author: Andreas Metzler Date: Sun Jan 23 13:40:17 2022 +0100 testsuite: Fix endless loop on /bin/sh without $RANDOM Closes #1315 Signed-off-by: Andreas Metzler Author: Andreas Metzler Date: Sun Jan 23 07:52:21 2022 +0100 testsuite: Fix missed instances of &> redirection Signed-off-by: Andreas Metzler Author: Andreas Metzler Date: Fri Jan 21 18:25:52 2022 +0100 Avoid &> redirection bashism in testsuite Signed-off-by: Andreas Metzler Author: Daiki Ueno Date: Mon Jan 17 16:48:10 2022 +0100 Release 3.7.3 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 18 06:43:07 2022 +0100 tests: privkey-keygen: fix memory leak Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Oct 30 08:56:07 2021 +0200 x509: fix thread-safety in gnutls_x509_trust_list_verify_crt2 This function previously used gnutls_x509_trust_list_get_issuer without GNUTLS_TL_GET_COPY flag, which is required when the function is called from multi-threaded application and PKCS #11 trust store is in use. Reported and the change suggested by Remi Gacogne in: https://gitlab.com/gnutls/gnutls/-/issues/1277 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 16 07:57:02 2022 +0100 cli: add --list-config option With this option gnutls-cli prints the build-time configuration of the library, retrieved through gnutls_get_library_config. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 11 07:36:27 2022 +0100 fips: add build option to embed FIPS module info in library config This adds a couple of configure options, --with-fips140-module-name and --with-fips140-module-version, which packagers can use to embed FIPS module information in the library. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 11 07:34:59 2022 +0100 global: add API to retrieve library configuration at run time Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 16 12:17:39 2022 +0100 configure.ac: emit feature summary as C macro Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 16 16:19:53 2022 +0100 tests: suppress GCC -fanalyzer warnings Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 16 16:00:10 2022 +0100 .gitignore: ignore more files Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 16 15:59:01 2022 +0100 src: avoid overriding noinst_PROGRAMS In src, we now have two helper programs: systemkey and dumpcfg. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jan 13 14:30:02 2022 +0100 build: hide maintainer tool invocation behind AM_V_GEN Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Thu Jan 13 14:35:07 2022 +0100 tests: use more aliases in tests for better alias testing coverage Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Fri Jan 7 10:02:32 2022 +0100 .gitlab-ci.yml: run static analyzers on Python files This runs a couple of code analysis on the Python scripts added to remove AutoGen dependency. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 7 09:58:11 2022 +0100 .gitlab-ci.yml: bump cache key for python3 detection Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 5 08:09:36 2022 +0100 README.md: mention Python as requirement instead of AutoGen Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 5 07:39:10 2022 +0100 src: remove AutoGen .def files As neither the tools nor documentation depends on AutoGen, we don't need to include the AutoGen definition files. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 5 07:24:03 2022 +0100 doc: generate man-pages from JSON This replaces man-pages generation previously provided by the autogen -Tagman.tpl command with a Python script (gen-cmd-man.py). Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 4 09:06:21 2022 +0100 doc: generate texinfo files from JSON This replaces texinfo generation previously provided by the autogen -Tagtexi.tpl command with a Python script (gen-cmd-texi.py). Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jan 3 11:02:43 2022 +0100 src: remove included copy of libopts As no tools link with libopts anymore, we don't need to include it in the distribution. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jan 3 10:30:34 2022 +0100 src: replace autoopts/libopts with minimal config parser This replaces configuration file parsing code previously provided by , with a minimal compatible implementation. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Dec 31 18:13:58 2021 +0100 src: generate option handling code from JSON This replaces AutoGen based command-line parser with a Python script (gen-getopt.py), which takes JSON description as the input. The included JSON files were converted one-off using the parse-autogen program: https://gitlab.com/dueno/parse-autogen. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 4 15:18:26 2022 +0100 python: add library for handling JSON-based option description This adds the jsonopts Python module used by the command-line parser generator and documentation generators in the following commits. This also bumps the required Python interpreter version to 3.6. Signed-off-by: Daiki Ueno Co-authored-by: Alexander Sosedkin Author: Daiki Ueno Date: Thu Jan 13 09:36:52 2022 +0100 pkcs12: use the correct MAC algorithm for GOST key generation According to the latest TC-26 requirements, the MAC algorithm used for PBKDF2 should always be HMAC_GOSTR3411_2012_512. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 12 08:15:24 2022 +0100 tests: simple: check if the digest algorithm is compiled in When the library is built with --disable-gost, gnutls_digest_get_id returns GNUTLS_DIG_UNKNOWN for GOST algorithms. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 11 14:07:56 2022 +0100 x509: fix potential wrong usage of memcpy Spotted by GCC analyzer: common.c:552:17: warning: use of NULL 'out.data' where non-null expected [CWE-476] [-Wanalyzer-null-argument] 552 | memcpy(output_data, out.data, (size_t) out.size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 9 08:34:52 2022 +0100 cert-auth: suppress false-positive warnings with GCC analyzer When compiled with gcc -fanalyzer, it reports: cert.c: In function '_gnutls_pcert_to_auth_info': cert.c:85:17: error: dereference of NULL 'info' [CWE-476] [-Werror=analyzer-null-dereference] 85 | if (info->raw_certificate_list != NULL) { Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 7 17:48:22 2022 +0100 gnutls_pkcs12_generate_mac: use SHA256 by default Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Dec 20 16:16:23 2021 +0100 .gitlab-ci.yml: reduce PKCS#12 iteration count while testing Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Dec 21 15:02:45 2021 +0100 tests: check algorithms for generating PKCS#12 file Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Dec 26 17:40:42 2021 +0100 cipher-api-test: mention why it is written using fork Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Nov 23 15:23:34 2021 +0100 fips: plumb service indicator to symmetric key crypto operations Signed-off-by: Daiki Ueno Co-authored-by: Pedro Monreal Author: Daiki Ueno Date: Tue Aug 31 13:29:45 2021 +0200 fips: plumb service indicator to public key crypto operations This installs service indicator state transitions in certain public key operations in gnutls_crypto_pk_st, namely: * fallible operations - encrypt - sign - generate_keys - derive * infallible operations - decrypt, decrypt2 - verify other operations, such as generate_params, are not considered as crypto operation. Note that fallible operations above mean that those return value could indicate error, while infallible operations do not have distinction between errors and failures: decrypt/verify failures are treated as a successful completion of the operation. Signed-off-by: Daiki Ueno Co-authored-by: Pedro Monreal Author: Daiki Ueno Date: Tue Dec 21 15:17:55 2021 +0100 _gnutls_pkcs_generate_key: use HMAC-SHA256 for PBKDF2 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Dec 20 16:34:30 2021 +0100 pkcs12: determine iteration count for MAC at build time Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Dec 20 16:13:06 2021 +0100 pkcs7: determine iteration count for PBKDF2 at build time Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Dec 20 15:56:24 2021 +0100 certtool: --to-p12: use modern algorithms by default Currently certtool uses PKCS12-3DES-SHA1 for encrypting keys in PKCS#12, while it is suggested to migrate to more modern algorithms, namely AES-128-CBC with PBKDF2 and SHA-256: https://bugzilla.redhat.com/show_bug.cgi?id=1759982 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 23 10:31:08 2021 +0200 fips: add functions to inspect thread-local FIPS operation state Signed-off-by: Daiki Ueno Author: Andreas Metzler Date: Thu Jan 6 07:17:01 2022 +0100 Drop unquoted angle brackets in gtk-doc comment. Signed-off-by: Andreas Metzler Author: Andreas Metzler Date: Thu Jan 6 07:15:31 2022 +0100 Fix gtk-doc build, use http URI in sgml master. Signed-off-by: Andreas Metzler Author: Alon Bar-Lev Date: Sat Jan 1 21:12:51 2022 +0200 p11tool: add --mark-always-authenticate option Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Sun Jan 2 19:31:33 2022 +0200 doc: updated copyrights for 2022 Signed-off-by: Alon Bar-Lev Author: Daiki Ueno Date: Thu Nov 18 19:02:03 2021 +0100 accelerated: fix CPU feature detection for Intel CPUs This fixes read_cpuid_vals to correctly read the CPUID quadruple, as well as to set the bit the ustream CRYPTOGAMS uses to identify Intel CPUs. Suggested by Rafael Gieschke in: https://gitlab.com/gnutls/gnutls/-/issues/1282 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Dec 22 17:00:03 2021 +0100 padlock: reset _gnutls_x86_cpuid_s only after padlock check succeeds Otherwise it clears _gnutls_x86_cpuid_s which may already hold valid CPUID detected for Intel and AMD CPUs. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Dec 22 09:12:25 2021 +0100 wrap_nettle_hash_fast: avoid calling _update with zero-length input As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Dec 22 08:22:04 2021 +0100 gnutls_{hash,hmac}_copy: mention the functions do not always work It is known that some built-in accelerated implementation, such as AF_ALG, does not support copying hash/hmac contexts. This expands the documentation to suggest checking the return value of those functions. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Mon Dec 20 17:47:36 2021 +0100 tests: extend system-override-curves-allowlist with key generation Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Dec 20 16:50:59 2021 +0100 tests: tweak system-override-curves-allowlist insignificantly Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Fri Dec 17 18:49:27 2021 +0100 README: document tpm2-tss-engine test dependency Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Thu Dec 16 12:46:38 2021 +0100 use sha384_digest in lib/accelerated/aarch64/sha-aarch64.c sha384 Mirrors https://gitlab.com/gnutls/gnutls/-/merge_requests/1466 Signed-off-by: Alexander Sosedkin Author: František Krenželok Date: Thu Dec 2 16:35:31 2021 +0100 ktls: flags ktls enum flags API Signed-off-by: Frantisek Krenzelok Author: František Krenželok Date: Fri Oct 15 15:00:17 2021 +0200 KTLS: API ktls is enabled by default, we can check if inicialization was succesfull with gnutls_transport_is_ktls_enabled Signed-off-by: Frantisek Krenzelok Author: Daiki Ueno Date: Thu Dec 9 11:22:14 2021 +0100 .gitignore: ignore tests/x509cert-ct Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Dec 9 11:03:50 2021 +0100 X509 CT: defer filling in the length field This eliminates the need of precalculating the payload size, to make it easier to adapt to new format. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Fri Dec 10 13:47:21 2021 +0100 tests: fix out of tree builds with ASAN Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Thu Nov 11 14:05:40 2021 +0100 tests: add protocol-set-allowlist Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Thu Nov 11 14:04:54 2021 +0100 tests: add tcp_connect to utils Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Thu Dec 9 10:48:58 2021 +0100 X509 CT: use size_t for array index instead of unsigned Signed-off-by: Daiki Ueno Author: Ander Juaristi Date: Fri Nov 26 18:20:44 2021 +0100 Update symbols Signed-off-by: Ander Juaristi Author: Ander Juaristi Date: Wed Nov 17 19:28:50 2021 +0100 devel: Suppress new API functions Signed-off-by: Ander Juaristi Author: Ander Juaristi Date: Sat Nov 28 19:04:35 2020 +0100 x509 CT: Add tests Signed-off-by: Ander Juaristi Author: Ander Juaristi Date: Mon Nov 15 20:03:12 2021 +0100 x509 CT: implement new public API This commit implements import and export functions for the X.509 Certificate Transparency Signed Certificate Timestamp (SCT) extension (RFC 6962). A new constant GNUTLS_X509EXT_OID_CT_SCT is introduced with the value "1.3.6.1.4.1.11129.2.4.2". The following new public API functions are introduced: - gnutls_x509_ext_ct_scts_init - gnutls_x509_ext_ct_scts_deinit - gnutls_x509_ext_ct_import_scts - gnutls_x509_ext_ct_export_scts - gnutls_x509_ct_sct_get_version - gnutls_x509_ct_sct_get Signed-off-by: Ander Juaristi Author: Daiki Ueno Date: Tue Nov 30 14:33:33 2021 +0100 devel/libgnutls.abignore: ignore drbg_aes_* functions These functions are only defined when compiled with --enable-fips140-mode. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu May 6 12:41:40 2021 +0200 priority: support allowlisting in configuration file This adds a new mode of interpreting the [overrides] section. If "override-mode" is set to "allowlisting" in the [global] section, all the algorithms (hashes, signature algorithms, curves, and versions) are initially marked as insecure/disabled. Then the user can enable them by specifying allowlisting keywords such as "secure-hash" in the [overrides] section. Signed-off-by: Daiki Ueno Co-authored-by: Alexander Sosedkin Author: Daiki Ueno Date: Sat Nov 27 16:48:51 2021 +0100 CONTRIBUTING.md: clarify how to introduce new API Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Nov 27 16:39:41 2021 +0100 release-steps: "make abi-dump-latest" at release time Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Nov 27 16:36:17 2021 +0100 build: stop running abi-dump-latest at "make files-update" The procedure of registering ABI updates has changed in bd3c78b9d10937adb1855b85bca1864972a1c986. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Nov 24 18:44:13 2021 +0100 build: update to use the latest valgrind-tests module from Gnulib This adjust the existing valgrind invocations in the test suite with: https://www.gnu.org/software/gnulib/manual/html_node/Valgrind-options.html - make --suppressions option to per directory, using AM_VALGRINDFLAGS - use LOG_VALGRIND for LOG_COMPILER - quote '$(LOG_VALGRIND)' in TESTS_ENVIRONMENT - move gl_VALGRIND_TESTS_DEFAULT_NO call before gl_INIT Signed-off-by: Daiki Ueno Author: Evgeny Grin Date: Fri Nov 26 14:08:22 2021 +0300 sockets: fixed compiler warning on Windows x32 Signed-off-by: Evgeny Grin Author: Evgeny Grin Date: Fri Nov 26 13:50:52 2021 +0300 sockets: fixed building for Windows with compilers without VLA support Signed-off-by: Evgeny Grin Author: Daiki Ueno Date: Wed May 5 16:27:55 2021 +0200 priority: refactor config file parsing This adds the following refactoring: - avoid side-effects during parsing the config file, by separating application phase; the parsed configuration can be applied globally with cfg_apply, after validation - make _gnutls_*_mark_{disabled,insecure} take an ID instead of the name Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Nov 16 18:46:41 2021 +0100 locks: deprecate gnutls_global_set_mutex As the library now uses static mutexes, rwlocks, and onces, it doesn't make much sense to only replace dynamic mutex usage. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Nov 14 14:57:15 2021 +0100 locks: use once execution for on-demand initialization of globals This makes sure that the global variables are initialized only once. Most of those variables are initialized at ELF constructor, though a couple of occasions they are initialized on-demand: the global keylog file pointer and TPM2 TCTI context. To properly protect the initialization this patch uses gl_once provided by Gnulib. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Nov 14 16:39:29 2021 +0100 locks: rework rwlock primitives Remove GNUTLS_STATIC_RWLOCK_*LOCK macros and respect return values of rwlock primitives. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Nov 16 18:20:24 2021 +0100 pkcs11: switch to using static mutex Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Nov 16 18:00:12 2021 +0100 verify-tofu: switch to using static mutex for locking Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Nov 14 14:04:59 2021 +0100 locks: replace custom mutex wrappers with "glthread/lock.h" As Gnulib provides portability wrappers of mutex implementations, we don't need to provide similar wrappers by ourselves. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Fri Mar 22 14:52:10 2019 +0100 Port openconnect TPM2 code This introduces transparent loading of TPM2 keys which are in PEM form by gnutls_privkey_import_x509_raw() and higher level functions which wrap it. Signed-off-by: Nikos Mavrogiannopoulos Co-authored-by: David Woodhouse Co-authored-by: Daiki Ueno Author: Alexander Sosedkin Date: Mon Nov 8 19:07:28 2021 +0100 tests: set $abs_top_builddir in more places `$abs_top_builddir` has been used all across tests' subdirectories (through tests/scripts/common.sh) but has only been defined for tests/suite/ ones. Defining it in other Makefiles where `top_builddir` is being passed. Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Sat Oct 30 17:17:47 2021 +0200 priority: rework config reloading logic and locking The previous reloading logic relied on the existence of [priority] section (in the initial loading) as an indicator whether the file is loaded. This didn't work well in the following cases: - when the section didn't exist initially and then is added later - when the section existed initially and then is removed later To handle these cases, this change adds a new flag system_priority_file_loaded which can be used together with the mtime check. This also adds an rwlock to protect global configuration. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Nov 1 16:46:50 2021 +0100 Revert "priority: fix potential race in reloading system-wide config" This reverts commit 890c6937a3cfb4a0704bc815324221ec4cb89840. Considering the entire logic around reloading the config file, the fix was suboptimal. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Oct 28 18:55:26 2021 +0200 priority: fix potential race in reloading system-wide config _gnutls_update_system_priorities is called from gnutls_priority_set* functions every time when the SYSTEM keyword is used and updates a global variable system_wide_priority_strings if the configuration changes. Although the critical path is protected with mtime check, it should also hold a lock to avoid occasional race condition in multi-thread programs. This also clears system_wide_priority_strings_init upon unloading and before reloading the config file (thanks to Alexander Sosedkin). Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Thu Oct 21 12:46:56 2021 +0200 .gitlab-ci.yml: add caching to cppcheck Signed-off-by: Alexander Sosedkin Author: Daiki Ueno Date: Tue Oct 26 07:50:16 2021 +0200 devel: update release procedure taking into account of abi-dump As the *.abi files have been moved into a separate repository, we need an extra step to update the repository for new release. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Wed Oct 20 17:49:56 2021 +0200 NEWS: add a notice of insecure-hash filtering ciphersuites on PRF Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Wed Oct 20 14:37:07 2021 +0200 tests: add system-override-hash-influences-prf Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Wed Oct 20 14:36:44 2021 +0200 priority: filter out ciphersuites with prf blocked by insecure-hash Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Wed Oct 20 14:34:58 2021 +0200 priority: refactor ciphersuite filtering Signed-off-by: Alexander Sosedkin Author: František Krenželok Date: Fri May 14 15:56:06 2021 +0200 ktls: basic implementation of SW mode ktls enables us to offload encryption/decryption to the kernel prerequisites: - configured with `--enable-ktls` - tls module `modprobe tls` check with 'lsmod | grep tls' - per connection: gnutls_transport_set_int{2} must be set When prerequisities are met then ktls is used by default. If GnuTLS encounters a error during KTLS initialization, it will not use ktls and fallback to userspace. Signed-off-by: Frantisek Krenzelok Author: Daiki Ueno Date: Mon Oct 18 16:27:46 2021 +0200 devel: make use of abidw --drop-private-types This will produce more compact abixml output. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 18 11:49:46 2021 +0200 devel: move .abi files into a separate repository Changes to the .abi files are a bit too noisy to track in the main repository. This moves the files out of this repository and embed it as a git submodule. Signed-off-by: Daiki Ueno Author: Steve Lhomme Date: Thu Sep 23 09:03:50 2021 +0200 fix mingw64 detection __MINGW64__ is only defined for 64 bits builds of mingw64 [1]. The intended test what to only use the CertEnumCRLsInStoreFunc via LoadLibrary for some ancient mingw32 build and never for mingw64. __MINGW64_VERSION_MAJOR is a proper define to identify mingw64 against mingw32. [1] https://sourceforge.net/p/predef/wiki/Compilers/ Co-authored-by: Johannes Kauffmann Signed-off-by: Steve Lhomme Author: Daiki Ueno Date: Fri Sep 17 11:03:25 2021 +0200 wrap_nettle_hash_exists: add missing hash algorithms This adds SHAKE-128, SHAKE-256, and RIPEMD-160 to the supported algorithms by nettle. While SHAKEs are not a hash algorithm but an XOF, it would be consistent to report they are implemented. The simple test is expanded to exercise the code path (gnutls_digest_get_id → wrap_nettle_hash_exists). Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Sep 18 07:18:59 2021 +0200 fuzz: explicitly supply LDFLAGS to clang++ command line This prevented fuzzer programs being linked in Ubuntu 20.03, used in oss-fuzz. Signed-off-by: Daiki Ueno Author: Daniel Kahn Gillmor Date: Fri Sep 17 16:37:24 2021 -0400 lib/x509: Avoid memcpy when string is empty This fixes an ASAN warning in fuzz/gnutls_private_key_parser_fuzzer when run against the malformed private key fuzz/gnutls_private_key_parser_fuzzer.in/10a5c92fa30ddb6cbb4286d7699b2b7a7e032b17 Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Wed Aug 11 17:31:40 2021 -0400 NEWS: added news about certtool handling x448 and x25519 Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Wed Aug 11 15:59:21 2021 -0400 tests: add test for generating x25519 and x448 certificates These certs should work just fine for the purposes of cryptographic e-mail (S/MIME). These usage flags are also used in the end-entity certificates found in https://datatracker.ietf.org/doc/draft-ietf-lamps-samples/ Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 14 17:14:41 2021 -0400 tests: update details about sample X25519 certificate Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 20:14:53 2021 -0400 certtool: add x448 and x25519 for --key-type This is a simple extension of the certtool command-line interface. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 22:25:41 2021 -0400 certtool: when making X25519 or X448 certs, always use "key agreement" This is related to #1227 -- but in this case, it's enforcing a requirement of RFC 8410 §5. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 21:53:47 2021 -0400 x509: handle X25519 and X448 in read_pubkey _gnutls_x509_read_ecdh_pubkey is basically a clone of _gnutls_x509_read_eddsa_pubkey. Another form of implementation would be to collapse these two static functions into a common function for all "CFRG" curves. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 21:30:53 2021 -0400 nettle: handle X25519 and X448 in pk_fixup Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 20:23:41 2021 -0400 x509: enable importing secret keys for X448 and X25519. _decode_pkcs8_modern_ecdh_key is virtually the same as _decode_pkcs8_eddsa_key. Another implementation would be to collapse these two functions into one, since their structure is identical. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 19:53:28 2021 -0400 Enable X25519 and X448 everywhere that EdDSA is supported. These are just trivial extension points where the codepath is the same for the ECDH scheme as it is for the EdDSA scheme. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 20:14:07 2021 -0400 x509: handle X448 and X25519 in write_pubkey This uses the same structure as _gnutls_x509_write_eddsa_pubkey. Another way to write this would be to combine those two functions, despite X448 and X25519 not being EdDSA at all. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 20:12:15 2021 -0400 pubkey: handle X25519 and X448 in gnutls_pubkey_import_pkcs11 I am not confident in the strings I chose to match on in ASN1_ETYPE_PRINTABLE_STRING, in that I do not know what registry I should look this up in. The *parse_ecc_ecdh_params and *import_ecc_ecdh functions are tweaked analogs to the eddsa versions of those functions. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 19:48:10 2021 -0400 nettle: extend pk_verify_priv_params to handle X25519 and X448 This is basically a copy of the EdDSA case in the switch statement. Another way to implement it would be to augment the EdDSA case (and the functions it uses) to have that case also handle ECDH use of the CFRG curves. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 19:36:14 2021 -0400 lib/pk: treat modern ECDH octet streams the same way as eddsa streams. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 7 19:34:59 2021 -0400 lib/algorithms: add modern ecdh functions comparable to curve_is_eddsa This is useful for the so-called CFRG curves used in ECDH, x25519 and x448. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Thu May 6 14:10:46 2021 -0400 algorithms: Explicitly name ECDH_X448_OID and ECDH_X25519_OID Signed-off-by: Daniel Kahn Gillmor Author: Daiki Ueno Date: Fri Sep 10 17:08:52 2021 +0200 .gitlab-ci.yml: new ASan job with -DAGGRESSIVE_REALLOC This would exercise the same logic currently covered with fedora-valgrind-aggressive in each MR. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Sep 9 18:36:46 2021 +0200 fuzz: allow multiple definitions of gnutls_rnd in oss-fuzz Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Sep 9 09:46:04 2021 +0200 build: remove tautological if conditions Spotted by LGTM. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Sep 9 09:38:21 2021 +0200 ext/{client,server}_cert_type: use proper types for integers Spotted by LGTM. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Sep 6 15:51:41 2021 +0200 tests: use PYTHONPATH instead of creating symlinks in srcdir Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Sep 7 17:56:02 2021 +0200 tls-fuzzer: update submodules to the latest Signed-off-by: Daiki Ueno Author: Miroslav Lichvar Date: Wed Sep 1 15:48:27 2021 +0200 fix SSSE3 SHA384 to work more than once The output function called sha512_digest() instead of sha384_digest(), which caused the hash context to be reinitialized for SHA512 instead of SHA384 and all following digests using the hash handle were wrong. Signed-off-by: Miroslav Lichvar Author: Daiki Ueno Date: Sat Sep 4 10:38:23 2021 +0200 testcompat-openssl-tls13-cli.sh: disable early data testing This test is causing intermittent failure quite often in the CI. Let's temporarily disable it until the cause is properly investigated. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Sep 5 18:48:09 2021 +0200 testcompat-openssl-tls13-cli.sh: use different tmpdirs for sub-tests Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Sep 5 17:28:43 2021 +0200 tests: rework port locking This makes the locking logic per port, not per entire make process. It also makes use of absolute paths for locking directory, so that tlsfuzzer tests can use it. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Mon Aug 30 19:26:49 2021 +0200 tests/tls13/post-handshake-with-cert: avoid a race condition A server tries to close connection and kill the client after reauth. Client, in turn, attempts to send data in some cases. This patch makes the server wait for the client to terminate first. Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Aug 30 19:38:03 2021 +0200 tests: remove unused `terminate` from 2 tests Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Fri Aug 27 17:10:37 2021 +0200 tests: add a safeguard to terminate() Add a safeguard to `terminate()` so that we don't kill whole pgroups. Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Fri Aug 27 17:02:51 2021 +0200 tests: don't kill whole pgroups `terminate()` executed from the child process results in a `kill(0, SIGTERM)`, bringing the whole pgroup down. `exit(1)` should be called instead. Signed-off-by: Alexander Sosedkin Author: Nick Child Date: Wed Aug 25 15:13:07 2021 -0400 INSTALL.md: Update documentation on building static library [skip ci] As of commit a88eb79d88c53531c49d7cedfce2207f36ac8a9d, building a static archive (libgnutls.a) is off by default. This commit updates the documentation for building a static library in INSTALL.md . Signed-off-by: Nick Child Author: Simon South Date: Sun Aug 22 08:41:36 2021 +0200 guile: Add 'GNUTLS_DIG_SHA256' enum value. * guile/modules/gnutls/build/enums.scm (%digest-enum): Add 'sha256'. * guile/modules/gnutls.in: Export 'digest/sha256'. * guile/tests/x509-certificates.scm: Test 'digest/sha256' with 'x509-certificate-fingerprint'. (%sha256-fingerprint): New constant. Signed-off-by: Simon South Author: Simon South Date: Sun Aug 22 08:40:14 2021 +0200 guile: Add binding for 'gnutls_x509_crt_get_fingerprint'. * guile/src/core.c (MAX_HASH_SIZE): New constant. (scm_gnutls_x509_certificate_fingerprint): New function. * guile/modules/gnutls.in: Export 'x509-certificate-fingerprint'. * guile/tests/x509-certificates.scm: Test 'x509-certificate-fingerprint'. (%sha1-fingerprint): New constant. (u8vector->hex-string): New procedure. Signed-off-by: Simon South Author: Craig Gallek Date: Wed Aug 11 12:54:37 2021 -0400 x509: pin/password callback support for openssl encrypted private keys This attempts to use the registered pin callback when the password for an encrypted openssl private key is not supplied. This matches the functionality for PKCS8 sealed keys above and is similar to what openssl does in this situation. Signed-off-by: Craig Gallek Author: Daiki Ueno Date: Sat Aug 7 09:16:50 2021 +0200 mem: instrument with ASan memory poisoning as well as valgrind This makes it possible to catch undefined memory access in the more lightweight CI runs. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Aug 2 18:32:28 2021 +0200 pk: add flags to force RSA-PSS salt length to match digest length This adds a couple of flags to RSA-PSS signing and verification, to enforce that the salt length matches the digest length. That is not only recommended in RFC 4055, but also mandated in RFC 8446 in the TLS 1.3 context. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jul 21 10:34:23 2021 +0200 fips: allow more RSA modulus sizes Previously, we restricted RSA modulus size to be either 2048 or 3072 bits in FIPS mode, following FIPS 186-4. On the other hand, FIPS 140-2 IG A.14 and FIPS 140-3 IG C.F updates it to allow arbitrary modulus sizes equal to or larger than 2048 bits under certain conditions. This change reflects the guidance, though it only allows known sizes due to the complexity of calculating the approximate security strength using the formula in FIPS 140-2 IG 7.5. Suggested-by: Stephan Mueller Reviewed-by: Stephan Mueller Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Aug 3 14:17:41 2021 +0200 tests: tls13/key_share: rewrite as single process Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Aug 4 06:45:30 2021 +0200 .gitlab-ci.yml: cppcheck: disable style checks Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Aug 3 11:44:52 2021 +0200 devel: suppress cppcheck 2.5 false-positives This fixes errors and warnings as well as some style issues spotted by cppcheck 2.5. Others are recorded in the suppressions file. Signed-off-by: Daiki Ueno Author: Fiona Klute Date: Tue Jul 13 23:53:12 2021 +0200 gnutls_ocsp_resp_verify: Check key purpose if signer not on trust list According to [1] the id-kp-OCSPSigning key purpose is only needed for delegated signers, not signers explicitly set as trusted. The previous code would reject a signature directly from a CA on the trust list (without delegation) because the CA certificate didn't contain the id-kp-OCSPSigning key purpose. The tests included in this commit check: 1. Is a signature directly from a CA on the trust list accepted? 2. Is a signature from a delegated signer issued by a CA on the trust list accepted? 3. Is a signature from a certificate without id-kp-OCSPSigning issued by a CA on the trust list rejected? Note that the CA in these tests is also the one that issued the certificate the OCSP response is for, but the code (current and previous) doesn't enforce this. [1] https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.2.2 Signed-off-by: Fiona Klute Author: Daiki Ueno Date: Mon Jun 28 07:04:55 2021 +0200 tests: set SH_LOG_COMPILER so sh tests run under $(SHELL) This omits the need of setting executable bits on shell script tests. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 25 08:39:12 2021 +0200 key_share: treat X25519 and X448 as same PK type when advertising Previously, if both X25519 and X448 groups were enabled in the priority string, the client sent both algorithms in a key_share extension, while it was only capable of handling one algorithm from the same (Edwards curve) category. This adds an extra check so the client should send either X25519 or X448. Signed-off-by: Daiki Ueno Author: Michael Catanzaro Date: Tue Jun 22 14:12:09 2021 -0500 Fix gnutls_certificate_set_trust_list() return value documentation This function is documented to return an error code, but in fact it has no return value and never fails. Fix this. Signed-off-by: Michael Catanzaro Author: Ludovic Courtès Date: Sat Apr 24 22:02:14 2021 +0200 guile: Writes to record ports handle EAGAIN/EINTR transparently. Reported at by Florian Pelz . This is a followup to a229bb36c9592b151f6feb277238c41ab39f40a9. * guile/src/core.c (write_to_session_record_port) [USING_GUILE_BEFORE_2_2]: Keep looping upon GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED. (write_to_session_record_port) [!USING_GUILE_BEFORE_2_2]: Loop on GNUTLS_E_INTERRUPTED and return -1 on GNUTLS_E_AGAIN if C_SESSION is backed by a file descriptor. * NEWS: Update. Signed-off-by: Ludovic Courtès Author: Daiki Ueno Date: Fri Jun 11 06:58:43 2021 +0200 priority: reflect system wide config when constructing sigalgs Otherwise the client would advertise signature algorithms which it cannot use and cause handshake to fail. Reported by Philip Schaten in: https://lists.gnupg.org/pipermail/gnutls-help/2021-June/004711.html Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jun 9 14:29:11 2021 +0200 p11tool: mention how CKA_IDs of certs are calculated upon --write Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat May 29 07:18:17 2021 +0200 Release 3.7.2 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat May 29 07:09:07 2021 +0200 release-steps: remove unnecessary steps Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat May 29 06:56:57 2021 +0200 AUTHORS: take into account of Co-authored-by: Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat May 29 06:52:42 2021 +0200 .mailmap: update Signed-off-by: Daiki Ueno Author: Daniel Kahn Gillmor Date: Tue May 18 16:32:55 2021 -0400 certtool: order DN components by scale. DN components are expected to be ordered by scale, with the wire format representing larger-scale components (like country or organization) before smaller-scale components (like state or organizationalUnit). The bulk of the changes here of course are changes to the target certificates in the test suite. Note that a change was necessary in tests/cert-tests/crq.sh because it tests the "interactive" mode of certtool. If any user is scripting certtool in this way, this change will cause a backwards-incompatible break. However, I think this is OK -- the supported scripted/batch mode for certtool should use a template file, and I don't think it's important to maintain a strict api on the interactive mode. The main change here is to order the DN from least-specific-to-most, in particular: country, state, locality, org, orgunit, cn, uid But I've also made an additional arbitrary choice, which is that DC (domain component) comes *after* uid. This was already the case in certificate generation, but in *request* generation, it was the other way around. I've changed request generation to match this ordering from certificate generation. Closes: #1243 Signed-off-by: Daniel Kahn Gillmor Author: Daiki Ueno Date: Thu May 27 10:00:22 2021 +0200 build: fix interface version dependencies in libgnutls.map Previously, the predecessor of GNUTLS_3_7_0 was mistakenly set to GNUTLS_3_4 instead of GNUTLS_3_6_14. This fix shouldn't have any impact on ABI, given the dynamic loader doesn't take into account of ordering of versions. See also the first paragraph on: https://www.akkadia.org/drepper/dsohowto.pdf#page=38 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu May 27 09:34:50 2021 +0200 build: require libkcapi 1.3.0 or later if --enable-afalg The libkcapi 1.3.0 brings a couple of changes needed for GnuTLS: * fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged * fix: ensure that sendmsg is always used as fallback when vmsplice cannot be used Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri May 28 17:05:56 2021 +0200 tlsfuzzer: update git submodules Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri May 28 08:51:27 2021 +0200 nettle: update git submodule to 3.7.2 release Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri May 28 08:50:19 2021 +0200 gnulib: update git submodule Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu May 27 08:10:30 2021 +0200 devel: update libtasn1 submodule Signed-off-by: Daiki Ueno Author: Leonardo Bras Date: Fri May 21 03:40:03 2021 -0300 guile: Fix implicit conversion warning When building, the following warning may be printing: CC guile_gnutls_v_2_la-utils.lo core.c: In function 'scm_gnutls_set_server_session_certificate_request_x': core.c:545:13: warning: implicit conversion from 'gnutls_certificate_request_t' to 'gnutls_certificate_status_t' [-Wenum-conversion] 545 | c_request = scm_to_gnutls_certificate_request (request, 2, FUNC_NAME); | ^ core.c:547:53: warning: implicit conversion from 'gnutls_certificate_status_t' to 'gnutls_certificate_request_t' [-Wenum-conversion] 547 | gnutls_certificate_server_set_request (c_session, c_request); | Fix this warning by changing c_request type to gnutls_certificate_request_t. Signed-off-by: Leonardo Bras Author: Leonardo Bras Date: Fri May 21 03:11:29 2021 -0300 ASN1 : Remove warnings related to old libtasn1 namings While compiling gnutls, some warnings related to deprecated names can be printed, such as: ./../x509/x509_int.h:392:13: warning: 'ASN1_TYPE' macro is deprecated, use 'asn1_node' instead. 392 | int _gnutls_x509_write_key_int_le(ASN1_TYPE node, const char *value, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To avoid that, rename types as show in devel/libtasn1/NEWS (release 3.1): ASN1_DATA_NODE -> asn1_data_node_st ASN1_ARRAY_TYPE -> asn1_static_node (was asn1_static_node_t) ASN1_TYPE -> asn1_node ASN1_TYPE_EMPTY -> NULL static_struct_asn -> asn1_static_node_st node_asn_struct -> asn1_node_st node_asn -> asn1_node_st Signed-off-by: Leonardo Bras Author: Daniel Kahn Gillmor Date: Mon May 17 13:33:28 2021 -0400 git: Do not ignore certtool templates. This effectively reverts part of dc85966364994006f9337e4749d1487e4b8e16a1 in order to ensure that tests/cert-tests/templates/*.tmpl are not ignored by git. Closes: #1242 Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Mon May 17 13:20:26 2021 -0400 tests/cert-tests: test a policy without any policyQualifiers. Ensure that a policy without policyQualifiers gets created with an omitted sequence of qualifiers, rather than an empty sequence of qualifiers. We use NIST's test policy OID for this test. This tests the fix for #1238. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Fri May 14 17:57:54 2021 -0400 x509: Omit empty sequences of policyQualifiers. When a certificate has a policy attached but no policyQualifiers, `certtool` should omit the policyQualifiers sequence entirely, rather than emitting an empty sequence. Closes: #1238 Signed-off-by: Daniel Kahn Gillmor Author: Daiki Ueno Date: Fri May 14 15:59:37 2021 +0200 cert auth: filter out unsupported cert types from TLS 1.2 CR When the server is advertising signature algorithms in TLS 1.2 CertificateRequest, it shouldn't send certificate_types not backed by any of those algorithms. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 17 07:58:43 2021 +0200 pre_shared_key: limit 0-RTT to resumption connections While RFC 8446 allows 0-RTT data in a non-resumption connection established with external PSK, it requires a mechanism to associate encryption parameters with PSK. Until we provide a new API for that, let's limit the 0-RTT use to resumption connections only. Signed-off-by: Daiki Ueno Author: Daniel Kahn Gillmor Date: Wed May 12 20:49:20 2021 -0400 x509: Write keyUsage extension with minimal BIT STRING Avoid embedding trailing cleared bits in the BIT STRING for the keyUsage extension. The overwhelming majority of this changeset is correcting the artifacts in the test suite, most of which had keyUsage with a non-minimal encoding. The only functional code change is in lib/x509/x509_ext.c. Closes: #1236 Signed-off-by: Daniel Kahn Gillmor Author: Daiki Ueno Date: Fri May 14 08:48:24 2021 +0200 .gitlab-ci.yml: add bootstrap stage Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri May 14 08:26:37 2021 +0200 serv: stop setting AI_ADDRCONFIG on getaddrinfo AI_ADDRCONFIG is only useful when the NODE argument is given in the getaddrinfo call, as described in RFC 3493 6.1. Suggested by Andreas Metzler in: https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu May 13 15:03:10 2021 +0200 configure.ac: specify -ladvapi32 in mingw builds This library needs to be linked for CryptAcquireContextW, used in lib/system/keys-win.c. Suggested by Tim Kosse in: https://gitlab.com/gnutls/gnutls/-/issues/1232 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 09:50:22 2021 +0200 tests: don't install crypt32.dll and ncrypt.dll replacement Reported by Tim Kosse in: https://gitlab.com/gnutls/gnutls/-/issues/1232 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 29 18:44:28 2021 +0200 gnutls_early_{cipher,prf_hash}_get: new functions Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 29 11:50:00 2021 +0200 tests: rework tls13-early-data to check key scheduling Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 29 18:25:55 2021 +0200 tests: tls13-early-data: use TLS_CHACHA20_POLY1305_SHA256 When resuming in TLS 1.3, the negotiated PRF hash must match the one used in the initial handshake. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 29 18:09:01 2021 +0200 tests: remove shell-script wrapper for tls13/prf-early The wrapper (tls13/prf-early.sh) was merely for running tls13/prf-early under datefudge. The same thing can now be done with virt_time_init_at. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 29 17:56:37 2021 +0200 tests: virt-time: add virt_time_init_at This allows the tests to set the current time to arbitrary point, instead of the current time; useful for the tests checking the traces such as tls13/prf-early. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 29 08:35:02 2021 +0200 gnutls_init: add flag to omit EndOfEarlyData messages The message is prohibited in QUIC: https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-8.3 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 29 08:26:46 2021 +0200 gnutls_init: redefine GNUTLS_ENABLE_EARLY_DATA flag for client The flag was only for the server, but it turned out to be useful for client to explicitly indicate early data, when 0-RTT is handled out-of-band as in QUIC. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 29 08:23:15 2021 +0200 state: call secret_func on early write key change as well Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu May 13 08:38:20 2021 +0200 .gitlab-ci.yml: doc-dist.Fedora: invoke "texconfig rehash" Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu May 13 08:01:27 2021 +0200 systemkey: remove unused --inder and --infile options While those options have no effect, the command previously tried to open a file for reading and leaked file descriptor. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed May 12 16:55:37 2021 +0200 keylog: suppress -Wanalyzer-file-leak warnings This workarounds the following warnings with gcc analyzer: kx.c:156:69: error: leak of FILE '' [CWE-775] [-Werror=analyzer-file-leak] 156 | _gnutls_bin2hex(session->security_parameters. | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ 157 | client_random, GNUTLS_RANDOM_SIZE, | ~~~~~~~~~~~~~ This should be harmless because the keylog file pointer is closed in the ELF destructor. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed May 12 14:46:56 2021 +0200 .gitlab-ci.yml: update build images to Fedora 34 and Alpine 3.13 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed May 12 14:44:37 2021 +0200 devel: regenerate abidw dump files Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 15:29:03 2021 +0200 .gitlab-ci.yml: bump cache version This should fix the nettle_streebog512_update detection. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 14:25:38 2021 +0200 srptool: add missing fclose on error path Spotted by gcc analyzer: srptool.c:113:32: warning: leak of FILE 'fp' [CWE-775] [-Wanalyzer-file-leak] 113 | return -1; | ^ also: srptool.c:560:32: warning: leak of FILE 'fp' [CWE-775] [-Wanalyzer-file-leak] 560 | return -1; | ^ Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu May 13 08:40:59 2021 +0200 tests: _check_wait_status: use only async-thread-safe function As this function shall be called in a signal handler, it shouldn't use 'exit' as it's not async-thread-safe. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 14:23:45 2021 +0200 gnutls-serv: use only async-signal-safe functions in signal handler Spotted by gcc analyzer: serv.c:1138:9: warning: call to 'exit' from within signal handler [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler] 1138 | exit(1); | ^~~~~~~ Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 14:13:45 2021 +0200 certtool: tighten allocation check Spotted by gcc analyzer: certtool-cfg.c:856:24: warning: use of possibly-NULL 'copy' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument] 856 | while (strcmp(pass, copy) != 0 | ^~~~~~~~~~~~~~~~~~ Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 14:08:33 2021 +0200 psktool: tighten allocation check Spotted by gcc analyzer: psk.c:275:21: warning: use of possibly-NULL '_username.data' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument] 275 | if (strncmp(p, (const char *) _username.data, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 13:16:51 2021 +0200 .gitignore: ignore more files Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 11:08:59 2021 +0200 _tls13_{derive,expand}_secret2: fix array parameter mismatch This suppresses the warning with -Warray-parameter secrets.c:85:40: warning: argument 6 of type 'const uint8_t[64]' {aka 'const unsigned char[64]'} with mismatched bound [-Warray-parameter=] 85 | const uint8_t secret[MAX_HASH_SIZE], | ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~ In file included from secrets.c:28: secrets.h:43:41: note: previously declared as 'const uint8_t[32]' {aka 'const unsigned char[32]'} 43 | const uint8_t secret[MAX_CIPHER_KEY_SIZE], | ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 11 11:04:54 2021 +0200 _gnutls_retrieve_pin: remove array declarator in function argument This was originally to eliminate the warnings with -Warray-parameter: pin.c:70:27: warning: argument 5 of type 'char[256]' with mismatched bound [-Warray-parameter=] 70 | char pin[GNUTLS_PKCS11_MAX_PIN_LEN], unsigned pin_size) | ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from pin.c:23: ./pin.h:9:48: note: previously declared as 'char *' 9 | unsigned pin_flags, char *pin, unsigned pin_size); | ~~~~~~^~~ though it turned out to be unnecessary because the function merely delegate the call to the user-supplied callbacks. Signed-off-by: Daiki Ueno Author: Daniel Kahn Gillmor Date: Wed May 5 18:05:29 2021 -0400 spelling: The possessive pronoun "its" has no apostrophe. "it's" is for contractions like "it is" or "it has". "its" is a possessive pronoun, like "his" or "hers" or "theirs", none of which have an apostrophe in them either. Signed-off-by: Daniel Kahn Gillmor Author: Daniel Kahn Gillmor Date: Tue May 4 15:08:08 2021 -0400 certtool: Align warning about --provable with actual code If I try to generate an ed25519 key, it is *not* an ECDSA key. But I see this warning: 0 dkg@host:~$ certtool --generate-privkey --provable --key-type ed25519 Generating a 256 bit EdDSA (Ed25519) private key ... The --provable parameter cannot be used with ECDSA keys. 1 dkg@host:~$ Looking at the code and documentation, it's clear that --provable only works for RSA and DSA. This fix aligns the warning message with the underlying mechanism. Signed-off-by: Daniel Kahn Gillmor Author: Daiki Ueno Date: Mon May 3 16:35:43 2021 +0200 x509/verify: treat SHA-1 signed CA in the trusted set differently Suppose there is a certificate chain ending with an intermediate CA: EE → ICA1 → ICA2. If the system trust store contains a root CA generated with the same key as ICA2 but signed with a prohibited algorithm, such as SHA-1, the library previously reported a verification failure, though the situation is not uncommon during a transition period of root CA. This changes the library behavior such that the check on signature algorithm will be skipped when examining the trusted root CA. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 3 17:27:56 2021 +0200 global: rename GNUTLS_NO_EXPLICIT_INIT to GNUTLS_NO_IMPLICIT_INIT The old envvar still has effect but has been marked as deprecated. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 3 14:19:22 2021 +0200 certtool: fix parsing of --verify-profile option Signed-off-by: Daiki Ueno Author: Ruslan N. Marchenko Date: Sun May 2 23:29:39 2021 +0200 Add tests for call gnutls_session_channel_binding Add test unit which executes positive and negative test scenarios using standard gnutls testing framework. Signed-off-by: Ruslan N. Marchenko Author: Ruslan N. Marchenko Date: Sat May 1 23:05:54 2021 +0200 Add tls-server-end-point tls channel binding implementation. Add server-end-point tls channel binding into gnutls_session_channel_binding method. The implementation extracts session's certificate, its signature algorithm, and calculates digest of the extracted certificate using the function based on extracted algorithm, as per RFC5929. Signed-off-by: Ruslan N. Marchenko Author: Ruslan N. Marchenko Date: Sat May 1 10:16:37 2021 +0200 Restructure gnutls_session_channel_binding and add tls-exporter The restructure removes explicit pre-check for supported binding type(s) and instead relies now on catch-all return which returns UNIMPLEMENTED_FEATURE if no type was handled. In addition to that it returns UNIMPLEMENTED_FEATURE for tls-unique request on TLSv1.3 session, since that is not supposed to work hence requires explicit error. Finally new binding type tls-exporter implementation is added. Signed-off-by: Ruslan N. Marchenko Author: Ruslan N. Marchenko Date: Sat May 1 10:22:14 2021 +0200 Introduce new tls channel binding types into gnutls_channel_binding_t This commit adds two new tls channel binding types into enum gnutls_channel_binding_t: * tls-server-end-point * tls-exporter Signed-off-by: Ruslan N. Marchenko Author: Daiki Ueno Date: Wed Apr 28 11:04:20 2021 +0200 certtool: don't copy CRL distribution point from CA cert Suggested by Thomas Karlsson in: https://gitlab.com/gnutls/gnutls/-/issues/1126 While this changes the default behavior, CDP can always be set through the template or interactive input. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 25 17:04:46 2021 +0200 gnutls_x509_crt_get_dn: clarify null-termination of the output Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 25 10:48:09 2021 +0200 build: do not install .hmac files It turned out that distro package building process might perform post-processing (e.g., strip) of the shared libraries after install, and that may cause inconsistency with the installed .hmac files. Let's not try too hard on this but defer the final hmac calculation to distributions. It is still useful to keep our own fipshmac as it makes it easier to run FIPS tests. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 25 06:51:20 2021 +0200 tests: fix test script file name in distribution Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 25 06:50:03 2021 +0200 .gitignore: ignore ctags, etags, and GNU global files Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 23 15:36:37 2021 +0200 handshake: fix timing of sending early data Previously, the client was sending early data after receiving a Server Hello message, which not only negates the benefit of 0-RTT, but also was a logic error as it can only be decrypted by the server when the initial handshake and the resuming handshake agree on the same ciphersuites. This fixes that behavior in the following ways: - extend the session data format to include the selected ciphersuites, even in TLS 1.3 - setup the epoch for early data, right before the client sending early data (also right after the server deciding to accept early data). - extend the test case to use different ciphersuites in the initial and resuming handshakes Signed-off-by: Daiki Ueno Author: Ludovic Courtès Date: Fri Apr 23 09:44:20 2021 +0200 guile: Tests show their PID upon uncaught exceptions. * guile/modules/gnutls/build/tests.scm (run-test): Display the PID when throwing an exception. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Fri Feb 5 12:28:35 2021 +0100 guile: Avoid the deprecated 'scm_t_uint8' type. * guile/src/core.c: Use 'uint8_t' instead of 'scm_t_uint8', which is deprecated in Guile 3.0. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Tue Dec 22 10:30:43 2020 +0100 guile: Avoid potentially missed reference. There's one case where 'register_weak_reference' is called several times on the same object, in 'set-certificate-credentials-x509-keys!', where PRIVKEY could have been GC'd before CRED. * guile/src/core.c (register_weak_reference): Add TO to the weak references of FROM instead of overriding them. Signed-off-by: Ludovic Courtès Author: Daiki Ueno Date: Fri Apr 23 10:28:03 2021 +0200 afalg: use pkg-config to detect libkcapi Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 23 10:03:47 2021 +0200 afalg: support AES-XTS algorithms Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 23 09:56:40 2021 +0200 afalg: cleanup header inclusion Signed-off-by: Daiki Ueno Author: Ludovic Courtès Date: Mon Dec 21 18:22:14 2020 +0100 guile: Remove leftover comment about allocation routines. This is a followup to 872409857351f28b1e3c21526bfa6606c918b176. * guile/src/core.c (scm_init_gnutls): Remove leftover comment. Signed-off-by: Ludovic Courtès Author: Daiki Ueno Date: Fri Apr 23 09:50:16 2021 +0200 afalg: remove unnecessary initialization That would make it easier to spot any uninitialized memory access with valgrind. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 23 09:45:51 2021 +0200 afalg: assert IV size returned from the kernel is in the range Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 23 09:42:03 2021 +0200 NEWS: mention AF_ALG support Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Apr 14 17:27:43 2021 +0200 crypto-selftests: tolerate errors of gnutls_{hash,hmac}_copy Some hardware accelerated implementations, such as afalg, cannot support the copy operation. This patch turns it a soft-error, as the code below is already checking if the copy is non-NULL, before performing any operation on it. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 22 16:42:01 2021 +0200 handshake: don't regenerate legacy_session_id in second CH after HRR According to RFC 8446 4.1.2, the client must send the same Client Hello after Hello Retry Request, except for the certain extensions, and thus legacy_session_id must be preserved. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Apr 14 16:50:28 2021 +0200 _gnutls_cipher_init: fallback if setiv is not implemented for AEAD The _gnutls_cipher_init function currently assumes that all the cipher implementations have .setiv method. This is not the case for AEAD-only implementations such as afalg. Signed-off-by: Daiki Ueno Author: Stephan Mueller Date: Sat Oct 14 20:46:09 2017 +0200 Add AF_ALG acceleration The patch set adds the backend implementation to use the Linux kernel crypto API via the AF_ALG interface. The GnuTLS AF_ALG extension uses libkcapi [1] as the backend library which implements the actual kernel communication. [1] http://www.chronox.de/libkcapi.html The symmetric cipher support, the hashing and the MAC support are validated to work correctly using NIST CAVS test vectors. The AEAD cipher support was tested by connecting to a remote host using gnutls-cli (the following log strips out unrelated information): Processed 143 CA certificate(s). ... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: ... - Description: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA512)-(AES-256-GCM) - Session ID: 9E:5E:FC:09:2A:4E:2A:3D:22:44:68:42:C3:F6:2D:AB:F9:67:08:CE:6D:EE:E4:A2:EF:80:43:FE:3B:D9:1E:FE - Ephemeral EC Diffie-Hellman parameters - Using curve: SECP384R1 - Curve size: 384 bits - Version: TLS1.2 - Key Exchange: ECDHE-RSA - Server Signature: RSA-SHA512 - Cipher: AES-256-GCM - MAC: AEAD - Options: extended master secret, safe renegotiation, - Handshake was completed - Simple Client Mode: Signed-off-by: Stephan Mueller Co-authored-by: Daiki Ueno Co-authored-by: Hedgehog5040 Author: Daiki Ueno Date: Fri Apr 16 13:56:40 2021 +0200 priority: add option to disable TLS 1.3 middlebox compatibility mode This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3 compatibility mode at run-time. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Mar 30 13:39:46 2021 +0200 _gnutls_calloc: remove unused function Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 29 14:09:51 2021 +0200 keys-win: free certificate context in gnutls_system_key_iter_deinit Suggested by Bjørn Christensen in: https://gitlab.com/gnutls/gnutls/-/issues/1197 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 29 11:06:37 2021 +0200 build: avoid integer overflow in additions Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 21 08:43:26 2021 +0100 build: avoid potential integer overflow in array allocation This relies on _gnutls_reallocarray for all occasions of array allocations, so that they can benefit from the built-in overflow checks. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 29 13:08:23 2021 +0200 pkcs11x: find_ext_cb: fix error propagation Use explicit error value, as rv is not set in this code path. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 21 08:42:23 2021 +0100 mem: add _gnutls_reallocarray and _gnutls_reallocarray_fast Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 21 08:34:13 2021 +0100 bootstrap: pull in 'xalloc-oversized' module from Gnulib Signed-off-by: Daiki Ueno Author: Andreas Metzler Date: Sat Mar 20 13:52:25 2021 +0100 build: doc: install missing image file gnutls-crypto-layers.png Signed-off-by: Andreas Metzler Author: Daiki Ueno Date: Mon Mar 15 11:03:44 2021 +0100 examples: avoid memory leak in ex-verify Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 15 11:03:22 2021 +0100 examples: avoid memory leak in tlsproxy Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 15 10:56:46 2021 +0100 src: avoid file descriptor leak in socket_open2 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 15 10:48:49 2021 +0100 gnutls-cli-debug: avoid resource leak in saving DHE params Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 15 10:47:50 2021 +0100 srptool: avoid FILE pointer leak on error Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 15 09:55:20 2021 +0100 gnulib: update git submodule This brings in the fix for parse-datetime test failures on NetBSD: https://lists.gnu.org/archive/html/bug-gnulib/2021-03/msg00069.html https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=35f8ff2e1162bf3ee60d99b6812f2ae10f3f2898 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Mar 10 16:12:23 2021 +0100 str: suppress -Wunused-function if AGGRESSIVE_REALLOC is defined Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Mar 10 16:11:29 2021 +0100 _gnutls_buffer_resize: account for unused area if AGGRESSIVE_REALLOC Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Mar 10 05:06:13 2021 +0100 Release 3.7.1 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 29 14:06:50 2021 +0100 pre_shared_key: avoid use-after-free around realloc Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 29 14:06:32 2021 +0100 key_share: avoid use-after-free around realloc Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Mar 9 13:41:59 2021 +0100 _gnutls_buffer_resize: add option to use allocation simpler logic This helps detect common mistakes[1] in realloc usage with valgrind, where the caller assumes that the original ptr is always returned. 1. https://bugzilla.mozilla.org/show_bug.cgi?id=1377618 Signed-off-by: Daiki Ueno Co-authored-by: Alexander Sosedkin Author: Daiki Ueno Date: Tue Mar 9 20:29:37 2021 +0100 x86: flip polarity of check_fast_pclmul Otherwise GCC produces the following warnings as the stub __get_cpuid() is defined as '#define __get_cpuid(...) 0': x86-common.c: In function 'register_x86_crypto': x86-common.c:314:15: warning: 'a' may be used uninitialized in this function [-Wmaybe-uninitialized] 314 | family = ((a >> 8) & 0x0F); | ~~~^~~~~ x86-common.c:308:15: note: 'a' was declared here 308 | unsigned int a,b,c,d; | ^ Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Mar 9 13:07:26 2021 +0100 gnutls_buffer_append_data: remove duplicated code The function shared the same logic as in _gnutls_buffer_resize. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Mon Mar 8 14:56:32 2021 +0100 lib/nettle: get rid of _rnd_system_entropy_check Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Mon Mar 8 11:54:16 2021 +0100 lib/global: don't call now-noop _gnutls_rnd_check Signed-off-by: Alexander Sosedkin Author: Alexander Sosedkin Date: Thu Mar 4 10:54:44 2021 +0100 sysrng-linux: re-open /dev/urandom every time Prompted by the following comment of Daiki Ueno: > I also wonder why we keep the fd open for such a long time in the first > place. Both OpenSSL and NSS have a similar fallback to /dev/urandom > if getrandom is not available, but opens the device in one-shot, > when reseeding is needed (and that's pretty rare). https://gitlab.com/gnutls/gnutls/-/merge_requests/1383#note_521749519 Signed-off-by: Alexander Sosedkin Author: Steffen Jaeckel Date: Fri Mar 5 12:31:45 2021 +0100 Add unit test for id-on-xmppAddr decoding error Signed-off-by: Steffen Jaeckel Author: Daiki Ueno Date: Fri Mar 5 12:08:25 2021 +0100 gnutls_x509_trust_list_verify_crt2: skip duped certs for PKCS11 too The commit 09b40be6e0e0a59ba4bd764067eb353241043a70 (part of gnutls/gnutls!1370) didn't cover the case where the trust store is backed by PKCS #11, because it used _gnutls_trust_list_get_issuer, which only works with file based trust store. This patch replaces the call with more generic gnutls_x509_trust_list_get_issuer so it also works with other trust store implementations. Reported by Michal Ruprich. Signed-off-by: Daiki Ueno Author: Steffen Jaeckel Date: Thu Mar 4 16:44:21 2021 +0100 output UTF-8 decoded id-on-xmppAddr SAN's tls_x509_crt_get_subject_alt_name()` makes a promise [1] "If an otherName OID is known, the data will be decoded. ... RFC 3920 id-on-xmppAddr SAN is recognized." which it didn't hold. Before this patch the output was still in DER format, e.g. for a id-on-xmppAddr which is always UTF-8 (0x0c): `0x0c ` This patch fixes the issue and now it returns the decoded string. [1] https://www.gnutls.org/manual/gnutls.html#gnutls_005fx509_005fcrt_005fget_005fsubject_005falt_005fname Signed-off-by: Steffen Jaeckel Author: Tom Vrancken Date: Sun Feb 28 13:56:21 2021 +0100 Changed _gnutls_session_cert_type_supported prototype and name to follow guidelines for boolean functions. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Thu Feb 25 12:06:55 2021 +0100 Changed certificate retrieval callback prototype parameter name to be in line with the other parameters. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Sat Jan 23 19:24:46 2021 +0100 Added documentation for rawpk use in certificate retrieval callback. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Thu Feb 25 15:20:05 2021 +0100 Added extra logging and done some variable refactoring for server cert type extension. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Thu Jan 28 20:05:51 2021 +0100 Added extra logging and done some variable refactoring for client cert type extension. Signed-off-by: Tom Vrancken Author: JonasZhou Date: Thu Feb 25 15:48:36 2021 +0800 padlock:add support for AES-192-CBC Padlock code misses support for AES-192. Extend it to support AES-192. Due to poor performance of padlock-aes-xxx-gcm, only padlock-aes-192-cbc is added. Signed-off-by: JonasZhou Author: Daiki Ueno Date: Fri Feb 19 15:36:48 2021 +0100 .gitlab-ci.yml: run fedora-valgrind jobs only on upstream branches Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 30 18:35:14 2021 +0100 tests: remove *hello_random_value tests Those tests are meaningless and merely introduces extra flakiness, now that the uninitialized random bytes are detected by valgrind. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 30 13:34:40 2021 +0100 .gitlab-ci.yml: use longer handshake timeout for valgrind jobs Also limit the parallelism to $(nproc) to be less resource intensive. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 30 18:22:18 2021 +0100 tests: make any ad-hoc timeout setting controllable through envvar Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 30 10:49:07 2021 +0100 tests: suffix .sh for all shell-script tests Otherwise valgrind will run against /bin/sh. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 30 09:23:02 2021 +0100 tests: don't conditionalize valgrind with --disable-full-test-suite Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 29 15:36:44 2021 +0100 tests: don't run shell-script tests under valgrind https://www.gnu.org/software/gnulib/manual/html_node/Valgrind-and-shell-scripts.html Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 30 09:25:06 2021 +0100 nettle: check lib state early to cope with synthesized error tests/x509sign-verify-error.c calls _gnutls_lib_simulate_error before the actual private key operations. That previously resulted in infloop / conditional jump depending on uninitialized data, because the random function (gnutls_rnd) was not able to feed sufficient randomness in that case. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 29 14:09:17 2021 +0100 tests: fix memory leak in tests/tls13/no-auto-send-ticket Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 24 07:49:34 2021 +0100 tests: remove init_fds test This test does nothing to expose the original problem linked in the comment: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760476 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 23 14:36:57 2021 +0100 safe-memfuncs: rely on explicit_bzero implementation from gnulib Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Feb 17 11:31:23 2021 +0100 .gitlab-ci.yml: remove scriptlet to generate HMAC files for FIPS This is now generated automatically during the build. Signed-off-by: Daiki Ueno Author: Ondrej Moris Date: Fri Oct 30 20:43:56 2020 +0100 fips: replace fipshmac usage with internal program This introduces a non-installed program "fipshmac" and uses it for generating HMAC files required in FIPS 140-2. The generated files are installed along with the main library. Resolves issues #1101. Signed-off-by: Ondrej Moris Co-authored-by: Daiki Ueno Author: Daiki Ueno Date: Wed Feb 17 07:24:27 2021 +0100 build: don't remove distributed stamp files on "make clean" Those files are created by the maintainers and should remain after "make clean" when the distribution tarball is used. Reported by christian wagner in: https://gitlab.com/gnutls/gnutls/-/issues/1088 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Feb 16 08:45:23 2021 +0100 fastopen: remove call to abort() Ideally, this function should have a way to return an error, but simply not enabling TFO wouldn't hurt. Reported by Tim Rühsen in: https://gitlab.com/gnutls/gnutls/-/issues/603 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Feb 16 08:39:17 2021 +0100 hex: use a table to avoid meaningless assertion Reported by Tim Rühsen in: https://gitlab.com/gnutls/gnutls/-/issues/604 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Feb 17 06:38:41 2021 +0100 gnutlsxx: add const and explicit specifiers where possible Flagged by cppcheck. Signed-off-by: Daiki Ueno Author: Dmitriy Tsvettsikh Date: Wed Feb 17 04:28:47 2021 +0500 configure.ac: fix "nettle_rsa_sec_decrypt" check error When libhogweed built with external gmplib, then it required explicit path to gmplib to pass check. Signed-off-by: Dmitriy Tsvettsikh Author: Evgeny Grin Date: Sun Jan 10 21:36:18 2021 +0300 Sockets: implement sendmsg()-like functions on Win32 Use WSASend() to send several buffer per one sys-call. Unified send()/recv() support for POSIX/Win32. Signed-off-by: Evgeny Grin Author: Daiki Ueno Date: Tue Feb 16 07:51:10 2021 +0100 gnutlsxx: dh_params, rsa_params: actually assign values in operator= The previous implementation assigned the value to a temporary variable and then return it without assigning it to 'this'. That is not only contradictory to user's expectation but also cppcheck treats it as a logic error. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Feb 15 15:51:25 2021 +0100 README.md: don't suggest installing lockfile-progs The dependency has been removed in 5eff2002b0f7ac54b14326f207b5a9e509269555. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Feb 15 14:54:14 2021 +0100 .gitlab-ci.yml: fix typo in cppcheck -I argument Reported by Tim Rühsen in: https://gitlab.com/gnutls/gnutls/-/issues/705 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Feb 15 14:53:39 2021 +0100 README.md: fix typo in libev URL Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Feb 13 15:56:22 2021 +0100 .gitlab-ci.yml: bump cache version Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Feb 8 12:24:31 2021 +0100 bootstrap.conf: initialize openssl submodule Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Feb 8 08:46:13 2021 +0100 configure.ac: fix misleading --help output on guile bindings Reported by Tim Rühsen in: https://gitlab.com/gnutls/gnutls/-/issues/577 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 7 18:54:45 2021 +0100 bootstrap: update from Gnulib Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 7 17:38:31 2021 +0100 bootstrap.conf: refactor detection of gtk-doc and gnulib sockets Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Feb 13 15:57:36 2021 +0100 .gitignore: ignore more files Signed-off-by: Daiki Ueno Author: Andreas Metzler Date: Tue Feb 9 14:16:54 2021 +0100 Fix test error with nettle in non-default location Move #include from gnutls_int.h to lib/cipher.c, drop now superfluous NETTLE_CFLAGS from CPPFLAGS of multiple tests #including gnutls_int.h. Signed-off-by: Andreas Metzler Author: Daiki Ueno Date: Thu Feb 11 06:45:47 2021 +0100 .gitlab-ci.yml: remove FreeBSD run This used to run on a dedicated FreeBSD runner, which is no longer maintained. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Feb 9 15:26:07 2021 +0100 tests/gnutls-cli-debug.sh: don't unset system priority settings When the test is exercised, GNUTLS_SYSTEM_PRIORITY_FILE is set in many places, such as TESTS_ENVIRONMENT tests/Makefile.am or a packaging system that runs the test in a restricted environment. Unsetting it after a temporary use forces the remaining part of the test to use the default system priority, which might not be the intention of the user. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Dec 28 12:14:13 2020 +0100 gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a regression, where duplicate certificates in a certificate chain are no longer ignored but treated as a non-contiguous segment and that results in calling the issuer callback, or a verification failure. This adds a mechanism to record certificates already seen in the chain, and skip them while still allow the caller to inject missing certificates. Signed-off-by: Daiki Ueno Co-authored-by: Andreas Metzler Author: Dosenpfand Date: Sun Feb 7 23:17:28 2021 +0100 doc: Add some missing algorithm keywords to priority string table Signed-off-by: Markus Gasser Author: Daiki Ueno Date: Wed Feb 3 16:05:22 2021 +0100 tests: close unused fd opened by socketpair Otherwise the tests block forever, even if the child exits. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Feb 3 15:56:42 2021 +0100 .gitlab-ci.yml: remove redundant "make check" in build stage Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 24 07:34:24 2021 +0100 handshake: TLS 1.3: don't generate session ID in resumption mode The commit e0bb98e1f71f94691f600839ff748d3a9f469d3e revealed that the previous code always generated session ID in the TLS 1.3 middlebox compatibility mode even when the handshake is being resumed. This could cause a difference in PSK binder calculation if the server sends an HRR in the resumption handshake. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Feb 3 15:50:08 2021 +0100 gnutls_session_is_resumed: don't check session ID in TLS 1.3 In middlebox compatibiltiy mode, TLS 1.3 client simulates the TLS 1.2 resumption handshake, so checking session ID for resumption is pointless. This worked previously because the client always generated new random value even in a true resumption handshake, but didn't update the session parameters properly. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Feb 4 08:39:04 2021 +0100 _gnutls_openpgp_send_fingerprint: remove unused declaration Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Feb 4 08:38:16 2021 +0100 _gnutls_session_is_resumable: remove unused internal function Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Feb 4 08:56:33 2021 +0100 handshake: replace TRUE and FALSE with Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Feb 4 08:30:30 2021 +0100 handshake: replace RESUME_TRUE and RESUME_FALSE with Having those constants could cause wrong impression that there is a third possible value. To reproduce the changes other than lib/gnutls_int.h: for i in `git ls-files lib`; do sed -i -e 's/\(session->internals.\(resumed\|resumable\)\) *\(== *RESUME_FALSE\|!= *RESUME_TRUE\)/!\1/' \ -e 's/\(session->internals.\(resumed\|resumable\)\) *\(== *RESUME_TRUE\|!= *RESUME_FALSE\)/\1/' \ -e 's/RESUME_TRUE/true/' \ -e 's/RESUME_FALSE/false/' \ $i done Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Dec 29 09:59:06 2020 +0100 testcompat-openssl: run TLS 1.3 client/server tests in parallel Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Dec 29 07:26:16 2020 +0100 testcompat-openssl: remove hand-written parallelism Previously, the test used to launch multiple tests in background and then join them using shell primitives. That approach makes the test slower as it cannot benefit from the automake's parallel test harness, as well as it makes diagnostic harder because the lines in the log file mix up. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Dec 29 10:06:50 2020 +0100 testcompat-polarssl: remove hand-written parallelism Previously, the test used to launch multiple tests in background and then join them using shell primitives. That approach makes the test slower as it cannot benefit from the automake's parallel test harness, as well as it makes diagnostic harder because the lines in the log file mix up. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 22 14:37:47 2021 +0100 fips: avoid memleak in (EC)DH internal APIs There were some confusions of gnutls_pk_params_clear and gnutls_pk_params_release, as well as the number of parameters to scan in the gnutls_pk_params_st structure. Flagged by address sanitizer: ==354688==ERROR: LeakSanitizer: detected memory leaks Direct leak of 192 byte(s) in 12 object(s) allocated from: #0 0x7f13506163cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf) #1 0x7f13503b94de in wrap_nettle_mpi_init /home/ueno/devel/gnutls/lib/nettle/mpi.c:79 #2 0x7ffcb8495f07 ([stack]+0x1ef07) Direct leak of 160 byte(s) in 10 object(s) allocated from: #0 0x7f13506163cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf) #1 0x7f13503b94de in wrap_nettle_mpi_init /home/ueno/devel/gnutls/lib/nettle/mpi.c:79 Signed-off-by: Daiki Ueno Author: Tom Carroll Date: Sun Jan 10 15:28:50 2021 -0800 Deinitialize pcerts array elements during cleanup. In gnutls_certificate_set_x509_key() cleanup, the pcert elements should be deinitialized, freeing pcert's pubkey and cert fields. Signed-off-by: Tom Carroll Author: Tom Carroll Date: Sun Jan 10 21:40:52 2021 -0800 Ensure ca_list != NULL and ca_list_size > 0. As ca_list_size is used in malloc, ensure that ca_list_size > 0. If ca_list_size > 0, then ca_list cannot be NULL. Make these assumptions explicit with argument condition check. Signed-off-by: Tom Carroll Author: Tom Carroll Date: Sun Jan 10 21:31:19 2021 -0800 Verify that cert_list != NULL and cert_list_size > 0. gnutls_certificate_set_x509_key() assumes that cert_list != NULL and cert_list_size > 0. These assumptions are evident as cert_list_size is used for malloc and cert_list[0] is accessed. Make those assumptions explicit with argument condition check. Signed-off-by: Tom Carroll Author: Martin Storsjo Date: Thu Jan 7 13:41:12 2021 +0200 configure: Remove -no_weak_links from LDFLAGS after detecting function availability This reverts commit 945a48993dcdd9ead17216e55c59db209923ea5e and fixes the original issue (#966) differently. This makes sure that when targeting a version of macOS less than 10.12, we won't pick up and unconditionally use functions that only appeared later, when building with Xcode 11.4 or newer. (With Xcode 11.4 or newer, the fix from 945a48993dcdd9 caused -no_weak_links not be added, affecting the function availability tests.) Signed-off-by: Martin Storsjo Author: Fiona Klute Date: Thu Jan 7 20:29:54 2021 +0100 Update year of copyright notices in doc/gnutls.texi Static analysis in CI checks if this is up to date, and fails if not. This fixes the failure. Signed-off-by: Fiona Klute Author: Fiona Klute Date: Sat Jan 2 18:24:18 2021 +0100 Update CI documentation for use of Github Actions Signed-off-by: Fiona Klute Author: Fiona Klute Date: Sat Jan 2 18:22:55 2021 +0100 Remove Travis CI configuration Replaced by Github Actions workflow added in 9fc73ec96fa5adfc8e9a4bd2ee9e6543ffcfe120. Signed-off-by: Fiona Klute Author: Fiona Klute Date: Tue Dec 29 22:03:53 2020 +0100 Github Actions job for MacOS CI Signed-off-by: Fiona Klute Author: Daiki Ueno Date: Tue Dec 29 19:24:28 2020 +0100 gnulib: update git submodule This brings in the fix for building with autoconf 2.70: https://lists.gnu.org/archive/html/bug-gnulib/2020-12/msg00091.html Suggested by Jan Palus in: https://gitlab.com/gnutls/gnutls/-/issues/1138 Signed-off-by: Daiki Ueno Author: Sadie Powell Date: Fri Dec 11 05:39:56 2020 +0000 Fix a common typo of gnutls_priority_t. Signed-off-by: Sadie Powell Author: Andreas Metzler Date: Tue Dec 8 11:36:57 2020 +0100 libgnutls-openssl: Clean up list of exported symbols Signed-off-by: Andreas Metzler Author: Daiki Ueno Date: Tue Dec 29 09:46:36 2020 +0100 testcompat-openssl: specify -sigalgs on s_client command line This is a left-over of commit 23958322865a8a77c2f924f569484e5fd150a24b. Otherwise the OpenSSL system configuration may affect algorithm selection. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Dec 28 16:16:53 2020 +0100 testpkcs11: use datefudge to trick certificate expiry The certificates stored in tests/testpkcs11-certs expired on 2020-12-13. To avoid verification failure due to that, use datefudge to set custom date when calling gnutls-cli, gnutls-serv, and certtool. Based on the patch by Andreas Metzler: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121 Signed-off-by: Daiki Ueno Author: Stefan Berger Date: Mon Dec 21 09:36:47 2020 -0500 tests: Fix tpmtool_test due to changes in trousers Recent changes to trousers now require an ownership of root:tss for the tcsd config file, older ones requires tss:tss. So, start tcsd using trial and error with either one of these ownership configurations until one works. Signed-off-by: Stefan Berger Author: Norbert Pocs Date: Fri Oct 30 17:18:30 2020 +0100 Fix non-empty session id (TLS13_APPENDIX_D4) When TLS1.3 is used with middlebox compatible mode, the session id should be filled with random session id, but remained empty. Signed-off-by: Norbert Pocs Closes #1074 Author: Daiki Ueno Date: Wed Dec 2 10:30:08 2020 +0100 Release 3.7.0 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Dec 2 09:33:21 2020 +0100 NEWS: update for 3.7.0 release Signed-off-by: Daiki Ueno Author: ihsinme Date: Mon Nov 30 14:56:15 2020 +0000 fix invalid unsigned arithmetic. Signed-off-by: ihsinme Author: Stanislav Zidek Date: Fri Nov 27 13:24:24 2020 +0100 CI pipeline rework - using stages and inheritance Signed-off-by: Stanislav Zidek Author: Michael Catanzaro Date: Mon Nov 30 13:08:01 2020 -0600 x509: Improve documentation of new set_getissuer_function Since gnutls!1354, some of this information is now obsolete. The caller is no longer responsible for verifying the certificate or adding it to the trust list. GnuTLS will now handle that. Instead, the callback should always import the missing certificate and return success if the certificate was imported, or failure otherwise. Also, let's point to gnutls_x509_crt_get_authority_info_access(), since it is useful in combination with this function. Finally, since this callback is emitted once for each missing intermediate certificate, it's probably less confusing if we talk about only a single missing intermediate here. Yes, there could be multiple missing certificates, but a single invocation of this callback can only deal with one. Signed-off-by: Michael Catanzaro Author: Daiki Ueno Date: Sun Nov 29 18:17:54 2020 +0100 fuzz: limit the retry count in handshake fuzzer Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Nov 29 17:44:24 2020 +0100 gnutls_handshake_write: don't enqueue empty Handshake message Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Nov 29 16:51:45 2020 +0100 fuzz: fix undefined behavior on left shift Signed-off-by: Daiki Ueno Author: Anderson Toshiyuki Sasaki Date: Tue Nov 24 11:13:07 2020 +0100 accelerated: Re-generate assembly sources Re-generate assembly sources from the updated openssl submodule. Signed-off-by: Anderson Toshiyuki Sasaki Author: Daiki Ueno Date: Tue Nov 24 10:54:06 2020 +0100 verify-tofu: return errors from store functions if callback fails Signed-off-by: Daiki Ueno Author: Anderson Toshiyuki Sasaki Date: Tue Nov 24 10:46:12 2020 +0100 devel: Update openssl submodule Update openssl submodule to current OpenSSL_1_1_1-stable branch (8e813c085a). Signed-off-by: Anderson Toshiyuki Sasaki Author: Daiki Ueno Date: Mon Nov 23 07:49:04 2020 +0100 configure.ac: include when checking scm_* functions Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Nov 12 06:49:12 2020 +0100 crypto-backend: remove ability of overriding ciphers Those functions has been deprecated in 3.6.9 as they do not have active use cases. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Nov 9 10:11:04 2020 +0100 NEWS: add entry for QUIC related API functions Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Nov 9 09:05:05 2020 +0100 fuzz: fuzz gnutls_handshake_write Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Mar 24 17:51:56 2020 +0100 alert: add callback to intercept alert messages This adds gnutls_alert_set_read_function(), to allow QUIC implementations to be notified when an alert message is sent. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Feb 21 17:48:37 2020 +0100 handshake: add callback to get notified with traffic secret change For the use with QUIC, the change of traffic secrets must be notified _after_ a new epoch is set up for reading or writing, and we can't simply reuse the keylog mechanism. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Feb 19 14:35:04 2020 +0100 handshake: add functions to read/write handshake messages directly This adds a couple of functions, gnutls_handshake_set_read_function() and gnutls_handshake_write(), to allow QUIC implementations to directly interact with the TLS state machine. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Nov 11 19:15:13 2020 +0100 x509: rework issuer callback The previous issuer callback API had a drawback: the callback is supposed to add CA to the trust list by itself. This was error-prone, because the callback must check the new CA is trusted by the already added CA. This instead moves the responsibility to the library. This also rewrites the chain amendment logic in a side-effect free manner. The application can assume that the trust information stored on gnutls_x509_trust_list_t shouldn't change after the verification. The missingissuer test has been extended to cover all the possible patterns exhaustively. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Nov 12 10:57:21 2020 +0100 _gnutls_cert_log: assume that 'cert' is nonnull This makes static analyzers happy. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Nov 15 09:57:37 2020 +0100 _gnutls_sort_clist: simplify the calling convention Signed-off-by: Daiki Ueno Author: Tomas Mraz Date: Mon Oct 26 15:23:24 2020 +0100 Use proper record version in client hello after hello retry request Signed-off-by: Tomas Mraz Fixes: #1053 Author: Daiki Ueno Date: Thu Nov 12 07:46:19 2020 +0100 pkcs11: increase the maximum PIN length from 31 to 255 The maximum is chosen from the default configuration of SoftHSMv2: https://github.com/opendnssec/SoftHSMv2/blob/develop/CMakeLists.txt#L61 Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 08:45:03 2020 +0100 _gnutls_x509_read_value: don't count terminating null byte for OIDs Signed-off-by: Nikos Mavrogiannopoulos Co-authored-by: Daiki Ueno Author: Daiki Ueno Date: Thu Nov 12 09:19:30 2020 +0100 x509: clarify how to release memory allocated for DN The application can assume that DNs returned from _gnutls_x509_get_dn() are allocated with gnutls_malloc() and thus shall be freed with gnutls_free(). Signed-off-by: Daiki Ueno Author: Michael Catanzaro Date: Mon Oct 12 16:33:54 2020 -0500 pkcs11: fix session leak in error path gnutls_pkcs11_obj_set_info() fails to call pkcs11_close_session() after a successful pkcs11_open_session() if called with an invalid itype parameter. That would be programmer error, of course, but better not forget to close the session regardless. Signed-off-by: Michael Catanzaro Author: Sahana Prasad Date: Mon Sep 28 10:21:40 2020 +0200 Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications to have a way to pass the gnutls_verify_output_function() as a callback so that the full path of the certificate chain to the trusted root can be avaiable as output. Signed-off-by: Sahana Prasad Author: Daiki Ueno Date: Thu Nov 5 05:57:01 2020 +0100 .gitlab-ci.yml: temporarily allow failures on Debian.cross.aarch64 qemu is currently causing segmentation fault: cipher: aes-128-gcm cipher: aes-192-gcm cipher: aes-256-gcm cipher: chacha20-poly1305 qemu: uncaught target signal 11 (Segmentation fault) - core dumped Segmentation fault (core dumped) default cipher tests failed FAIL test-ciphers-openssl.sh (exit status: 139) Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Nov 5 05:56:31 2020 +0100 .gitlab-ci.yml: use nettle git master for FreeBSD.x86_64 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Nov 6 09:54:54 2020 +0100 tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2 This reverts 485f2551e68d1b4ee70be2960f0a241b4a2b9fb9. After the new configuration file has been introduced, the allowed algorithms are checked after this part. Signed-off-by: Daiki Ueno Author: Remi Olivier Date: Wed Oct 28 20:43:25 2020 -0700 Fix memory leak with client certificate auth Fix memory leak with client certificate auth when rehandshake with ocsp More info in bug: gnutls/gnutls#1107 Signed-off-by: Remi Olivier Author: Daiki Ueno Date: Thu Nov 5 05:51:56 2020 +0100 Revert ".lgtm.yml: no longer bring nettle from master" This reverts commit bbe93dc315009fe1f9a30426cbe20f4661b8435c. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Nov 4 19:05:58 2020 +0100 gostdsa: fix memleak in _gnutls_gostdsa_unmask_key Spotted by valgrind: ==5721== 40 bytes in 1 blocks are definitely lost in loss record 1 of 3 ==5721== at 0x4839809: malloc (vg_replace_malloc.c:307) ==5721== by 0x4DC3E59: __gmp_default_allocate (in /usr/lib64/libgmp.so.10.4.0) ==5721== by 0x4DD26A3: __gmpz_realloc (in /usr/lib64/libgmp.so.10.4.0) ==5721== by 0x4DD8B9D: __gmpz_set_str (in /usr/lib64/libgmp.so.10.4.0) ==5721== by 0x499339D: _gnutls_gostdsa_unmask_key (gostdsa-mask.c:68) Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Nov 4 18:58:25 2020 +0100 testcompat-openssl: use RC4-SHA instead of RC4-MD5 for testing Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Nov 4 11:43:35 2020 +0100 .gitlab-ci.yml: use Fedora 33 with LEGACY policy for SSL 3.0 testing Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Nov 4 09:46:10 2020 +0100 .gitlab-ci.yml: supply -fstack-protector required by latest MinGW https://sourceforge.net/p/mingw-w64/bugs/818/ Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Nov 4 08:56:04 2020 +0100 tls-fuzzer: update submodules Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 12 17:42:15 2020 +0200 .gitlab-ci.yml: avoid using fipshmac The new fipshmac command provided by libkcapi requires NETLINK_CRYPTO, which is not enabled on gitlab CI. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 4 14:08:37 2020 +0200 src: remove use of siginterrupt GCC 10 warns this: tests.c:702:2: error: 'siginterrupt' is deprecated: Use sigaction with SA_RESTART instead [-Werror=deprecated-declarations] Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Oct 3 16:15:25 2020 +0200 .gitlab-ci.yml: update build-images for nettle 3.6 Also remove Debian.cross.mips-linux-gnu, as it is no longer supported. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Sep 6 08:56:07 2020 +0200 build: hard require nettle 3.6 This allows us to remove several backports, including XTS, CFB8, raw-ChaCha, CMAC64, Curve448, and the GOST curves and hashes. Signed-off-by: Daiki Ueno Author: Hans Leidekker Date: Tue Nov 3 12:31:38 2020 +0100 Make y parameter optional in gnutls_privkey_import_dsa_raw(). Signed-off-by: Hans Leidekker Author: Daiki Ueno Date: Fri Oct 30 16:53:47 2020 +0100 psktool: Fix hex-encoding logic of username The previous code didn't modify the pointer to the realloc'ed region nor check overflow before calling realloc. Spotted by Anderson Sasaki in: . Signed-off-by: Daiki Ueno Author: Sahana Prasad Date: Thu Oct 29 10:18:56 2020 +0100 PKCS#12: switch default encryption to AES-256-CBC Signed-off-by: Sahana Prasad Author: Daiki Ueno Date: Mon Oct 26 16:32:59 2020 +0100 srptool: fix FILE pointer leak Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 25 08:36:57 2020 +0100 mini-record-timing: use only async-signal-safe functions in handler Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Oct 24 10:23:03 2020 +0200 psktool: encode username if it contains special character This also moves the hex encoding of key to write_key for readability and makes file stream closing robuster. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 26 15:42:22 2020 +0100 bootstrap.conf: exercise more tests from Gnulib This fixes the build failure with -Werror: configure:53786: gcc -o conftest -O0 -Wall -Werror -g3 conftest.c -lev >&5 conftest.c:412: error: "GNULIB_STRERROR" redefined [-Werror] 412 | #define GNULIB_STRERROR 1 | conftest.c:305: note: this is the location of the previous definition 305 | #define GNULIB_STRERROR IN_GNUTLS_GNULIB_TESTS | cc1: all warnings being treated as errors as well as improves code coverage. Suggested by Bruno Haible in: . Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Oct 24 09:48:07 2020 +0200 gnutls_psk_set_server_credentials_file: document the file format Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 18 17:58:49 2020 +0200 serv: use only async-signal-safe functions in signal handlers Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 18 09:50:46 2020 +0200 _gnutls_asn2err: define as static inline This pacifies -fanalyzer false-positive: common.c:552:3: warning: use of NULL '' where non-null expected [CWE-690] [-Wanalyzer-null-argument] Ideally, the function should be defined as 'extern inline' to avoid code bloat by being copied across multiple translation units. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 18 07:19:29 2020 +0200 doc/examples/ex-ocsp-client.c: check malloc return value Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 18 07:25:42 2020 +0200 serv: peer_print_info: add overflow check on realloc Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 18 07:17:38 2020 +0200 serv: replace our own list implementation with Gnulib's gl_list Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 5 17:59:46 2020 +0200 fips: run CMAC self-tests FIPS140-2 IG D.8 mandates self-tests on CMAC. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 5 17:44:30 2020 +0200 fips: add self-tests for TLS-PRF FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As the guidance only requires to run a single instance of each KDF mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the underlying MAC algorithm. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Oct 6 11:54:21 2020 +0200 fips: use larger prime for DH self-tests According to FIPS140-2 IG 7.5, the minimum key size of FFC through 2030 is defined as 2048 bits. This updates the relevant self-test using ffdhe3072 defined in RFC 7919. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 5 16:59:50 2020 +0200 fips: add self-tests for PBKDF2 FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As the guidance only requires running a single instance of each KDF mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the underlying MAC algorithm. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 5 16:12:46 2020 +0200 fips: add self-tests for HKDF FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As the guidance only requires running a single instance of each KDF mechanism, this only exercises HKDF-Extract and HKDF-Expand operations with HMAC-SHA-256 as the underlying MAC. Although HKDF is non-approved, it would be sensible to do that as it will be approved in FIPS140-3. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Oct 3 14:50:26 2020 +0200 tests: add missing ${EXEEXT} Pointed by Andreas Metzler. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 2 17:23:27 2020 +0200 tests: prolong timeout in wait_for_port gnutls-serv invocations in cert-tests/dsa can take long time to launch if valgrind tests are enabled. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Sep 28 19:05:52 2020 +0200 tests: remove unused lock facility using lockfile-create Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Sep 26 11:58:17 2020 +0200 tests: create lock for tests using GETPORT This fixes a race condition in the timings between when a free port is detected and when the port is actually used. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Sep 24 11:48:24 2020 +0200 tests: simplify program detection Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Sep 24 10:47:30 2020 +0200 tests: rewrite launch_server using launch_bare_server Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Sep 27 16:11:32 2020 +0200 x509: correct argument of gnutls_verify_output_function This is a leftover of 52e78f1e. We need to call gnutls_verify_output_function with the replaced CA cert instead of the original cert. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Sep 23 09:34:09 2020 +0200 tests: remove launch_pkcs11_server This function is only used by testpkcs11.sh. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Sep 23 09:12:32 2020 +0200 tests: remove unused first argument from launch_server Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Sep 23 09:09:45 2020 +0200 tests: use ": ${FOO=BAR}" syntax for default handling in shell scripts Signed-off-by: Daiki Ueno Author: JonasZhou Date: Wed Sep 23 19:22:50 2020 +0800 x86:Modify variable name Modify the variables _gnutls_sha_padlock and _gnutls_sha_padlock_nano. Add a comment for detecting CPU. Modify the indentation. Delete initialization etc. Signed-off-by: JonasZhou Author: JonasZhou Date: Tue Sep 15 16:36:57 2020 +0800 x86:add detection of instruction set on Zhaoxin CPU Add detection of extended instruction set on Zhaoxin cpu,e.g:ssse3,sha, etc. Set the priority of the algorithm according to the benchmark test result on Zhaoxin cpu. Signed-off-by: JonasZhou Author: JonasZhou Date: Wed Sep 16 14:08:21 2020 +0800 x86: fix avx detection In the case of setting environment variables, AVX cannot be detected correctly. Because only MOVBE is added to variable _gnutls_x86_cpuid_s, there is no OSXSAVE. And according to the intel manual, using AVX does not need to detect FMA. Signed-off-by: JonasZhou Author: JonasZhou Date: Wed Sep 23 14:19:39 2020 +0800 padlock:fix exception in wrap_padlock_hmac_fast In function wrap_padlock_hmac_fast, use free to release local variables ctx. Remove a call to wrap_padlock_hmac_deinit() to fix a crash. Signed-off-by: JonasZhou Author: Daiki Ueno Date: Mon Sep 14 17:59:00 2020 +0200 testcompat-openssl: specify -sigalgs The default selection of signature schemes is also affected by the crypto-policies, and needs to be explicitly enabled with -sigalgs. Suggested by Tomas Mraz. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Sep 14 08:31:17 2020 +0200 inih: remove unused code This avoids -fanalyzer false-positive in GCC 10: https://bugzilla.redhat.com/show_bug.cgi?id=1878600 as well as the cppcheck warning: "variableScope:lib/inih/ini.c:99,style,The scope of the variable 'start' can be reduced." Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Sep 20 17:49:17 2020 +0200 priority: add Ed448 to SECURE192 signing algorithms Reported Vladimír Čunát in: https://gitlab.com/gnutls/gnutls/-/merge_requests/984#note_349374656 Signed-off-by: Daiki Ueno Author: Andreas Metzler Date: Sat Sep 19 10:57:04 2020 +0200 testsuite: Fix $SERV / $GNUTLS_SERV inconsistency Some tests did not support overriding the PATH to gnutls-serv by setting the environment variable SERV but used GNUTLS_SERV instead. Closes #1090 Signed-off-by: Andreas Metzler Author: Andreas Metzler Date: Fri Sep 18 13:55:06 2020 +0200 In testsuite scripts use "$@" instead of $*. Signed-off-by: Andreas Metzler Author: Daiki Ueno Date: Sun Sep 13 17:19:32 2020 +0200 build: remove dead assignments Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Sep 8 19:55:14 2020 +0200 spki: work around GCC 10 -Warray-bounds false-positive Suggested by Martin Sebor in: https://bugzilla.redhat.com/show_bug.cgi?id=1876801#c1 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Sep 8 19:51:07 2020 +0200 tls13/session_ticket: remove _gnutls13_session_ticket_unset The function was not really useful because _gnutls_free_datum() has a NULL check as in free(). This also makes GCC 10 happy if -Warray-bounds=2 is specified: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96984 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Sep 7 09:52:52 2020 +0200 tests: allow clock_nanosleep in seccomp tests The nanosleep wrapper in glibc has changed the implementation using the clock_nanosleep syscall: https://sourceware.org/git/?p=glibc.git;a=commit;h=3537ecb49cf7177274607004c562d6f9ecc99474 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Sep 7 09:52:09 2020 +0200 .gitlab-ci.yml: bump build environment to Fedora 32 Signed-off-by: Daiki Ueno Author: Andreas Metzler Date: Wed Sep 16 07:18:51 2020 +0200 testsuite: Run GOST part of tests/gnutls-cli-debug.sh Closes #1097 Signed-off-by: Andreas Metzler Author: Andreas Metzler Date: Wed Sep 16 07:13:06 2020 +0200 testsuite: Fix GOST gnutls-cli-debug test GOST algorithms are not enabled by default, explicitely request them in priority string. Signed-off-by: Andreas Metzler Author: Sahana Prasad Date: Mon Sep 14 13:09:00 2020 +0200 Modifies P_hash() to hash the seed and label separately Thereby not restricting the implementation of prf to MAX_SEED_SIZE MAX_SEED_SIZE is not used anymore Signed-off-by: Sahana Prasad Author: Daiki Ueno Date: Thu Sep 17 12:03:20 2020 +0200 build: ignore pointless -Wformat-nonliteral warning Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Sep 17 11:15:43 2020 +0200 configure.ac: don't enable warning only available in decent gcc -Warith-conversion is new in GCC 10. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Sep 12 20:29:54 2020 +0200 .gitlab-ci.yml: bump cache version Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Sep 13 20:27:05 2020 +0200 build: ignore pointless -Wformat-y2k warning Printing UTCTime really needs last 2 digits of the year. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Sep 13 17:52:44 2020 +0200 gnulib: update git submodule This brings in the build fixes of parse-datetime module: https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html Signed-off-by: Daiki Ueno Author: Nikolay Sivov Date: Sun Sep 6 23:42:33 2020 +0300 Make private exponent optional in gnutls_privkey_import_rsa_raw(). Signed-off-by: Nikolay Sivov Author: Nikolay Sivov Date: Sun Sep 6 21:18:57 2020 +0300 Use symbols defined for RSA key parameter indices in some more places. Signed-off-by: Nikolay Sivov Author: Daiki Ueno Date: Sat Aug 22 17:19:39 2020 +0200 handshake: reject no_renegotiation alert if handshake is incomplete If the initial handshake is incomplete and the server sends a no_renegotiation alert, the client should treat it as a fatal error even if its level is warning. Otherwise the same handshake state (e.g., DHE parameters) are reused in the next gnutls_handshake call, if it is called in the loop idiom: do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); Signed-off-by: Daiki Ueno Author: Nikolay Sivov Date: Wed Sep 2 23:49:14 2020 +0300 Consolidate optional arguments tests for RSA key import, cleanup after each import. Signed-off-by: Nikolay Sivov Author: Nikolay Sivov Date: Wed Sep 2 23:14:14 2020 +0300 Move RSA key parameter counter fixup closer to exponent update helper. Signed-off-by: Nikolay Sivov Author: Sahana Prasad Date: Tue Sep 1 23:16:53 2020 +0200 src/cli: adds new option '--ca-auto-retrieve' that can be used with gnutls-cli to automatically download missing intermediate CAs in a certificate chain lib/cred-cert.c : adds set and get APIs to get user data in the gnutls_x509_trust_list_set_getissuer_function() callback. Signed-off-by: Sahana Prasad Author: Nikolay Sivov Date: Tue Sep 1 21:00:18 2020 +0300 Add some tests for optional arguments in gnutls_privkey_import_rsa_raw(). Signed-off-by: Nikolay Sivov Author: Nikolay Sivov Date: Tue Sep 1 19:29:20 2020 +0300 Fix optional parameters counter when importing RSA private keys. Currently gnutls_privkey_import_rsa_raw() allows 3 last arguments to be omitted, key fixup logic however checks for 3 missing arguments when updating coefficient 'u' but then asserts when updating exponents 'e1' and 'e2' assuming only 2 parameters are missing at that point. Signed-off-by: Nikolay Sivov Author: Nikolay Sivov Date: Tue Sep 1 19:15:02 2020 +0300 Use symbols defined for RSA key parameter indices in more places. Signed-off-by: Nikolay Sivov Author: Daiki Ueno Date: Sun Aug 30 14:40:13 2020 +0200 tests: fix sizeof usage in mini-record-timing Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Aug 30 14:35:47 2020 +0200 padlock: fix partial PHE detection The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead of arbitrary length data when EAX is set to -1. Signed-off-by: Daiki Ueno Author: Albrecht Dreß Date: Sat Aug 29 14:33:05 2020 +0200 improve gnutls-serv EOL processing add option `--crlf` to gnutls-serv to disable replacing a received CRLF by LF in echo mode (fixes #1073). Signed-off-by: Albrecht Dreß Author: Daiki Ueno Date: Thu Aug 13 18:17:08 2020 +0200 gnutls_aead_cipher_decrypt: check output buffer size before writing While the documentation of gnutls_aead_cipher_decrypt indicates that the inout argument ptext_len initially holds the size that sufficiently fits the expected output size, there was no runtime check on that. This makes the interface robuster against misuses. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Aug 16 11:43:35 2020 +0200 handshake: check TLS version against modified server priorities The server needs to take into account of multiple factors when determining the TLS protocol version actually being used: - the legacy version - "supported_versions" extension - user_hello_func that may modify the server's priorities Only after that it can check whether the TLS version is enabled in the server's priorities. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Aug 16 18:23:24 2020 +0200 gnutls_x509_crt_export2: return 0 instead of the length This aligns the behavior to the documentation. Signed-off-by: Daiki Ueno Author: Fiona Klute Date: Sun Aug 16 14:05:44 2020 +0200 Fix parser output in tests/cert-tests/data/gost-cert-nogost.pem When building without GOST support parsing a GOST certificate must return an "error importing public key" message instead of key details. This change makes tests/cert-tests/pem-decoding pass for builds with --disable-gost. Signed-off-by: Fiona Klute Author: Daiki Ueno Date: Fri Aug 14 07:27:40 2020 +0200 cert-session: check OCSP error responses If the OCSP responder returns an error code, such as tryLater, we can't proceed to examine the response bytes. In that case, just skip the check unless the stapling is mandatory on this certificate. Signed-off-by: Daiki Ueno Author: Steve Lhomme Date: Wed Jul 15 09:34:19 2020 +0200 mangle gnutls-built ecc_scalar_random GNUTLS builds ecc-random.c but ecc_scalar_random() is a public API. So we mangle the internal version we build. ecc_mod_random is unaffected as it's an internal API that is mangled by GNUTLS. Fixes #1016 Signed-off-by: Steve Lhomme Author: Daiki Ueno Date: Thu Aug 13 15:56:20 2020 +0200 minitasn1: move WARN_CFLAGS setting to configure.ac Some compilers don't support -Wno-type-limits, while they support -Wtype-limits. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jun 4 16:42:07 2020 +0200 _gnutls_fips_mode_enabled: treat selftest failure as FIPS disabled Previously gnutls_fips140_mode_enabled() returned true, even after selftests have failed and the library state has switched to error. While later calls to crypto operations fails, it would be more convenient to have a function to detect that state. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Aug 12 08:10:51 2020 +0200 doc: assorted typo fixes Spotted by codespell. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Aug 12 07:29:30 2020 +0200 serv, cli: ensure that invalid flag is always set According to the documentation, the GNUTLS_CERT_INVALID flag must always be set in case of verification failure, together with the flag indicating the actual error cause. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Aug 12 07:27:17 2020 +0200 cert-session: fail hard if mandatory stapling is not honored According to the documentation, the GNUTLS_CERT_INVALID flag must always be set in case of verification failure, together with the flag indicating the actual error cause. Signed-off-by: Daiki Ueno Author: Michael Catanzaro Date: Fri Aug 7 13:55:23 2020 -0500 Fix invalid free in missing issuer test case error path This variable is not initialized in this error path: it's only initialized if gnutls_x509_crt_get_authority_info_access() succeeds. Signed-off-by: Michael Catanzaro Author: Michael Catanzaro Date: Fri Aug 7 13:00:22 2020 -0500 Fix typo in API docs Signed-off-by: Michael Catanzaro Author: Petr Pavlu Date: Wed Jul 8 10:12:30 2020 +0200 pubkey: avoid spurious audit messages from _gnutls_pubkey_compatible_with_sig() When checking in _gnutls_pubkey_compatible_with_sig() whether a public key is compatible with a signature algorithm, run first pubkey_supports_sig() before performing weaker checks that can accept the given algorithm but with an audit-log warning. This avoids an issue when a weaker check would log an audit message for some signature algorithm that would then be determined as incompatible by the pubkey_supports_sig() check anyway. For instance, a GnuTLS server might have a certificate with a SECP384R1 public key and a client can report that it supports ECDSA-SECP256R1-SHA256 and ECDSA-SECP384R1-SHA384. In such a case, the GnuTLS server will eventually find that it must use ECDSA-SECP384R1-SHA384 with this public key. However, the code would first run _gnutls_pubkey_compatible_with_sig() to check if SECP384R1 is compatible with ECDSA-SECP256R1-SHA256. The function would report the audit warning "The hash size used in signature (32) is less than the expected (48)" but then reject the signature algorithm in pubkey_supports_sig() as incompatible because it has a different curve. Since the algorithm gets rejected it is not necessary to inform about its hash size difference in the audit log. Signed-off-by: Petr Pavlu Author: Daiki Ueno Date: Sat Jul 18 08:26:48 2020 +0200 ecdh: perform SP800-56A rev3 full pubkey validation on keygen This implements full public key validation required in SP800-56A rev3, section 5.6.2.3.3. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 17 17:47:06 2020 +0200 dh: perform SP800-56A rev3 full pubkey validation on keygen This implements full public key validation required in SP800-56A rev3, section 5.6.2.3.1. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 17 17:45:17 2020 +0200 dh-primes: make the FIPS approved check return Q value This is necessary for full public key validation in SP800-56A (revision 3), section 5.6.2.3.1. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 10 09:42:30 2020 +0200 ecdh: check validity of P before export SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of the calculated shared secret is verified before the data is returned to the caller. This patch adds the validation check. Suggested by Stephan Mueller. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 10 09:35:49 2020 +0200 dh: check validity of Z before export SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the calculated shared secret is verified before the data is returned to the caller. This patch adds the validation check. Suggested by Stephan Mueller. Signed-off-by: Daiki Ueno Author: Alexander Sosedkin Date: Fri Jul 3 14:54:17 2020 +0200 tests: split up system-override-sig-hash.sh Split up system-override-sig-hash.sh so that the errors won't get swallowed or conflated. Also correct unused `srcdir` to `builddir`, which I believe was meant to be set there. Signed-off-by: Alexander Sosedkin Author: Steve Lhomme Date: Mon Jun 22 09:09:05 2020 +0200 fix connectx not available on older macOS SDK Fixes this compilation error: system/fastopen.c:134:9: error: 'connectx' is only available on macOS 10.11 or newer [-Werror,-Wunguarded-availability] ret = connectx(fd, &endpoints, SAE_ASSOCID_ANY, CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT, NULL, 0, NULL, NULL); ^~~~~~~~ /Applications/Xcode9.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/socket.h:713:5: note: 'connectx' has been marked as being introduced in macOS 10.11 here, but the deployment target is macOS 10.7.0 The detection is the same as found in curl [1]. If HAVE_BUILTIN_AVAILABLE is not available we fallback to the code without TCP_FASTOPEN_OSX. The OS values match exactly the values found in https://opensource.apple.com/source/xnu/xnu-4570.41.2/bsd/sys/socket.h [1] https://github.com/curl/curl/commit/870d849d48a26b8eeb0d4bb1f4655367a4a191ca Signed-off-by: Steve Lhomme Author: James Bottomley Date: Sun Jun 28 21:33:09 2020 +0200 build: use $(LIBPTHREAD) rather than non-existent $(LTLIBPTHREAD) On a very recent openSUSE build, libgnutls is getting built without libpthread. This caused a thread related error when trying to load a pkcs11 module that uses threading. The reason is rather convoluted: glibc actually controls all the pthread_ function calls, but it returns success without doing anything unless -lpthread is in the link list. What's happening is that gnutls_system_mutex_init() is being called on _gnutls_pkcs11_mutex before library pthreading is initialized, so the pthread_mutex_init ends up being a nop. Then, when the pkcs11 module is loaded, pthreads get initialized and the call to pthread_mutex_lock is real, but errors out on the uninitialized mutex. The problem seems to be that nothing in the gnulib macros gnutls relies on for threading support detection actually sets LTLIBPTHREAD, they only set LIBPTHREAD. The fix is to use LIBPTHREAD in lib/Makefile.in Signed-off-by: James Bottomley Author: Daiki Ueno Date: Sun Jun 21 16:03:54 2020 +0200 safe_memcmp: remove in favor of gnutls_memcmp Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 26 10:21:26 2020 +0200 dhe: check if DH params in SKE match the FIPS approved algorithms SP800-56A rev. 3 restricts the FIPS compliant clients to use only approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a check in the handling of ServerKeyExchange if DHE is negotiated. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 26 09:43:02 2020 +0200 dh-primes: add MODP primes from RFC 3526 Signed-off-by: Daiki Ueno Author: Fiona Klute Date: Tue Jun 16 21:23:14 2020 +0200 Update tlsfuzzer to get Python interpreter detection Tlsfuzzer also assumed the Python interpreter would be called "python", this update is necessary to get a fixed version (see https://github.com/tomato42/tlsfuzzer/pull/671). Signed-off-by: Fiona Klute Author: Fiona Klute Date: Tue Jun 16 20:48:44 2020 +0200 Detect Python interpreter instead of assuming "python" This makes the extended test suite work one Debian(-ish) systems without Python 2, where the Python 3 interpreter is called "python3". Signed-off-by: Fiona Klute Author: Daiki Ueno Date: Fri Jun 12 16:50:14 2020 +0200 .gitlab-ci.yml: bump configure cache version Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 12 11:34:38 2020 +0200 .gitignore: ignore more files Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 12 11:32:58 2020 +0200 build: avoid -Wenum-conversion warnings with GCC 10 Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Sun Jun 14 23:31:27 2020 +0300 .gitlab-ci: disable config.cache for nettle-master builds Disable usage of config.cache for nettle-master builds. Such config.cache files can easily become stale, thus resulting in build failures. Signed-off-by: Dmitry Baryshkov Author: Fiona Klute Date: Sun Jun 14 12:52:46 2020 +0200 Wipe session ticket keys before releasing the session structure This includes both a copy of the master key and one or two derived keys, all of which could be used to decrypt session tickets if stolen. The derived keys could only be used for tickets issued within a certain time frame (by default several hours). The documentation for gnutls_session_ticket_enable_server() already states that the master key should be wiped before releasing it, and the same should apply to internal copies. Signed-off-by: Fiona Klute Author: Daiki Ueno Date: Tue Jun 9 10:44:57 2020 +0200 tests/cert-test/invalid-sig: use datefudge to test expired certs Suggested by Andreas Metzler in: https://gitlab.com/gnutls/gnutls/-/issues/1021 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 9 10:41:18 2020 +0200 tests: check_for_datefudge: don't exit the test programs This makes check_for_datefudge not to immediately exit the program, but to return non-zero to allow the tests by themselves to control the behavior when "datefudge" is not found. Signed-off-by: Daiki Ueno Author: Vitezslav Cizek Date: Tue Jun 9 13:54:04 2020 +0200 configure: improve nettle, gmp, and hogweed soname detection Some linkers might optimize away the libraries passed on the command line if they aren't actually needed, such as gnu ld with --as-needed. The ldd output then won't list the shared libraries and the detection will fail. Make sure nettle and others are really used. Signed-off-by: Vitezslav Cizek Author: Lei Maohui Date: Mon Jun 8 16:15:07 2020 +0900 Modied the license to GPLv2.1+ to keep with LICENSE file. Signed-off-by: Lei Maohui Author: Daiki Ueno Date: Mon Jun 8 06:45:24 2020 +0200 configure.ac: prefer the latest version of build infrastructure AM_GNU_GETTEXT_REQUIRE_VERSION tells autopoint to copy the latest possible build infrastructure installed on the system, rather than the fixed version from the archive.dir.tar.xz. This makes the bootstrapping slightly faster and allows us not to stick with the ancient gettext version. Signed-off-by: Daiki Ueno Author: Steve Lhomme Date: Sun Jun 7 17:41:21 2020 +0000 CI: fix typo in the Vista target This resulted in the MinGW64.Vista+ target doing the same thing as the MinGW64 target. Signed-off-by: Steve Lhomme Author: Daiki Ueno Date: Sun Jun 7 15:46:51 2020 +0200 RELEASES.md: move the release steps to devel/ [ci skip] As the information is only useful to developers, having it under devel/ rather than in the tarball is more releavant. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jun 7 15:45:13 2020 +0200 RELEASES.md: mention 3.7.x releases Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jun 7 15:41:59 2020 +0200 RELEASES.md: fix typo in scp command line Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jun 7 15:39:39 2020 +0200 NEWS: add missing API modifications to 3.6.14 entry Reported by Andreas Metzler in: https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004650.html Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Thu Jan 9 01:42:22 2020 +0300 crypto-selftest: add test vectors for MAGMA/KUZNYECHIK-CTR-ACPKM Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jan 9 01:11:50 2020 +0300 crypto-api: add _gnutls_cipher_set_key wrapper() Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Oct 17 16:38:40 2019 +0300 cipher/mac: enhance handlers with setkey callback Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jan 9 00:58:50 2020 +0300 selftests: add test vectors for MAGMA/KUZNYECHIK-OMAC Add test vectors for newly added MAC algorithms. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Sep 21 22:11:51 2018 +0300 lib: add Magma/Kuznyechik OMAC support Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Sep 21 22:11:14 2018 +0300 lib: add Magma/Kuznyechik ciphers support Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Sep 21 22:10:30 2018 +0300 nettle/gost: add ACPKM rekeying code Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Sep 21 22:10:03 2018 +0300 nettle/gost: add CMAC-64/Magma/Kuznyechik code Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Sep 21 22:09:36 2018 +0300 nettle/gost: add Kuznyechik code Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Sep 21 22:09:11 2018 +0300 nettle/gost: add Magma code Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Sep 21 22:08:44 2018 +0300 nettle/gost: export gost28147_decrypt_simple for magma cipher Signed-off-by: Dmitry Eremin-Solenikov Author: Steve Lhomme Date: Sat Jun 6 14:05:16 2020 +0200 Merge the extra libraries to link dynamically in GNUTLS_LIBS_PRIVATE This should fix #1020 where bcrypt is missing from thirdparty_libadd. Ultimately it would be good to add libraries that always need to be linked in one variable that is shared between the Makefile and the pkg-config file. Signed-off-by: Steve Lhomme Author: Daiki Ueno Date: Fri Jun 5 16:26:33 2020 +0200 crypto-api: always allocate memory when serializing iovec_t The AEAD iov interface falls back to serializing the input buffers if the low-level cipher doesn't support scatter/gather encryption. However, there was a bug in the functions used for the serialization, which causes memory leaks under a certain condition (i.e. the number of input buffers is 1). This patch makes the logic of the functions simpler, by removing a micro-optimization that tries to minimize the number of calls to malloc/free. The original problem was reported by Marius Steffen in: https://bugzilla.samba.org/show_bug.cgi?id=14399 and the cause was investigated by Alexander Haase in: https://gitlab.com/gnutls/gnutls/-/merge_requests/1277 Signed-off-by: Daiki Ueno Author: František Krenželok Date: Thu Jun 4 16:59:33 2020 +0200 tests: updated tlsfuzzer tests to latest version excluded some tests from test-certificate-malformed.py Signed-off-by: KrenzelokFrantisek Author: Sahana Prasad Date: Wed May 27 12:42:24 2020 +0200 devel/libgnutls-latest-x86_64.abi, doc, NEWS, and manpage updates Signed-off-by: Sahana Prasad Author: Sahana Prasad Date: Fri May 22 15:11:32 2020 +0200 tests: Adds new tests missingissuer and missingissuer_aia Signed-off-by: Sahana Prasad Author: Sahana Prasad Date: Fri May 22 09:42:47 2020 +0200 Implements a callback function gnutls_x509_trust_list_set_getissuer_function() Signed-off-by: Sahana Prasad Author: Daiki Ueno Date: Mon Jun 1 14:18:03 2020 +0200 Release 3.6.14 [ci skip] Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 2 21:45:17 2020 +0200 valgrind: check if session ticket key is used without initialization This adds a valgrind client request for session->key.session_ticket_key to make sure that it is not used without initialization. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 2 20:53:11 2020 +0200 stek: differentiate initial state from valid time window of TOTP There was a confusion in the TOTP implementation in stek.c. When the mechanism is initialized at the first time, it records the timestamp but doesn't initialize the key. This removes the timestamp recording at the initialization phase, so the key is properly set later. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 2 05:38:28 2020 +0200 gnutls_cipher_init: fix potential memleak Upon failure this function returns without freeing memory allocated internally. This makes sure that it is released and do not touch the output handle argument. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 2 05:34:29 2020 +0200 gnutls_aead_cipher_init: fix potential memleak When _gnutls_aead_cipher_init() fails, the function returns without freeing the allocted handle. This was once fixed in commit 502be130493e8ce802cdf60fffdbb5f1885352a5 but regressed after a code reorganization in commit 2eef509ce5f2d250f8dcaeffa46444dd2b694e91. Reported by Miroslav Lichvar. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jun 1 17:23:59 2020 +0200 serv: omit upper bound of --maxearlydata option definition It turned out that AutoGen treats numbers that exceed INT_MAX in a platform dependent way. In this case, 4294967295 (UINT_MAX) is treated as is on 64-bit platforms, while it is interpreted as "-1" on 32-bit platforms. This causes a problem when the program documentation is compiled under multilib environment. Reported by Ivan Molodetskikh in: https://bugzilla.redhat.com/show_bug.cgi?id=1841844 and the cause was identified by Anderson Toshiyuki Sasaki. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun May 31 14:28:48 2020 +0200 tests: add test case for certificate chain superseding Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun May 31 13:59:53 2020 +0200 x509: trigger fallback verification path when cert is expired gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN to trigger the fallback verification path if the signer of the last certificate is not in the trust store. Previously, it doesn't take into account of the condition where the certificate is expired. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun May 31 12:39:14 2020 +0200 _gnutls_pkcs11_verify_crt_status: check validity against system cert To verify a certificate chain, this function replaces known certificates with the ones in the system trust store if possible. However, if it is found, the function checks the validity of the original certificate rather than the certificate found in the trust store. That reveals a problem in a scenario that (1) a certificate is signed by multiple issuers and (2) one of the issuers' certificate has expired and included in the input chain. This patch makes it a little robuster by actually retrieving the certificate from the trust store and perform check against it. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 16 17:16:08 2020 +0100 devel: provide external git diff driver for *.abi files [ci skip] This adds an external diff driver for *.abi files, that shows only interesting changes in those files. This would be useful when adding a new API. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat May 30 11:06:57 2020 +0200 build: write "FILE *fp" instead of "FILE *fd" This makes it clear that "fd" is not a file descriptor but a FILE pointer. Suggested by Tim Rühsen. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 25 15:33:49 2020 +0200 gnutls_load_file: document limitation regarding partial failure Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 25 11:21:38 2020 +0200 cert-cred: clear private key data loaded from file This makes use of the RF_SENSITIVE flag newly added to read_file function when reading potentially senstive information from a file. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 25 10:09:28 2020 +0200 lib: avoid file descriptor leak when application forks This makes use of the "e" flag of fopen, provided by the Gnulib's fopen-gnu module. Reported by Remi Denis-Courmont in: https://gitlab.com/gnutls/gnutls/-/issues/985 and fix suggested by Tim Rühsen. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 25 18:37:51 2020 +0200 gnulib: update git submodule This brings in the new fopen-gnu module and the RF_SENSITIVE flag for fread_file and read_file. This also adds the following changes to be consistent with the latest changes in Gnulib: - the callers of fread_file and read_file to be adjusted for the FLAGS argument - "attribute.h" needs to be used extensively Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Thu May 28 00:05:35 2020 +0300 p12: do not encrypt encrypt certificate bag with empty password Do not encrypt certificate bag if the user has specified empty password (--password ''). Encryption can be turned on by specifying --empty-password. Fixes #888 Signed-off-by: Dmitry Baryshkov Author: Steve Lhomme Date: Wed Apr 29 10:32:08 2020 +0200 win32: use bcrypt instead of CryptoAPI on Vista+ for random numbers CryptoAPI is a deprecated API [1] that is forbidden in UWP builds. Rewrite the CryptoAPI calls in bcrypt. bcrypt is used instead of CryptoAPI when targeting Windows Vista and above. https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt Signed-off-by: Steve Lhomme Author: Dmitry Baryshkov Date: Wed May 27 23:42:01 2020 +0300 certtool: do not ask for private key password if it was provided Make pin_callback() use cinfo->password if it is set (via command line or from template). Fixes #933 Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Thu May 28 03:15:55 2020 +0300 .travis.yml: use several different OSX versions Signed-off-by: Dmitry Baryshkov Author: Steve Lhomme Date: Wed May 27 21:14:50 2020 +0000 win32: move the NCRYPT key import into a function No functional change. The has been simply moved. Signed-off-by: Steve Lhomme Author: Steve Lhomme Date: Wed May 27 21:13:43 2020 +0000 configure.ac: determine if the Vista APIs can be linked statically If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during the build. We can assume that the minimum platform the code will run on is Vista [1] In that case there's no need to call API's (ncrypt) dynamically when it can be done statically. [1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt Signed-off-by: Steve Lhomme Author: Dmitry Baryshkov Date: Wed May 27 00:34:02 2020 +0300 lib: add support for AES-192-GCM Add support for AES-192 in GCM mode. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue May 26 16:19:59 2020 +0300 configure: check that -no_weak_links works with FD_SET Several Xcode/SDK versions provide FD_SET implementation that does not work with -no_weak_links. Check that this option does not break FD_SET usage. Fixes #966 Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue May 26 13:12:24 2020 +0300 tests: build datefudge-check during make all Most of the tests depend on datefudge-check. Let's make it during 'make all' stage to allow running individual tests w/o requiring to build it separately. Fixes #920 Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue May 26 13:06:03 2020 +0300 configure.ac: add -fno-builtin-strcmp if valgrind is enabled Recent GCC provides strcmp which makes Valgrind assume that it accesses uninitialized data. Disable this optimization if Valgrind tests are enabled. Fixes #944 Signed-off-by: Dmitry Baryshkov Author: rrivers2 <5981058-rrivers2@users.noreply.gitlab.com> Date: Sun May 24 23:11:01 2020 +0000 Update session_ticket.c to add support for zero length session tickets returned from the server check that ticket_len > 0 prior to calling gnutls_realloc_fast Signed-off-by: Rod Rivers <5981058-rrivers2@users.noreply.gitlab.com> Author: Dmitry Baryshkov Date: Thu May 14 05:54:58 2020 +0300 build: vendor in libtasn1 code Instead of keeping the minitasn1 source in Git, vendor in it during bootstrap as we do with Nettle code. This also upgrades included minitasn1 to latest version (4.16.0). Signed-off-by: Dmitry Baryshkov Author: Steve Lhomme Date: Tue May 19 16:23:40 2020 +0200 win32: link with crypt32 Since 5d03564cccd2c10c41252ea468d4a098bd08e9c1 we use CertOpenStore(). To properly link it needs to be linked with the crypt32.dll. https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore This library was missing from the pkg-config library. It exists in thirdparty_libadd to link gnutls as a DLL. Signed-off-by: Steve Lhomme Author: Daiki Ueno Date: Tue May 19 16:18:39 2020 +0200 fips: remove FIPS_STARTUP_ONLY_TEST_CASE macro The macro was intended to avoid non-recoverable errors during library initialization, but the code path has been removed in commit 3963518d067a64412bbe0aa9ce5fc33ae729c15f. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon May 18 12:25:42 2020 +0200 fips: make FIPS140-2 mode enablement logic simpler Previously, to enable the FIPS140-2 mode, both /etc/system-fips and the fips=1 kernel command line need to be set. While this was designed to be consistent, the convention is not well followed by the other crypto libraries and the former tends to be ignored. This aligns the behavior to the latter, i.e. if fips=1 is set, the library enables the FIPS140-2 mode regardless of the existence of /etc/system-fips. Suggested by Alexander Sosedkin. Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Mon May 18 00:13:34 2020 +0300 x509: support commonName extension Add support for Common Name certificate extension. Fixes #989 Signed-off-by: Dmitry Baryshkov Author: Daniel Lenski Date: Sun May 17 14:50:47 2020 -0700 refine tests for ancient servers which support both SSL 3.0 and TLS 1.0, but both only with %NO_EXTENSIONS This is a follow-up to !1221. See #958 and https://gitlab.com/openconnect/openconnect/-/issues/145 for a real-world example of ancient Cisco servers with these deficiencies. With !1221 only, gnutls-cli-debug reports that these ancient servers only support SSL 3.0 (but without extensions). Information after this point is largely erroneous: $ gnutls-cli-debug ***vpn.***.com GnuTLS debug client 3.6.12 Checking ***vpn.***.com:443 whether the server accepts default record size (512 bytes)... no whether %ALLOW_SMALL_RECORDS is required... no for SSL 3.0 (RFC6101) support... yes for SSL 3.0 with extensions... no With this additional change, gnutls-cli-debug correctly reports that such a server also supports TLS 1.0 (but again with extensions disabled). Below I've marked some of the significant fields that have changed: $ gnutls-cli-debug ***vpn.***.com GnuTLS debug client 3.6.12 Checking ***vpn.***.com:443 whether the server accepts default record size (512 bytes)... no whether %ALLOW_SMALL_RECORDS is required... no for SSL 3.0 (RFC6101) support... yes for SSL 3.0 with extensions... no whether we need to disable TLS 1.2... yes whether we need to disable TLS 1.1... yes # This is now correct: whether we need to disable TLS 1.0... no # This is now correct: whether %NO_EXTENSIONS is required... yes # This is now correct: for TLS 1.0 (RFC2246) support... yes for TLS 1.1 (RFC4346) support... no fallback from TLS 1.1 to... failed for TLS 1.2 (RFC5246) support... no # This is now correct: for known TLS or SSL protocols support... yes TLS1.2 neg fallback from TLS 1.6 to... failed (server requires fallback dance) for inappropriate fallback (RFC7507) support... no for HTTPS server name... ****** for certificate chain order... sorted for Safe renegotiation support (SCSV)... no for version rollback bug in RSA PMS... no for version rollback bug in Client Hello... no whether the server ignores the RSA PMS version... no whether small records (512 bytes) are tolerated on handshake... yes whether cipher suites not in SSL 3.0 spec are accepted... yes whether a bogus TLS record version in the client hello is accepted... yes whether the server understands TLS closure alerts... partially whether the server supports session resumption... yes for anonymous authentication support... no for ephemeral Diffie-Hellman support... no for RFC7919 Diffie-Hellman support... no for AES-GCM cipher (RFC5288) support... no for AES-CCM cipher (RFC6655) support... no for AES-CCM-8 cipher (RFC6655) support... no for AES-CBC cipher (RFC3268) support... no for CAMELLIA-GCM cipher (RFC6367) support... no for CAMELLIA-CBC cipher (RFC5932) support... no # This is now correct: for 3DES-CBC cipher (RFC2246) support... yes # This is now correct: for ARCFOUR 128 cipher (RFC2246) support... yes for CHACHA20-POLY1305 cipher (RFC7905) support... no for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support... no for MD5 MAC support... yes for SHA1 MAC support... yes for SHA256 MAC support... no for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support... no Signed-off-by: Daniel Lenski Author: Dmitry Baryshkov Date: Sun May 17 22:01:22 2020 +0300 x509: aki: always print authorityCert info Always print authorityCertIssuer/SerialNumber. Currently it is output only if keyIdentifier is not present. Fixes #991 Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon May 11 23:50:40 2020 +0300 output: add Russian security class policies Add Russian Security Class certificate policies (per draft-deremin-rfc4491-bis). Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon May 11 23:11:56 2020 +0300 x509: print certificate policiy names Add ability to print names for several pre-defined Certificate policies. Currently the list is populated with anyPolicy from X.509 and CA/B policies. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Thu May 14 02:22:05 2020 +0300 certtool: use gnutls_pkcs7_print_signature_info Use new function to remove code duplication. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Thu May 14 02:20:57 2020 +0300 pkcs7: add function to display signature information Basically export print_pkcs7_info() in a way usable by external applications. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Thu May 14 02:22:20 2020 +0300 pkcs7: decode attribute OIDs when printing Try printing symbolic names for well-known OIDs when printing PKCS7 signature info. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Thu May 14 05:28:20 2020 +0300 devel: add libtasn1 submodule GnuTLS maintains a part of libtasn1 sources in form of minitasn1 import. Add libtasn1 submodule to ease synchronization with libtasn1. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Thu May 14 02:15:23 2020 +0300 x509: generify oid to str conversions Make oid to name conversion functions generic enough by allowing caller to specify a pointer to OID table. Signed-off-by: Dmitry Baryshkov Author: Anderson Toshiyuki Sasaki Date: Mon May 4 18:23:45 2020 +0200 accelerated: use AES-NI for AES-XTS when available This introduces a wrapper for the CRYPTOGAMS AES-XTS implementation already present in the generated assembly code. Signed-off-by: Anderson Toshiyuki Sasaki Author: Anderson Toshiyuki Sasaki Date: Fri Mar 20 16:37:33 2020 +0100 gnutls-cli: Add option to wait for resumption data This introduces the --waitresumption command line option which makes the client to wait for the resumption data until a ticket is received under TLS1.3. The client will block if no ticket is received. The new option has no effect if the option --resume is not provided. This is useful to force the client to wait for the resumption data when the server takes long to send the ticket, allowing the session resumption to be tested. This is a common scenario in CI systems where the testing machines have limited resources. Signed-off-by: Anderson Toshiyuki Sasaki Author: Anderson Toshiyuki Sasaki Date: Tue May 5 19:27:59 2020 +0200 benchmark: enable AES-XTS cipher Signed-off-by: Anderson Toshiyuki Sasaki Author: Daiki Ueno Date: Fri Aug 16 17:01:05 2019 +0200 nettle: disable RSA blinding in FIPS selftests Nettle's RSA signing, encryption and decryption functions still require randomness for blinding, so fallback to use a fixed buffer in selftests where entropy might not be available. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 26 19:27:11 2020 +0200 nettle: expose SIV-CMAC through the AEAD interface This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}* functions. Note that they can only used with the AEAD interface and authentication tags are prepended (not appended) to the ciphertext. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 26 19:27:05 2020 +0200 nettle: vendor in SIV-CMAC implementation Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 26 19:26:57 2020 +0200 nettle: avoid manual backports of CFB8, CMAC, and XTS Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 26 19:26:48 2020 +0200 nettle: rename import-chacha-from-nettle.sh to import-from-nettle.sh This script will handle other backports except ECC as well. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 26 19:26:36 2020 +0200 configure.ac: fix broken nettle_cfb8_decrypt detection Given the fixed version of the function will be part of Nettle 3.6, use pkg-config --atleast-version instead of a manually comparison of the Nettle version. Fixes #974. Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Wed Apr 29 12:41:52 2020 +0200 New make target 'update-copyright-year' We don't want to automatically update the copyright year as this prevents reproducible builds. Instead, 'make update-copyright-year' has to be executed at the start of each new year and the changes have to be pushed. Closes #980 Signed-off-by: Tim Rühsen Author: Dmitry Baryshkov Date: Wed Apr 29 20:43:23 2020 +0300 tests/prime-check: don't include gmp.h Do not include gmp.h header, conflicts with it in mini-gmp configuration and includes this header on it's own in non-mini-gmp config. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue Apr 28 17:45:40 2020 +0300 tests/srp: increase timeouts SRP test times out if running on the GitLab CI with mini-gmp version of Nettle. Increase timeouts to let the test pass. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue Apr 28 15:48:29 2020 +0300 CI: add nettle-mini-gmp test Wget/Wget2 OSS-Fuzz builders use mini-gmp version of nettle. Check that we do not break them occasionally. Signed-off-by: Dmitry Baryshkov Author: Daiki Ueno Date: Thu Apr 30 07:05:19 2020 +0200 doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip] For RSA-PSS, this flag alone doens't fully enable reproducible signatures and the user needs to indicate the fact that a zero-length salt is used through SPKI upon verification. Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Tue Apr 28 03:06:26 2020 +0300 gost: use gostdsa-vko from nettle 3.6rc3 Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko), use this function from imported nettle sources. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue Apr 28 13:59:15 2020 +0300 nettle: update imported source to nettle 3.6rc3 Update imported nettle version to 3.6rc3. This will bring in updated gmp-glue code and a possiblity to use gostdsa-vko imported from nettle sources. Signed-off-by: Dmitry Baryshkov Author: Daiki Ueno Date: Mon Apr 6 14:37:53 2020 +0200 fips: check library soname during configure Previously, we hard-coded the sonames of linked libraries for FIPS integrity checking. That required downstream packagers to manually adjust the relevant code in lib/fips.c, when a new interface version of the dependent libraries (nettle, gmp) becomes available and linked to libgnutls. This patch automates that process with the configure script. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Mar 27 09:53:38 2020 +0100 gnutls_session_ext_register: keep track of extension name Previously it discarded the name argument, and that was making the debug output awkward, e.g., running tests/tls-session-ext-register -v: client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/242) for 'client hello' client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/241) for 'client hello' client|<4>| EXT[0x9cdc20]: Sending extension (null)/241 (2 bytes) Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Sun Feb 16 00:28:43 2020 +0300 gost: update gostdsa_vko to follow Nettle Update gostdsa_vko() following changes going to be accepted into Nettle. Signed-off-by: Dmitry Baryshkov Author: Daiki Ueno Date: Tue Apr 21 16:29:41 2020 +0200 gnutls_ext_get_name2: new function This adds a generalized version of gnutls_ext_get_name, which can retrieve the name of the extension, even if it is registered per session. Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Thu Apr 16 18:49:22 2020 +0300 build: attempt to fix build issues on FreeBSD BSD sed does not like \n and \0 in string substitution. Workaround this by using sed magic. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Wed Apr 15 18:49:26 2020 +0300 gitlab CI: when calling cppcheck ignore lib/nettle/ecc rather than lib/nettle/curve448 Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue Apr 14 14:17:07 2020 +0300 gitlab-ci: add test for usage of nettle/hogweed internal symbols Check that GnuTLS does not depend on Nettle/Hogweed internal symbols. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue Apr 14 13:47:43 2020 +0300 nettle: vendor in poly1305 code Nettle's poly1305 code ended up with internal symbol _poly1305_block in public header. This causes issues on Nettle version changes. Since those symbols are going to become nettle-internal, vendor in relevant source file. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon Apr 13 17:54:28 2020 +0300 gost: import _nettle_write_le32 to stop using Nettle's internal symbol Remove another dependency on nettle internal symbol by vendoring in _nettle_write_le32 code Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon Apr 13 17:06:06 2020 +0300 nettle: use new imported source files for GOST DSA Provide GOST support using source files copied by script rather than manually crafted by me. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon Apr 13 16:11:02 2020 +0300 build: import-curve448 -> import-ecc As the script now imports not just Curve448, but also gost code, rename the script, target directory and symbols to follow that. Signed-off-by: Dmitry Baryshkov Author: Daiki Ueno Date: Sat Apr 11 15:28:29 2020 +0200 xts: check key blocks according to FIPS-140-2 IG A.9 The implementation guidance suggests that a check of key1 != key2 should be done at any place before the keys are used: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Mon Apr 13 16:08:29 2020 +0300 devel: modify curve448 script to import gost sources Curve448 script already imports several ecc sources into GnuTLS tree. Modify it to also vendor in GOST-related ecc files. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon Apr 13 12:43:42 2020 +0300 import-chacha: fix several additional symbol clashes Fix sed script used to rename symbols to remove few additional symbols sitting in _nettle_FOO namespace. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon Apr 13 12:59:12 2020 +0300 curve448: import write-le64.c which defines internal symbol Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon Apr 13 12:43:42 2020 +0300 import-curve448: fix several additional symbol clashes Fix sed script used to rename symbols to remove few additional symbols sitting in _nettle_FOO namespace. Signed-off-by: Dmitry Baryshkov Author: Daiki Ueno Date: Mon Mar 30 11:27:40 2020 +0200 handshake-tls13: add session flag to disable sending session tickets While GnuTLS by default implicitly sends NewSessionTicket during handshake, application protocols like QUIC set a clear boundary between "in handshake" and "post handshake", and NST must be sent in the post handshake state. Signed-off-by: Daiki Ueno Author: Bernhard M. Wiedemann Date: Sun Apr 5 15:09:57 2020 +0200 tests: Fix status-request-revoked after 2020-10-24 included certs expire 2020-10-24 so this test fails after that date. Fixes #967 This patch was done while working on reproducible builds for openSUSE. Signed-off-by: Bernhard M. Wiedemann Author: Daiki Ueno Date: Tue Mar 31 06:58:48 2020 +0200 build: use valgrind client request to detect undefined memory use This tightens the check introduced in ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client request to explicitly mark the "uninitialized but initialization is needed before use" regions. With this patch and the fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see the following error when running dtls_hello_random_value under valgrind: $ valgrind ./dtls_hello_random_value testing: default ==520145== Conditional jump or move depends on uninitialised value(s) ==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90) ==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215) ==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332) ==520145== by 0x488FC7E: send_client_hello (handshake.c:2290) ==520145== by 0x48902A1: handshake_client (handshake.c:2908) ==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740) ==520145== by 0x402CB3: client (dtls_hello_random_value.c:153) ==520145== by 0x402CB3: start (dtls_hello_random_value.c:317) ==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331) ==520145== by 0x4023D4: main (utils.c:254) ==520145== Signed-off-by: Daiki Ueno Author: Pierre Ossman Date: Tue Mar 24 15:32:13 2020 +0100 Compare DNs by comparing their string representations A binary comparison will not work in case the contents is the same but the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such variations are permitted so we need to handle them. Signed-off-by: Pierre Ossman Author: Pierre Ossman Date: Tue Mar 24 15:29:34 2020 +0100 Properly compare DNs when checking sorting We might want to do other things than a simple memcmp() so make sure we're using the right helper when comparing DNs. Signed-off-by: Pierre Ossman Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 16:58:07 2020 +0200 IDNA: require libidn2 2.0.0 We require private symbols which dissapear at some point in IDN2 releases in order to support old versions of libidn2. Simplify the code by requiring only recent versions and avoid issues such as #832. Resolves: #832 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 07:40:21 2020 +0200 NEWS: updated for release Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 20:52:36 2020 +0200 NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 20:52:27 2020 +0200 bumped version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 29 21:30:37 2020 +0200 NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 29 21:30:37 2020 +0200 tests: added check for random value of client and server hello in TLS This creates a tests that checks whether the TLS client and server hello have sufficient non-zero bytes. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 29 19:05:30 2020 +0200 tests: added reproducer for client hello random value behavior in DTLS This adds an equivalent test of tls13/hello_random_value.c for DTLS and extends the tests for server hello as well. Relates: #960 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 08:23:03 2020 +0200 psk: added checks to satisfy static analyzers Added null checks in legacy callbacks to avoid warnings from static analyzers. The issues do not appear to be reproducible in real-world use. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Sat Mar 28 02:31:10 2020 +0300 padlock: fix exception in wrap_padlock_hash_fast wrap_padlock_hash_fast() allocates a context on a stack (via local variable) then tries to free it by calling wrap_padlock_hash_deinit() causing a crash. Remove a call to deinit() to fix a crash. Fixes #930 Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Sat Mar 28 02:29:31 2020 +0300 padlock: fix exception in sha code padlock sha code will segfault (at least on Nano) if it is passed a NULL data pointer (even if size is 0). Pass digest output buffer as a dummy data pointer in such case. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Sat Mar 28 02:27:31 2020 +0300 padlock: make cbc code return error properly If underlying padlock_cbc_en/decrypt return an error, pass this error to calling code. Signed-off-by: Dmitry Baryshkov Author: Stefan Bühler Date: Fri Mar 27 17:17:57 2020 +0100 dtls client hello: fix zeroed random (fixes #960) This broke with bcf4de03 "handshake: treat reply to HRR as a reply to hello verify request", which failed to "De Morgan" properly. Signed-off-by: Stefan Bühler Author: Anderson Toshiyuki Sasaki Date: Tue Mar 24 09:55:08 2020 +0100 gnutls-serv: Do not exit when a message to be echoed is received Previously, when gnutls-serv was executed with the --echo option, it would exit when a message to be echoed was received. Moreover, the server would output "Memory error" although no error occurred. Signed-off-by: Anderson Toshiyuki Sasaki Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 11:23:47 2020 +0100 _gnutls_check_id_for_change: ensure that we check the username length Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 10:01:53 2020 +0000 Ensure that an incorrectly formatted password file doesn't cause invalid memory access Signed-off-by: Nikos Mavrogiannopoulos Author: Ander Juaristi Date: Sun Mar 15 23:31:49 2020 +0100 Update NEWS file Signed-off-by: Ander Juaristi Author: Ander Juaristi Date: Tue Mar 3 11:49:32 2020 +0000 Update files Signed-off-by: Ander Juaristi Author: Ander Juaristi Date: Mon Mar 2 16:37:10 2020 +0100 psk: Allow non-NULL PSK usernames This commit closes #586. Two new functions are introduced: gnutls_psk_server_get_username2() and gnutls_psk_set_client_username2(), which are identical in behavior to those named similarly (without the final '2'), but allow arbitrary gnutls datums (not strings) to be used as usernames. Two new callback functions are also introduced, with their respective setters: gnutls_psk_set_server_credentials_function2() and gnutls_psk_set_client_credentials_function2(). In addition, the password file format is extended so that non-string usernames can be specified. A leading '#' character tells GnuTLS that the username should be interpreted as a raw byte string (encoded in HEX). Example: #deadbeef:9e32cf7786321a828ef7668f09fb35db Signed-off-by: Ander Juaristi's avatarAnder Juaristi Author: Daniel Lenski Date: Sun Mar 22 19:12:44 2020 -0700 add NEWS entry Signed-off-by: Daniel Lenski Author: Daniel Lenski Date: Sun Mar 22 19:01:55 2020 -0700 add additional tests of SSL 3.0 (with extensions, and with cipher suites not in SSL 3.0) See #958 Signed-off-by: Daniel Lenski Author: Daniel Lenski Date: Sun Mar 22 19:00:32 2020 -0700 test_ssl3: minimize cipher suites to those actually included in SSL 3.0 See #958 Signed-off-by: Daniel Lenski Author: Daniel Lenski Date: Sun Mar 22 18:58:26 2020 -0700 SSL 3.0 (RFC6101) doesn't actually appear to require extensions, and some servers don't accept them See #958 Signed-off-by: Daniel Lenski Author: Daiki Ueno Date: Sun Mar 22 10:44:51 2020 +0100 gnutls_session_get_keylog_function: new function This adds a way to retrieve the keylog function set by gnutls_session_set_keylog_function() to allow application protocols to implement custom logging facility. Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Sun Mar 22 16:07:12 2020 +0300 oss-fuzz: return build error if fuzzers have failed to build Instead of silently ignoring build errors and running fewer fuzzers, exit on the first build error. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Sun Mar 22 16:05:40 2020 +0300 oss-fuzz: use CC rather than CXX to compile fuzzers clang++ will choke on several fuzzer sources because C++ is stricter than C wrt. type conversion: gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned int' in initializer list [-Wc++11-narrowing] gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size}; Signed-off-by: Dmitry Baryshkov Author: Tim Rühsen Date: Thu Mar 19 17:49:11 2020 +0100 fuzz: Update README.md for clang-9 [skip ci] Signed-off-by: Tim Rühsen Author: Daiki Ueno Date: Sun Mar 15 11:18:30 2020 +0100 state: add function to get the current hash algorithm This is particularly useful when the application applies key derivation function by itself with the same underlying hash algorithm as the session. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Mar 14 09:53:31 2020 +0100 abi: add enum values for GNUTLS_CIPHER_CHACHA20_* Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Mar 14 06:09:56 2020 +0100 cipher: allow setting ChaCha20 initial block counter This also introduces GNUTLS_CIPHER_CHACHA20_32, which is a 96-bit nonce variant of GNUTLS_CIPHER_CHACHA20_64. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Mar 13 17:24:26 2020 +0100 nettle: vendor in ChaCha20 implementation from nettle This enables to use bundled ChaCha20 implementation if the system nettle doesn't have nettle_chacha_set_counter. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Mar 14 06:01:49 2020 +0100 cipher: expose raw ChaCha20 cipher Signed-off-by: Daiki Ueno Author: Anderson Toshiyuki Sasaki Date: Wed Mar 18 16:17:39 2020 +0100 global: Load configuration after FIPS POST Previously, if the loaded configuration file disabled an algorithm tested during FIPS-140 power-on self-tests, the test would fail. By loading the configuration file after the test is finished, such failure is avoided as any algorithm is allowed during the tests. Signed-off-by: Anderson Toshiyuki Sasaki Author: Jakub Jelen Date: Wed Mar 11 18:31:49 2020 +0100 Validate EC_PARAMS for EdDSA keys Signed-off-by: Jakub Jelen Author: Jakub Jelen Date: Fri Mar 6 13:41:25 2020 +0100 pubkey: Validate input parameters in pubkey_import_ecc_raw Signed-off-by: Jakub Jelen Author: Jakub Jelen Date: Fri Feb 28 18:50:53 2020 +0100 tests: Verify writing and reading of ECDSA public keys from PKCS#11 Signed-off-by: Jakub Jelen Author: Jakub Jelen Date: Fri Feb 28 18:45:14 2020 +0100 tests: Verify writing and reading of EdDSA public keys Signed-off-by: Jakub Jelen Author: Jakub Jelen Date: Fri Feb 28 18:40:42 2020 +0100 pkcs11_write: Copy data to avoid double-free crashes and properly encode EC_POINT attribute Signed-off-by: Jakub Jelen Author: Nikos Mavrogiannopoulos Date: Sat Mar 14 23:15:45 2020 +0100 .lgtm.yml: work around issues in LGTM system This disables dependency tracking and removes the gnulib tests to work-around a failure build gl/. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 12 20:46:58 2020 +0100 bootstrap.conf: do not bring tests in gnulib clones (src/unistring) These tests are not being run, and they can cause issues as in !1208. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 14 22:39:05 2020 +0100 .lgtm.yml: no longer bring nettle from master The system used has already a sufficiently recent version. Signed-off-by: Nikos Mavrogiannopoulos Author: Anderson Toshiyuki Sasaki Date: Thu Apr 4 15:45:02 2019 +0200 crypto-selftests-pk.c: Use deterministic signatures in test_known_sig() Use deterministic signatures for ECDSA and DSA in test_known_sig(). Do not call test_known_sig() for non-deterministic algorithms. Do not run PK_TEST() for algorithms tested with PK_KNOWN_TEST(). The deterministic algorithms are used if in FIPS-140 POST or if FIPS-140 mode is disabled. When called explicitly with FIPS-140 mode enabled, the pairwise-consistency test (PK_TEST()) is used instead. test_known_sig() was modified to support only deterministic algorithms. The "deterministic" parameter was replaced with the "flags" parameter through which the flags to be used in gnutls_privkey_sign_data() are passed. The hard-coded values for the ECDSA and DSA signatures were replaced with the values corresponding to the deterministic signatures to be used in known answer tests. The unused values for GOST signatures were removed. Signed-off-by: Anderson Toshiyuki Sasaki Author: Anderson Toshiyuki Sasaki Date: Thu Mar 5 15:54:06 2020 +0100 crypto-selftests-pk.c: Use specified key in test_sig() Previously, test_sig() would use the same key regardless the value provided in bits parameter. The changes introduced make test_sig() to choose the key according to the value provided in bits. For RSA, only 2048 bits key is available for testing. The calls were adjusted accordingly. Introduced 2048 bits DSA key in test_sig(). Removed unused 512 bits key, leaving only the 2048 bits key available. For GOST, use the same keys for test_sig() and test_known_sig(). Remove the unused keys. Reorder constant values and change variables names for better readability. Signed-off-by: Anderson Toshiyuki Sasaki Author: Daiki Ueno Date: Mon Mar 16 11:09:29 2020 +0100 tests/sign-is-secure: fix off-by-one error Reported by Peter Dettman in: https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Mar 16 11:03:41 2020 +0100 algorithms: properly calculate hash strength for Ed448 The Ed448 signature scheme internally uses XOF (SHAKE256) as the hash function with 114-octet output. According to FIPS-202, the strength against collisions is calculated as: min(114*8/2, 256) = 256 Reported by Peter Dettman in: https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538 Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Thu Mar 12 12:56:37 2020 +0300 lib/x509: use common routine for parsing data version OSS Fuzzer noted an issue in parsing (incorrect) CRL files with zero-length version field. Certificate parser does not have this issue, while CRL and OCSP Request and Response parsers shows this problem. To remove code duplication extract common function and use it from all four parsers. Signed-off-by: Dmitry Baryshkov Author: Anderson Toshiyuki Sasaki Date: Thu Apr 4 17:22:04 2019 +0200 crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST Previously, when multiple tests where declared in sequence using one of the macros, only the first test would be executed. This happened because a check for the GNUTLS_SELF_TEST_FLAG_ALL was embedded in the macro. To allow more than one test to be executed in sequence, the check for the flag was removed from both macros. To keep the previous behaviour (execute only the first test) the check for the flag was moved to be after the first test, except for RSA since the RSA encryption test must be executed in FIPS mode. Signed-off-by: Anderson Toshiyuki Sasaki Author: Anderson Toshiyuki Sasaki Date: Wed Apr 3 13:40:04 2019 +0200 crypto-selftests-pk.c: Move hardcoded values to the top Signed-off-by: Anderson Toshiyuki Sasaki Author: Dmitry Baryshkov Date: Tue Mar 10 22:42:02 2020 +0300 x509: apply same fix to print_crq Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue Mar 10 22:41:54 2020 +0300 x509: apply same fix to print_crl Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue Mar 10 12:12:36 2020 +0300 x509: drop endless loop in print_extensions If crq is malformed in extensions part, print_extensions() might loop endlessly because gnutls_x509_crq_get_extension_info would return unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather than bailing out. Fix this by handling this error code properly. Found thanks to oss-fuzz. Signed-off-by: Dmitry Baryshkov Author: Daiki Ueno Date: Sat Feb 29 17:01:10 2020 +0100 lib: use static assertion to check enum values We previously had checks of enum values with '#if', such as below: #define GNUTLS_EXTENSION_MAX_VALUE 31 typedef enum extensions_t { ... GNUTLS_EXTENSION_MAX /* not real extension - used for iterators */ } extensions_t; /* we must provide at least 16 extensions for users to register */ #if GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX < 16 # error not enough extension types #endif This doesn't work as expected; because GNUTLS_EXTENSION_MAX is not defined as a preprocessor macro, it always expands to 0. To properly do this check, we need to use static assert as provided as the 'verify' macro in gnulib. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Mar 1 10:16:08 2020 +0100 hello_ext: use 64-bit integer to track extensions We currently have 26 predefined extensions, allowing the user to define 5 extra as tested in tests/handshake-large-packet.c. However, if we introduce one more, session->internals.used_exts exceeds. Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Sat Mar 7 01:05:45 2020 +0300 fuzz: add simple x509 certificate requests and revocation lists fuzzers Add x509 certificate requests and certificate revocation lists fuzzers. Use data from tests/cert-tests as a starting seed for the corpora. Fixes #903 Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Sat Mar 7 01:09:55 2020 +0300 lib/x509/output.c: remove occasioinal memory leak in print_issuer_sign_tool() Remove memory leak in error handling in print_issuer_sign_tool() by moving asn1_delete_structure to the end of the function. Signed-off-by: Dmitry Baryshkov Author: Nikos Mavrogiannopoulos Date: Mon Mar 2 20:28:21 2020 +0100 RELEASES.md: describe the release process Signed-off-by: Nikos Mavrogiannopoulos Author: Jakub Jelen Date: Fri Feb 28 16:18:58 2020 +0100 Add support for loading EdDSA keys from PKCS#11 and using them Signed-off-by: Jakub Jelen Author: Ross Nicholson Date: Sun Feb 23 07:55:43 2020 +0000 Adding missing macosx directory for aarch64 acceleration Signed-off-by: Ross Nicholson Author: Daiki Ueno Date: Fri Feb 21 16:38:29 2020 +0100 keylogfile: simplify the callback mechanism This partially reverts commit 97117556 with a simpler interface. The original intention of having the callback mechanism was to reuse it for monitoring QUIC encryption changes. However, it turned out to be insufficient because such changes must be emitted after a new epoch is ready. Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Fri Feb 21 13:14:48 2020 +0100 Add valgrind suppression for fun:decode_complex_string.isra.0 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Feb 21 13:14:03 2020 +0100 Add --gen-suppressions=all to valgrind to iautomatically generate suppression rules Signed-off-by: Tim Rühsen Author: Dmitry Baryshkov Date: Tue Feb 18 14:35:37 2020 +0300 lib: drop unused pbkdf2 helpers Updated pbkdf2 API in GnuTLS removed the need for PBKDF2 helpers, drop them now. Signed-off-by: Dmitry Baryshkov Author: Fiona Klute Date: Sat Feb 8 23:47:17 2020 +0100 gnutls-cli: Add option to store all stapled OCSP responses Note that there's a small modification to the behavior of the existing --ocsp-save option: If there is no stapled OCSP response the output file is still created and will be empty. Signed-off-by: Fiona Klute Author: Tim Rühsen Date: Sat Feb 8 18:04:27 2020 +0100 TravisCI: Add bison [skip ci] The latest gnulib needs a newer bison than TravisCI OSX has. Signed-off-by: Tim Rühsen Author: Daiki Ueno Date: Sun Feb 2 08:13:50 2020 +0100 keylogfile: generalize with a callback This refactors the keylogfile mechanism by adding a callback to get notified when a new secret is derived and installed. That way, consumers can implement custom logging feature per session, which is particularly useful in QUIC implementation. Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Fri Feb 7 16:55:11 2020 +0100 .lgtm.yml: Fix --disable-documentation to --disable-doc [skip ci] Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Feb 6 16:48:48 2020 +0100 cfg.mk: Exclude sc_prohibit_gnu_make_extensions from syntax-check This new gnulib check does not work with GNU awk 5.0.1 and GNU make 4.2.1. References: https://lists.gnu.org/archive/html/bug-gnulib/2019-05/msg00095.html https://lists.gnu.org/archive/html/bug-gnulib/2019-06/msg00040.html https://lists.gnu.org/archive/html/bug-gnulib/2019-07/msg00046.html Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Feb 6 15:52:50 2020 +0100 Update gnulib to fix building on OSX 10.9 Fixes #926 Signed-off-by: Tim Rühsen Author: Dimitri John Ledkov Date: Tue Jan 14 15:14:59 2020 +0000 testcompat-openssl: improve testing against secured OpenSSL versions. In Debian, and soon Ubuntu, OpenSSL is compiled with SECLEVEL=2 and requiring minimum TLSv1.2. However, smaller hashes/keys/versions are allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos, and thus enabling testing more compatability combinations. Signed-off-by: Dimitri John Ledkov Author: Dmitry Baryshkov Date: Wed Feb 5 16:06:30 2020 +0300 nettle/gost: gost28147: require calling set_param before set_key Require selecting parameter set before setting the key. There is no need to provide default setting, if a param is always selected anyway. Signed-off-by: Dmitry Baryshkov Author: Daiki Ueno Date: Mon Feb 3 05:18:29 2020 +0100 tests: skip pkcs12-gost under GNUTLS_FORCE_FIPS_MODE The MAC algorithm used in the PBKDF2 is actually prohibited in the FIPS mode and previously there wasn't a check for that. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 2 17:58:56 2020 +0100 privkey_pkcs8: remove unused #include Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 2 17:57:37 2020 +0100 pkcs7-crypt: refactor using gnutls_pbkdf2 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 2 16:15:51 2020 +0100 pkcs12: refactor using gnutls_pbkdf2 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 2 16:00:56 2020 +0100 secrets: refactor using gnutls_hkdf_{extract,expand} Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Feb 2 14:44:05 2020 +0100 crypto-api: add generic crypto functions for KDF This exposes HKDF and PBKDF2 functions from the library. Instead of defining a single KDF interface as in PKCS #11, this patch defines 3 distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2 derivation, so that we can take advantage of compile time checking of necesssary parameters. Signed-off-by: Daiki Ueno Author: Michael Catanzaro Date: Sun Feb 2 09:47:25 2020 -0600 session_pack: fix leak in error path If called at the wrong time, it allocates the buffer sb and forgets to clear it. Signed-off-by: Michael Catanzaro Author: Nikos Mavrogiannopoulos Date: Sat Feb 1 23:09:01 2020 +0100 .mailmap: map Dmitry's email to a single name [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 1 23:02:55 2020 +0100 NEWS: fixed issue number for 448 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 1 22:54:13 2020 +0100 NEWS: refactored for release Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 1 22:44:41 2020 +0100 hooks.m4: bumped so-version Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Jan 29 20:00:53 2020 +0300 nettle/gost: support use GOST DSA support from master branch Use GOST DSA and GOST curves provided by Nettle's master branch. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Tue Jan 28 13:05:14 2020 +0300 pkcs12: do not go try calculating pbkdf2 with 0 iterations Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to GnuTLS PKCS12 GOST code to check that iter is not 0. Signed-off-by: Dmitry Baryshkov Author: Bjoern Jacke Date: Mon Jan 27 19:40:53 2020 +0100 add support for local threads with studio and ibm compilers Signed-off-by: Bjoern Jacke Author: Nikos Mavrogiannopoulos Date: Sun Jan 26 21:45:29 2020 +0100 tlsfuzzer: optimized tests for CI and enabled x448 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 26 21:32:18 2020 +0100 tlsfuzzer: fix test-tls13-large-number-of-extensions.py This test requires a TLS-1.3-only server as its tests clash with extensions supported by a TLS-1.2 server. Ensure that the extensions that overlap with TLS-1.2 are not manipulated as we don't have a pure TLS-1.3-only implementation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 21 10:32:59 2020 +0100 GOSTR341194: mark as insecure for digital signatures Although there are no practical attacks known on the algorithm, the practical strength of the algorithm is weaker than the theoritical. In addition this algorithm is already considered legacy, and as such mark it as insecure for digital signatures to reduce the attack surface. Relates: #909 Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sun Jan 26 18:39:18 2020 +0100 Avoid pushd/popd bashism in testsuite Signed-off-by: Andreas Metzler Author: Tim Rühsen Date: Mon Jan 20 11:48:50 2020 +0100 tests/key-material-dtls.c: Try again on GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED This fixes issues on the CI cross-runners with 'make -jN', N > 1. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sat Jan 4 14:37:46 2020 +0100 Use make with crafted -j for CI builds and tests This speeds up the Gitlab CI runners. E.g. measured timings of the Debian.x86_64 runner show ~40% speedup (down from 38 to 23 minutes). Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sat Jan 25 22:28:32 2020 +0100 tests: updated tlsfuzzer tests to latest version This adds new tests, reduces running time, and removes test-tls13-obsolete-curves.py. The latter introduced too pendantic tests on curves we don't implement, and requires significant changes to passing with limited benefit. For example it requires the server to error on mismatching entries (and we simply ignore them). As its value is low (we do not target to be a reference implementation for testing broken clients), it was removed. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jan 25 22:02:48 2020 +0100 key shares: avoid using internal errors On unknown curves or illegal parameters, make sure we return the right error code which will translate to the appropriate alert. Resolves: #907 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 24 23:12:07 2020 +0100 fuzz: fixed Ed448 fuzzer traces The fuzzer files for ed448 were the reverse for client and server. Enhanced the fuzzer tools to run a single fuzzer, and added more clear documentation on how to generate and manually test the fuzzer outputs. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 24 23:11:34 2020 +0100 README-adding-traces.md: updated with more precise information Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 24 22:57:49 2020 +0100 fuzzers: added ed448 keys Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Sat Jan 25 11:18:09 2020 +0100 Create files in gl/ licenced lgpl2+ instead of lgpl3+ Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Fri Jan 24 22:53:50 2020 +0100 fuzzers: when provided with a parameter they will run on a single file Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Fri Jan 24 22:04:41 2020 +0300 .gitlab-ci.yml: remove --disable-gost from nettle-master test Remove --disable-gost switch from the test using Nettle's master branch as GnuTLS is now compatible again with nettle/master. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Thu Jan 23 13:07:23 2020 +0300 lib/nettle/gost: restore compatibility with nettle master Use newer format of ecc curve data if curve448 support is detected. Signed-off-by: Dmitry Baryshkov Author: Nikos Mavrogiannopoulos Date: Fri Jan 24 16:38:15 2020 +0100 .gitlab-ci.yml: force running jobs on linux runners There are shared windows runners in gitlab, that will fail running our jobs. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu Jan 23 16:25:43 2020 +0100 fuzz: import key, certificate, and traces using Ed448 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 22 05:25:19 2020 +0100 tlsfuzzer: enable tests for X448 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jan 20 11:17:51 2020 +0100 .gitlab-ci.yml: set WINEPATH to allow eccdata run under Wine Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 19 12:13:48 2020 +0100 .gitlab-ci.yml: export LDFLAGS throughout the FreeBSD build Otherwise the build process wouldn't be able to find -lgmp. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jan 13 11:35:15 2020 +0100 .gitlab-ci.yml: add target to build against nettle master This is similar to the build/gnutls target in nettle's own gitlab CI. The only difference is that this will build/test all branches of GnuTLS against the master branch of nettle. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Apr 22 08:27:43 2019 +0200 algorithms: implement X448 key exchange and Ed448 signature scheme Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Apr 21 21:13:30 2019 +0200 nettle: vendor in Curve448 and Ed448 implementation Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Wed Jan 15 11:05:31 2020 +0100 tls13: request OCSP responses as a server The TLS1.3 protocol requires the server to advertise an empty OCSP status request extension on its certificate verify message for an OCSP response to be sent by the client. We now always send this extension to allow clients attaching those responses. Resolves: #876 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Mon Jan 20 15:08:04 2020 +0300 x509: add OGRNIP DN entry definition used by qualified GOST certificates Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Wed Nov 6 15:14:48 2019 +0300 x509: include digestParamSet into GOST 512-bit curves A and B params Old implementations do not understand PublicKeyParams with omitted digestParamSet. So include the field for old 512-bit curves to improve compatibility with old implementations. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Jan 20 03:16:56 2020 +0300 fuzz in gost pkcs7/8/12 files Add several examples of PKCS#7/#8/#12 files using GOST keys, ciphers and digest functions. Signed-off-by: Dmitry Baryshkov Author: Dmitry Baryshkov Date: Mon Jan 20 03:11:08 2020 +0300 pkcs12: use correct key length when using STREEBOG-512 PKCS#12 files using GOST HMAC (GOST R 34.11-94 and Streebog) use special function to generate MAC key. Pass correct key length (fixed to be 32) when generating PKCS#12 files protected with Streebog (currently it incorrectly uses 64 there). Signed-off-by: Dmitry Baryshkov Author: Nikos Mavrogiannopoulos Date: Fri Jan 17 21:34:45 2020 +0100 gnutls-cli-debug: ignore tests when algorithms are unavailable When gnutls-cli-debug is run on systems where a particular algorithm is disabled, ensure that we don't stop the testing; in that case we ignore the test. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 15 14:44:22 2020 +0100 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 15 09:46:38 2020 +0100 tls13: do not send OCSP responses as client without server requesting In client side ensure we see a request for OCSP from servers before sending one. Relates: #876 Signed-off-by: Nikos Mavrogiannopoulos Author: Dimitri John Ledkov Date: Tue Jan 7 11:32:37 2020 +0000 libgnutls: Add system-wide default-priority-string override. Signed-off-by: Dimitri John Ledkov Author: Dmitry Baryshkov Date: Mon Jan 13 01:20:28 2020 +0300 lib: fix _kx_priority_gost termination item Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Jan 12 19:24:51 2020 +0300 tests/priorities: add tests for GOST ciphersuites enablement Add test counting GOST ciphersuites and ciphers available. Signed-off-by: Dmitry Eremin-Solenikov Author: Fiona Klute Date: Sat Jan 11 21:16:50 2020 +0100 gnutls-cli: Log all stapled OCSP responses when running with --verbose Signed-off-by: Fiona Klute Author: Dmitry Baryshkov Date: Fri Jan 10 14:17:44 2020 +0300 pk: set generated key algo before calling pct_test In wrap_nettle_pk_generate_keys() set params->algo before calling pct_test() as GOST sign/verify use that field. Reported-by: Daiki Ueno Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Jan 10 14:16:56 2020 +0300 CI: FIPS140-2 run make check without enforcing FIPS mode Some distributions might enable --enable-fips140-mode, without actually enabling/enforcing FIPS at runtime. Catch issues in such configurations (reported by Daiki Ueno). Signed-off-by: Dmitry Eremin-Solenikov Author: Daiki Ueno Date: Tue Jan 7 11:24:01 2020 +0100 tests: add test for revoked OCSP response This adds a test that exercises a failed handshake upon receipt of an OCSP response with the "revoked" status. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 8 16:01:38 2020 +0100 ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation This makes the OCSP based certificate verification adhere to the convention used throughout the library: "The 'GNUTLS_CERT_INVALID' flag is always set on a verification error and more detailed flags will also be set when appropriate." Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Wed Jan 8 22:17:55 2020 +0300 NEWS: expand documentation for GOST priority strings Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly added GOST shortcuts. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Jan 8 22:11:51 2020 +0300 priority: make priority matching less error-prone To remove possibility of using wrong length or using strncasecmp() instead of c_strncasecmp() define PRIO_MATCH(name) macro taking care about all details. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Jan 8 22:07:19 2020 +0300 priority: add new GOST-ALL shortcut Add GOST-ALL as an alias for CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL and GROUP-GOST-ALL. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Jan 8 22:03:44 2020 +0300 priority: add more GOST shortcuts Add shortcuts for GOST ciphers, MACs and KXes. For now they contain only one item, but this list will be expanded as support for GOST-CTR-ACPKM ciphersuites will be added. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Jan 8 21:10:55 2020 +0300 lib/priority: add SIGN-GOST-ALL keyword Add SIGN-GOST-ALL keyword containing all defined GOST signature algorithms. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Thu Jan 9 13:03:10 2020 +0100 doc: clarify thread safeness in gnutls_global_init() This documents and clarifies the thread safeness of gnutls_global_init() and its constraints. Resolves: #900 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Jan 8 20:22:11 2020 +0300 lib/priority: use c_strncasecmp() for string comparison Use c_strncasecmp() instead of just strncasecmp() which can be affected by locale. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Jan 8 21:31:32 2020 +0300 doc: document GOST priority options Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Jan 8 21:37:28 2020 +0300 doc: document GOST cipher and MAC algorithms Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Jan 8 22:08:14 2020 +0300 priority: fix GROUP-GOST-ALL comparison length Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Sat Jan 4 13:38:01 2020 +0100 tests: replace invalid extension OIDs with valid ones libtasn1 4.15.0 or earlier allow encoding and decoding of invalid OIDs, but more recent versions may stop accepting them. Ensure that our test suite includes OIDs which can be decoded by all versions of libtasn1. Relates: https://gitlab.com/gnutls/libtasn1/issues/25 Signed-off-by: Nikos Mavrogiannopoulos Author: Dimitri John Ledkov Date: Mon Jan 6 09:41:27 2020 +0000 tests/Makefile.am: use absolute top_srcdir for GNUTLS_PRIORITY_FILE Some tests, e.g. in suite/tls-fuzzer execute scripts from sub-directories, making the relative path to system.prio in the environment pointing to a non-existent file. Export system.prio testsuite file as an absolute path to avoid this issue. Signed-off-by: Dimitri John Ledkov Author: Nikos Mavrogiannopoulos Date: Fri Jan 3 20:21:07 2020 +0100 doc: updated epub.texi from gnutls.texi Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 3 16:58:04 2020 +0100 .gitlab-ci.yml: identify on runtime to db2epub directory Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Fri Jan 3 13:17:28 2020 +0100 Remove && command concatenation in .gitlab-ci.yml As it turns out, `set -e` doesn't work if one of the commands fail, maybe except the last command. Seen, tested and reproduced on Fedora28 image. Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Fri Jan 3 13:55:09 2020 +0100 .gitlab-ci.yml: merged ASAN and UBSAN runs This in addition to merging the two CI runs, it also attempts to run the fuzz code under SHANI for CI. Signed-off-by: Nikos Mavrogiannopoulos Author: Edward Stangler Date: Fri Jan 3 10:36:21 2020 +0000 Fixes dummy getrandom() when errno = EAGAIN. Fixes #892. Signed-off-by: Edward Stangler Author: Tim Rühsen Date: Thu Jan 2 16:15:15 2020 +0100 Fix '-Werror=unused-const-variable=' in fuzz/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Dec 22 13:20:03 2019 +0100 Fix NULL ptr access in _gnutls_iov_iter_next() Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sat Dec 21 19:21:55 2019 +0100 Use check_for_datefudge in tests Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Dec 20 11:00:53 2019 +0100 Fix "left shift cannot be represented in type 'int'" in hello_ext.[ch] Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Dec 19 12:33:34 2019 +0100 Fix 2x -Wunused-function in tests/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Dec 19 12:23:34 2019 +0100 certtool-cfg.c: Silence -Wunused-variable if HAVE_IPV6 not set Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Dec 19 11:48:47 2019 +0100 status_request.c: Silence -Wsign-compare Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Dec 19 11:46:23 2019 +0100 rnd-fuzzer.c: Suppress shift sanitization check Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Dec 19 11:17:43 2019 +0100 handshake.c: Suppress warning in fuzzing build Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Dec 18 19:44:10 2019 +0100 Fix implicit value change in verify-high.c verify-high.c:284:7: runtime error: implicit conversion from type 'size_t' (aka 'unsigned long') of value 15421545260338 418178 (64-bit, unsigned) to type 'uint32_t' (aka 'unsigned int') changed the value to 437555714 (32-bit, unsigned) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Dec 18 16:39:38 2019 +0100 UBSAN: Fail tests if UB detected Suppressions are in devel/ubsan.supp. Suppressions only work on recoverable checks. Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sun Dec 29 21:53:32 2019 +0100 gnutls_x509_crt_get_extension_info: optimize when critical equals NULL That is, do not perform the look ups necessary to calculate the value when it will not be used. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Dec 30 05:35:45 2019 +0100 fuzz: import certificate with and without sanity checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Dec 29 22:33:07 2019 +0100 x509: reject certificates having duplicate extensions According to RFC5280 a certificate must not include more than one instance of a particular extension. We were previously printing warnings when such extensions were found, but that is insufficient to flag such certificates. Instead, refuse to import them. Resolves: #887 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 3 08:53:55 2020 +0100 tests/suite: do not include scripts into dist This part of the test suite is only run on CI. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 2 14:09:50 2020 +0100 ecore cli: updated and rewritten to use libev That removes a lot of code that was not necessary in the gnutls test suite. Resolves: #884 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 2 22:32:43 2020 +0100 .gitlab-ci.yml: use separate images for mingw and fedora builds This should result to faster image loading for CI builds. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 2 14:55:11 2020 +0100 tests: use newer nettle APIs in cipher-override.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 1 21:37:01 2020 +0100 doc: updated copyrights for 2020 This updates the copyright year for documentation and excludes gnulib files from the copyright check. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Sun Dec 29 12:52:21 2019 +0300 cli: fix building with GOST disabled Fix building gnutls-cli (benchmark part) with GOST keys support being disabled. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Dec 29 12:49:16 2019 +0300 cli: support building with OCSP and ANON disabled Support gnutls-cli when building GnuTLS with OCSP and ANON authentication API disabled. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Dec 29 12:49:16 2019 +0300 serv: support building with OCSP disabled Support gnutls-serv when building GnuTLS with OCSP API disabled. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Nov 9 02:29:19 2019 +0300 tls12-server-kx-neg: add tests without GOST signature algorithms Add tests mimicking SChannel clients which are unable to send proper SignatureAlgorithms extension. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Nov 9 02:01:22 2019 +0300 SignatureAlgorithms: force-enable GOST signatures for GOST KX SChannel-based clients can not send GOST identifiers as a part of SignatureAlgorithms extension. To mitigate this forcefully enable GOST signature algorithms if client sends GOST ciphersuite. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Dec 24 16:26:27 2019 +0300 benchmark: enable benchmarking of GOST CNT ciphersuite/KX Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Dec 24 02:33:26 2019 +0300 benchmark: support benchmarking GOST ciphers/MACs Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Dec 24 02:32:17 2019 +0300 benchmark: use mac key size instead of block size Use newly added gnutls_hmac_get_key_size() to get key size instead of assuming that key size = block size (incorrect for GOST 28147 IMIT). Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Dec 24 02:31:30 2019 +0300 crypto-api: add gnutls_hmac_get_key_size() function Add gnutls_hmac_get_key_size() to retrieve MAC key size. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Dec 24 01:20:24 2019 +0300 nettle/gost: remove gost28147_imit_init Rewrite gost28147 imit code to clean up state and index on key setup to be sure that imit context is properly cleaned. Signed-off-by: Dmitry Eremin-Solenikov Author: Ludovic Courtès Date: Wed Nov 20 16:10:11 2019 +0100 guile: Arrange to make 'gnutls.scm' architecture-independent. Fixes #838. Reported by Andreas Metzler. * configure.ac: Define and substitute 'maybe_guileextensiondir'. * guile/Makefile.am (.in.scm): Substitute 'maybe_guileextensiondir'. * guile/modules/gnutls.in : Use @maybe_guileextensiondir@. Check if %LIBDIR is true. Signed-off-by: Ludovic Courtès Author: Nikos Mavrogiannopoulos Date: Mon Dec 23 20:20:58 2019 +0100 x509: do not tolerate invalid DER time This effectively reverts !400 and ensures that we no longer tolerate invalid DER time. This complements the previous commit by Lili Quan and ensures we provide the --disable-strict-der-time backwards compatibility option. Resolves: #207 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 14 10:51:48 2019 +0100 certtool: always set extensions from template Previously we would only set these extensions specific with add_extension when generating using --generate-certificate. The change makes sure these options are considered even when generating an extension from a certificate request. Issue reported on the mailing list. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 14 10:44:16 2019 +0100 tests: check certificate generation from certificate request Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Dec 20 20:37:32 2019 +0100 tests: ensure test suite does not apply global config When running the test suite we do not apply the global gnutls configration as it may change options that are tested. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Dec 5 11:40:31 2019 +0100 gnutls-cli: improved output of --benchmark-tls-kx It is now printed in a way that separates the tests. Example: ``` (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) - 179.19 transactions/sec - avg. handshake time: 5.57 ms - standard deviation: 0.57 (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) - 182.24 transactions/sec - avg. handshake time: 5.48 ms - standard deviation: 0.64 ``` Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 4 13:58:21 2019 +0100 gnutls-cli: benchmark-tls-kx can work with sub-ms accuracy This allows micro and nanoseconds to be reported if necessary, and it changes reporting of sample variance to standard deviation giving a possibly better overview as it is in the same units as the average. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Thu Jul 19 15:40:46 2018 +0300 gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT support by the server. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Thu Dec 19 21:13:15 2019 +0100 README.md: updated to list fuzz coverage results [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Dimitri John Ledkov Date: Sun Dec 15 20:32:02 2019 +0000 doc: update reference to the default configuration file Signed-off-by: Dimitri John Ledkov Author: Nikos Mavrogiannopoulos Date: Thu Dec 19 20:28:50 2019 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Dec 19 09:37:34 2019 +0100 _gnutls_verify_crt_status: apply algorithm checks to trusted CAs If a CA is found in the trusted list, check in addition to time validity, whether the algorithms comply to the expected level. This addresses the problem of accepting CAs which would have been marked as insecure otherwise. Resolves: #877 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 18 14:38:32 2019 +0100 certtool: added option to apply a certificate verification profile This applies to the --verify and --verify-chain commands. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 18 14:29:21 2019 +0100 Export profile ID/name handling functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 18 14:04:35 2019 +0100 is_level_acceptable: apply the system-wide profile in all verifications Signed-off-by: Nikos Mavrogiannopoulos Author: Lili Quan <13132239506@163.com> Date: Thu Dec 19 17:14:20 2019 +0100 Introduced check to reject certificates with non-digits in time field According to RFC5280 we should reject such certificates. Resolves: #870 Signed-off-by: Lili Quan <13132239506@163.com> Author: Dmitry Baryshkov Date: Wed Nov 13 23:47:16 2019 +0300 abi-check: fix include paths If GnuTLS is built outside of source tree, abicheck will miss gnutls.h header which is generated in the build tree. Expand arguments to include it. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Dec 18 23:28:48 2019 +0300 doc: document GROUP-GOST-ALL keyword Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 27 15:48:57 2019 +0300 NEWS: add news entry, describing TLS 1.3 vs GOST issues Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Jul 17 19:41:47 2019 +0300 ext/signature: use GOST signatures for GOST ciphersiuites draft-smyshlyaev-tls12-gost-suites limits SignatureAndHash algorithms in CertificateRequest message to GOST values if GOST cipher suite is selected. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Sep 3 10:48:09 2019 +0300 tls13-server-kx-neg: add test for GOST-enabled server and client If both client and server have enabled TLS 1.3 and GOST-CNT ciphersuites, they should correctly negotiate a connection, but using TLS 1.2 version. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Oct 9 07:17:59 2017 +0300 tests: added testcases for ciphersuite/KX negotiation with VKO-GOST This verifies whether the ciphersuite negotiation will detect and reject incompatible data present in credentials. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Sep 23 21:37:38 2017 +0300 tests: add tests for KX-GOST-VKO using different key variants Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Oct 27 03:31:49 2016 +0300 Add GOST cipher suites Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Feb 10 12:18:40 2019 +0300 priority: add GROUP-GOST-ALL keyword Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 30 13:11:28 2016 +0300 Support GOST certificate request values Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Sep 23 21:56:23 2017 +0300 lib: fix group selection in case of GOST cipher suites Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Tue Dec 17 20:09:54 2019 +0100 Sync with fuzzers from OSS-Fuzz Only lots of corpora removed (by merge step). Not sure why. But there are several new UBs detected. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Dec 17 19:52:58 2019 +0100 Amend fuzz scripts and README for clang-8 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Dec 17 19:52:05 2019 +0100 Add fuzz corpora for gnutls_ext_raw_parse_fuzzer Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Mon Dec 16 12:54:23 2019 +0100 fuzzer: added fuzzer for gnutls_ext_raw_parse() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Dec 16 12:45:06 2019 +0100 gnutls_ocsp_status_request_is_checked: mark explicitly as unsigned the return type Also some documentation updates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Dec 16 11:35:48 2019 +0100 README.md: updated CI build badge [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 14 15:41:17 2019 +0100 Provide flag to identify sessions that an OCSP response was requested That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be checked by a server application to determine whether the client has requested stapled OCSP responses. This includes minor cleanups in the status request handling code. Resolves: #829 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 7 21:30:17 2019 +0100 abi: updated to latest const changes and added NEWS entry Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue May 21 21:50:33 2019 +0200 Add const to function arguments in lib/x509 This change does not introduce functionality changes. It just adds const promises to the caller. Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Thu Dec 5 17:06:22 2019 +0100 gnutls-serv: do not exit on command failure If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv would simply quit. This prevents using this tool in a test environment like tlsfuzzer. Ensure that we don't quit on error. Resolves: #868 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 4 22:18:02 2019 +0100 .triage-policies.yml: updated to work with latest gitlab-triage [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Vitezslav Cizek Date: Wed Dec 4 15:24:17 2019 +0100 lib: remove obsolete AVOID_INTERNALS Although commit 1f246c381e8a7449d84b143ffe50a0818622d2a3 enabled the self-check functions unconditionally, the #ifdefs AVOID_INTERNALS remained in lib/crypto-selftests-pk.c. Signed-off-by: Vitezslav Cizek Author: Nikos Mavrogiannopoulos Date: Mon Dec 2 17:32:16 2019 +0100 Revert "Released 3.6.11.1 including missing files" This reverts commit 1e9c9ba0c0798b5566902e6c5ab83418826dd7f5. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Dec 2 17:08:43 2019 +0100 Released 3.6.11.1 including missing files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Dec 2 08:56:05 2019 +0100 libopts: include new files into dist This also includes --enable-local-libopts flag to make dist to catch future regressions. Resolves: #867 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Dec 1 22:39:01 2019 +0100 released 3.6.11 Signed-off-by: Nikos Mavrogiannopoulos Author: Fiona Klute Date: Sun Dec 1 19:20:17 2019 +0100 Write OCSP status request debug information to logfile, if set The status information not part of the payload data and should be separate when using --logfile. Signed-off-by: Fiona Klute Author: Fiona Klute Date: Sun Dec 1 18:45:28 2019 +0100 Send log messages about loading client credentials to logfile, if set Signed-off-by: Fiona Klute Author: Nikos Mavrogiannopoulos Date: Fri Nov 29 20:30:26 2019 +0100 .travis.yml: explicitly install openssl to address build issue Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 29 16:19:07 2019 +0100 NEWS: documented AES-CFB8 fix [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 29 13:06:41 2019 +0100 bumped version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 28 09:08:28 2019 +0100 .travis.yml: update submodules [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 29 09:40:55 2019 +0100 base64: minor improvements in OOM handling and test suite Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 28 15:05:17 2019 +0100 gnutls_base64_decode2() succeeds decoding the empty string This is a behavioral change of the API but it conforms to the RFC4648 expectations. Resolves: #834 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 27 16:13:06 2019 +0100 Revert "tests: ignore datefudge-check check when running on command line" This commit was breaking CI on FreeBSD systems. This reverts commit 1fe4f8e289d666979618fbb909983ac05aad11ac. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 25 22:36:22 2019 +0100 certtool: always include the CRL distribution points on CAs Previously we would omit the CRL distribution points from a non-self signed CA certificate, even if contained in the template. Resolves: #765 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 25 22:38:05 2019 +0100 tests: ignore datefudge-check check when running on command line That allows running the tests individually without make or setting top_builddir variable. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Fri Nov 22 17:21:19 2019 +0300 tests: make tests pass with disabled GOST algorithms Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Nov 22 16:43:49 2019 +0300 gitlab-ci: enable running make check on minimal build Signed-off-by: Dmitry Eremin-Solenikov Author: Ludovic Courtès Date: Mon Nov 11 21:36:22 2019 +0100 guile: Silence auto-compilation warning for 'guild'. Reported by Helmut Grohne and Andreas Metzler at . * guile/Makefile.am (%.go): Pass "GUILE_AUTO_COMPILE=0" to avoid warnings about 'guild' needing to be compiled. Signed-off-by: Ludovic Courtès Author: Dmitry Baryshkov Date: Sun Nov 10 14:06:58 2019 +0300 vko: fix possible unitilized scalar access Fix error path in _gnutls_gost_keytrans_decrypt. If _asn1_strict_der_decode() fails, cleanup path will try to gnutls_pk_params_release(&pub), which will access unitialized pub variable. Fix by deleting asn1 sctructure directly. Signed-off-by: Dmitry Eremin-Solenikov Author: Ludovic Courtès Date: Mon Nov 11 21:30:48 2019 +0100 guile: Do not attempt to load shared object when cross-compiling. Reported by Helmut Grohne and Andreas Metzler at . * configure.ac: Add 'CROSS_COMPILING' conditional. * guile/Makefile.am (CROSS_COMPILING_VARIABLE): New variable. (%.go): Use it. * guile/modules/gnutls.in : Do not call 'load-extension' when "GNUTLS_GUILE_CROSS_COMPILING" is defined. Signed-off-by: Ludovic Courtès Author: Dmitry Baryshkov Date: Thu Oct 27 03:30:34 2016 +0300 Add support for VKO GOST key exchange Signed-off-by: Dmitry Eremin-Solenikov Author: Daiki Ueno Date: Thu Nov 7 18:25:01 2019 +0100 .gitlab-ci.yml: bump configure cache version Signed-off-by: Daiki Ueno Author: Günther Deschner Date: Wed Nov 6 13:17:57 2019 +0100 crypto-selftests: test CFB8 ciphers with different chunksizes Signed-off-by: Guenther Deschner Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Nov 8 10:10:09 2019 +0100 nettle: use included CFB8 implementation if nettle is 3.5 Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Sun Feb 10 02:38:43 2019 +0300 groups: add function to return group by curve Two GOST groups will have two curves attached. Add function to retrieve group by curve, rather than by group id. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue May 7 18:01:33 2019 +0300 ecc: define curve->group relationship Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Aug 29 11:09:31 2017 +0300 Declare groups corresponding to GOST curves Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Dec 2 06:26:55 2016 +0300 Add GOST key transport support Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jun 7 13:19:55 2018 +0300 nettle: add support for GOST key derivation Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Oct 27 18:58:12 2016 +0300 _gnutls_pk_derive: add argument for nonce GOST VKO key derivation needs another opaque argument (called UKM). Add an argument to _gnutls_pk_derive to accomodate that keying material. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jun 14 15:39:39 2018 +0300 nettle/gost: add support for GOST VKO algorithm GOST VKO is a variant of ECDHE algorithm. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jun 14 15:39:19 2018 +0300 nettle/gost: provide GOST keywrapping support Signed-off-by: Dmitry Eremin-Solenikov Author: Miroslav Lichvar Date: Wed Nov 6 11:37:10 2019 +0100 prf: don't crash when called before handshake completion If a gnutls_prf*() function is called before the handshake is completed, return GNUTLS_E_INVALID_REQUEST instead of crashing. Signed-off-by: Miroslav Lichvar Author: Daiki Ueno Date: Wed Nov 6 12:07:24 2019 +0100 nettle: backport fixes to cfb8_decrypt cfb8: don't truncate output IV if input is shorter than block size: https://git.lysator.liu.se/nettle/nettle/commit/f4a9c842621baf5d71aa9cc3989851f44dc46861 Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Tue Nov 5 16:47:17 2019 +0100 gnutls_privkey_sign_data2: removed unnecessary text [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 1 14:04:27 2019 +0100 .gitlab-ci.yml: do not inline strcmp in valgrind build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 1 10:24:24 2019 +0100 .gitlab-ci.yml: removed unnecessary use of --enable-valgrind-tests Signed-off-by: Nikos Mavrogiannopoulos Author: nia Date: Thu Oct 31 18:36:49 2019 +0000 Add NEWS entry for the NetBSD KERN_ARND change. Signed-off-by: Nia Alarie Author: Dmitry Baryshkov Date: Thu May 18 05:36:49 2017 +0300 tls-sig: reverse bytes in TLS signatures for GOST signatures GOST TLS suites have one peculiarity: CertificateVerify message uses byte order opposite to the rest of GOST signature usage (BE instead of LE). So, reverse byte order in signatures in TLS code. For now this applies only to TLS 1.2 code. GOST TLS 1.3 ciphersuites will also follow this approach. Legacy TLS 1.0 ciphersuites also had this peculiarity. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Wed Oct 30 10:39:49 2019 +0100 .gitlab-ci.yml: updated CI environment to F31 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 11 20:46:41 2019 +0200 tests: include config.h in rawpk-api.c This seems to have impacted windows compilation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 11 15:57:43 2019 +0200 tests: global-init-override do not run in windows It cannot be compiled in f30. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 11 14:44:39 2019 +0200 updated to libopts 5.18.16 This fixes compilation in Fedora 30 which ships with this version of autogen. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Sun Oct 27 03:12:45 2019 +0300 serv: move closing TABLE tag after actual table end Move closing TABLE tag after printing information on cipher and MAC. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Oct 27 03:08:33 2019 +0300 ecc: fix curve sizes for TC26-256 gost curves Fix curve size being incorrectly set to 64 instead of 32 for several GOST curves. Signed-off-by: Dmitry Eremin-Solenikov Author: nia Date: Sat Oct 26 20:58:49 2019 +0100 nettle: Support sysctl(KERN_ARND) for RNG on NetBSD. This system call will never block and does not require a file descriptor to be opened. It provides an endless stream of random numbers from the kernel's ChaCha20-based random number generator. Signed-off-by: Nia Alarie Author: Björn Jacke Date: Fri Oct 25 17:25:39 2019 +0200 doc: describe how to make gnutls-cli quiet for pipe usage Signed-off-by: Bjoern Jacke Author: Dmitry Baryshkov Date: Thu Oct 24 18:01:55 2019 +0300 lib: simplify uint24 handling Drop separate uint24 type and functions to convert between it and uint32_t. This makes _gnutls_read/_write_uint24 simpler and easier to understand. And with faster assembly code. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Oct 20 18:49:41 2019 +0300 lib: drop gnutls_uint64 usage as sequence number GnuTLS is depending already on uint64_t being a properly defined type. So there is no need to have a special byte-array type for 8-byte integers. Use uint64_t instead, thus simplifying a code quite heavily. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Oct 21 15:55:47 2019 +0300 sign: convert tls13_ok to flags field Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Oct 21 18:55:26 2019 +0300 tls-sig: split TLS 1.0/1.1 CertificateVerify code For the symmetry split the TLS 1.[01] CertificateVerify code, so that main functions work as pure multiplexors. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Oct 21 14:08:00 2019 +0300 mac: mark GOST28147-TC26Z-IMIT as using CONTINUOUS_MAC Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu May 18 04:09:51 2017 +0300 Support GOST cipher suite MAC calculation GOST ciphersuites require that MAC is calculated over _all_ packets, rather than just current packet. Add flag to auth_cipher_hd_st controlling this behaviour. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Oct 21 13:57:55 2019 +0300 mac: change preimage_insecure to be a flag Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 18 13:19:04 2019 +0300 cipher: replace several bools with single flags instance Replace bools in cipher_entry_st with flags field. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jun 21 19:34:45 2018 +0300 lib: pubkey vs TLS signature compatibility for GOST algorithms Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 18 13:22:06 2019 +0300 src: fix noreturn-related warning Recent autogen started adding '#include ' into -args.h files. However in GnuTLS tools code this results in the following warnings, because stdnoreturn.h unconditionally redefines 'noreturn' to _Noreturn: warning: '_Noreturn' attribute directive ignored Use __noreturn__ attribute instead as does Gnulib. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Dec 2 08:28:34 2016 +0300 Allow using implicit IV for stream ciphers with TLS Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Aug 29 11:10:33 2017 +0300 prf: add Streebog (GOST R 34.11-2012) PRF support Add support and tests for PRF generated using both Streebog versions. This is necessary for adding GOST TLS ciphersuites support. Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Sat Oct 12 20:59:22 2019 +0200 Add const to several read-only packet sequence params Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Oct 13 12:04:20 2019 +0200 tests/buffer.c: Add unit test for _gnutls_buffer_unescape() Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 18:54:12 2019 +0200 lib/x509/x509.c: Check before pointer dereference in get_alt_name() Fixes Coverity issue 1361513 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 18:44:35 2019 +0200 cipher: Let _gnutls_auth_cipher_setiv() return int Fixes Coverity issue 1454646 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 18:34:22 2019 +0200 lib/record.c: Use assignment instead of memcpy() Fixes Coverity issue 1454647 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 18:27:11 2019 +0200 lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id() Fixes Coverity issue 1454649 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 18:11:10 2019 +0200 lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey() Fixes Coverity issue 1454670 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 18:04:44 2019 +0200 lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry() Fixes Coverity issue 1454652 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 17:53:54 2019 +0200 lib/str.c: Replace sscanf() in _gnutls_buffer_unescape() Fixes Coverity issue 1454651 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 17:39:24 2019 +0200 lib/handshake.c: Check return value of _gnutls_version_max() Fixes Coverity issue 1454674 Fixes Coverity issue 1454658 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Oct 9 17:37:42 2019 +0200 Remove trailing spaces in several files Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Thu Oct 10 17:49:01 2019 +0200 .gitlab-ci.yml: removed coverity build [ci skip] The coverity run is subject to several restrictions by the service, and thus it is not really useful in the main CI runs as it cannot reasonably be run on MRs or master. As such we simplify the main CI file by moving the coverity to the coverage sub-project and running it weekly. The new location is at: https://gitlab.com/gnutls/coverage Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 5 03:30:32 2019 +0200 crq APIs: fix typos [ci skip] Resolves: #842 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 25 07:04:04 2019 +0200 document limitations of gnutls_record_discard_queued() [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Ricardo M. Correia Date: Wed Oct 9 17:37:22 2019 +0200 README.md: document lscpu/util-linux dependency for make check Closes #764 Signed-off-by: Ricardo M. Correia Author: Dmitry Baryshkov Date: Wed Oct 9 01:29:07 2019 +0300 testpkcs11.sh: test that we output mechanism flags correctly Verify some of PKCS#11 mechanism flags. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Sep 25 21:11:09 2019 +0300 p11tool: print mechanism info in list-mechanisms Print key size range and flags in mechanisms list. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Oct 9 00:10:09 2019 +0300 tests/psk-file: fix heizenbug in last test Currently last test case in psk-file expects that the server will terminate connection with fatal error and close connection. Client will receive GNUTLS_E_PUSH_ERROR error. However on slow boxes (or under qemu) client is able to receive server's fatal alert thus returning unexpected error. To make this behaviour predictable make server wait for client to read all data and actually close connection on it's own. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Tue Oct 8 07:23:31 2019 +0200 session tickets: parse extension during session resumption on client side It is possible for a server to send a new session ticket during TLS1.2 resumption. To be able to parse it as client we need to check the extension during resumption as well. Resolves: #841 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Mon Jun 24 01:37:31 2019 +0300 ext/supported_groups: don't consider non-EC groups for EC Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Aug 2 02:08:00 2019 +0300 tests: correct gost server certificates Correct GOST server certificates: - use only Digital Signature Key Usage, - use new format for 512-bit curve key and certificate. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Tue Oct 8 06:48:44 2019 +0200 .gitlab-ci.yml: only run coverity task on 3_6_x tags [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Oct 2 17:05:10 2019 +0300 cert-tests/gost: add certificate with new GOSTParameters struct Add certificate example using simplified (new) GOSTParameters structure. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Mon Oct 7 20:59:34 2019 +0200 .gitlab-ci.yml: include an automated coverity build on tags Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Sep 25 18:13:37 2019 +0300 lib: implement support for updated GOST PublicKeyParameters Recomendation for standardization R 1323565.1.023-2018 has made changes to PublicKeyParameters for GOST R 34.10-2012 keys. It has removed encryptionParamSet (since now S-BOX is basically fixed as TC26-Z) and made digestParamSet OPTIONAL (as it can be concluded from public key OID). Implement these requirements. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Apr 25 15:06:58 2019 +0300 nettle/pk: add support for "new" TC26 256 B curve TC26 likes aliases. Thus "new" TC26 256 B curve is the same as old CryptoPro-256-A curve (but with limitation to use GOST R 34.10-2012). Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Sep 28 21:40:30 2019 +0300 lib/ecc: add documentation for GOST-related curves Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue May 7 15:24:53 2019 +0300 lib: define more GOST curves Declare GOST curves from GOST R 34.10-2001 and GOST R 34.10-2012 (test curves) and GOST curves defined by TC26 itself. Signed-off-by: Dmitry Eremin-Solenikov Author: Daiki Ueno Date: Tue Oct 1 18:15:19 2019 +0200 gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers Previously, those functions failed to write the output to the buffers if the buffer length is not multiple of cipher block size. This makes sure that the cached data is always flushed. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Oct 1 18:14:48 2019 +0200 iov: add _gnutls_iov_iter_sync to write back cached data to iov Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Oct 3 10:34:18 2019 +0200 iov: _gnutls_iov_iter_next: return bytes instead of blocks This eliminates the need of special handling of final block. Also adds more tests in exceptional cases. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sat Oct 5 03:27:01 2019 +0200 NEWS: added entry for 3.6.11 Signed-off-by: Nikos Mavrogiannopoulos Author: Tom Vrancken Date: Fri Oct 4 20:50:19 2019 +0200 Updated NEWS to reflect the added raw public-key handling functionality for gnutls-cli/serv tools. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Mon Sep 30 21:22:59 2019 +0200 Added functional regression tests for rawpk functionality in gnutls-cli and gnutls-serv. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Tue Aug 27 17:10:04 2019 +0200 Implemented raw public key support for gnutls-serv application. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Mon Aug 26 17:12:40 2019 +0200 Implemented raw public key support for gnutls-cli application. Signed-off-by: Tom Vrancken Author: Dmitry Baryshkov Date: Wed Oct 2 14:47:44 2019 +0300 nettle/mac: add missing ifdef Add an ifdef guarding gost28147 include. Signed-off-by: Dmitry Eremin-Solenikov Author: Andreas Metzler Date: Sun Sep 29 18:55:18 2019 +0200 cipher-alignment: migrate LDADD/CFLAGS after rename Test was renamed from mini-alignment to cipher-alignment. Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Sun Sep 29 12:24:02 2019 +0200 bumped versions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 28 21:25:25 2019 +0200 .gitlab-ci.yml: run pic-check on i686-linux-gnu to catch wrong assembly Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sat Sep 28 14:28:12 2019 +0200 Regenerate asm files with -fPIC CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed as option. Set -fPIC for the same files as openssl does. Closes #818 Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Sat Sep 28 12:42:12 2019 +0200 certtool: ensure that PKCS#8 file does not contain key description Resolves: #840 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Sat Sep 28 21:23:17 2019 +0300 NEWS: document previous changes [ci skip] Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Aug 2 13:55:18 2019 +0300 tests: add verbose logging to server-kx-neg tests Add support for verbose logging to tls*-server-kx-neg tests. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Jun 19 17:42:53 2018 +0300 lib/algorithms: add AID values assigned by IANA Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Sep 27 17:00:29 2019 +0300 x509: add support for Russian extensions defined for qualified certificate Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Sep 1 11:05:35 2019 +0300 crypto-selftests: add CNT and IMIT self tests Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jun 14 15:37:20 2018 +0300 nettle: provide GOST 28147-89 IMIT MAC support Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jun 14 15:36:55 2018 +0300 nettle: provide GOST 28147-89 CNT mode support Signed-off-by: Dmitry Eremin-Solenikov Author: Daiki Ueno Date: Thu Sep 26 16:45:25 2019 +0200 ext/supported_versions: reorder client precedence if necessary If the client advertises TLS < 1.2 before TLS 1.3 and the server is configured with TLS 1.3 enabled, the server should select TLS 1.3; otherwise the client will disconnect when seeing downgrade sentinel. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Wed Sep 25 06:23:22 2019 +0200 gnutls_session_get_data2: fix operation without a timeout callback When TLS1.3 was introduced, gnutls_session_get_data2 was modified to assume that the callbacks set included the timeout one which was not previously necessary except for some special cases. This corrects that issue and makes sure that gnutls_session_get_data2() does not fail (but not necessarily succeed), if that timeout callback is not set. Resolves: #823 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 25 06:18:48 2019 +0200 _gnutls_io_check_recv: added newline to error message Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 23 21:42:14 2019 +0200 tests: cipher-alignment: ensure cipher registration That is, ensure that the registered cipher is called at least once in the program. That is, to make this test fail if the registration API ever become deprecated/no-op. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 23 21:11:53 2019 +0200 tests: mini-alignment moved to modern nettle API That is, it no longer uses the deprecated API, and it is also removed to cipher-alignment for clarity. Resolves: #835 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 23 21:05:48 2019 +0200 nettle: use nettle_get_secpp* consistently We already depend on nettle 3.4.1 which provides that symbol, ensure that we use it consistently. Relates: #835 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 20 22:09:39 2019 +0200 Updates in OCSP status response related documentation gnutls_certificate_set_ocsp_status_request_file2: corrected documentation This corrects the documented return code in gnutls_certificate_set_ocsp_status_request_file2 and the applicability of gnutls_ocsp_status_request_is_checked. Resolves: #836 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 20 21:04:09 2019 +0200 tests: added server side OCSP check This checks whether gnutls_ocsp_status_request_is_checked() is functional on server-side verification. Relates: #829 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 20 20:57:51 2019 +0200 tests: added server-side verification test This tests gnutls_certificate_verify_peers2() operation in server side. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 19 21:26:25 2019 +0200 gnutls_ocsp_status_request_is_checked: added tests in client side This ensures that this function has functional tests. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 16 15:03:41 2019 +0200 pkcs11-mock: updated license based on upstream project [ci skip] Based on the relicense of the original project: https://github.com/Pkcs11Interop/pkcs11-mock Applied in commit: 8751256956e414c1b0a30414831f5083afbf64bf Signed-off-by: Nikos Mavrogiannopoulos Author: Ludovic Courtès Date: Sat Jun 1 16:54:47 2019 +0200 guile: Add support for Guile 3.0. * configure.ac: Add 3.0 to 'GUILE_PKG', as well as the previously-supported versions. * doc/gnutls-guile.texi (Guile Preparations): Update list of supported versions. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Sat Jun 1 16:52:34 2019 +0200 doc: Run guile with '-q'. This makes sure we don't load the user's ~/.guile. * doc/Makefile.am (GUILE_FOR_BUILD): Pass '-q'. Signed-off-by: Ludovic Courtès Author: Nikos Mavrogiannopoulos Date: Thu Sep 12 15:21:55 2019 +0200 tlsfuzzer: enable atypical padding check The atypical padding check is complementary to the existing GnuTLS 2.12.x interop test. This commit also upgrades to the latest version, and adds new TLS1.3 tests as well. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu Aug 8 18:04:18 2019 +0200 lib/*: remove unnecessary cast to ssize_t Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Aug 8 18:02:08 2019 +0200 gnutls_int.h: make DECR_LEN neutral to signedness DECR_LEN was previously implemented in a way that it first decrements the given length and then checks whether the result is negative. This requires the caller to properly coerce the length argument to a signed integer, before invoking the macro. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Sep 11 11:24:17 2019 +0200 .gitlab-ci.yml: bump configure cache version Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Sep 10 13:50:45 2019 +0200 .gitlab-ci.yml: export guile related envvars for doc-dist.Fedora Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Fri Sep 6 08:36:04 2019 +0200 tests: check interoperability testing with gnutls 2.12.x and SHA256 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 3 21:51:58 2019 +0200 _gnutls_epoch_set_keys: do not forbid random padding in TLS1.x CBC ciphersuites Since some point in 3.6.x we updated the calculation of maximum record size, however that did not include the possibility of random record padding available for CBC ciphersuites which exceeds the maximum. This commit allows for larger sizes for these ciphersuites to account for random padding as applied by gnutls 2.12.x. Resolves: #811 Signed-off-by: Nikos Mavrogiannopoulos Author: Ludovic Courtès Date: Sat Jul 20 16:13:02 2019 +0200 .gitlab-ci.yml: minimal.Fedora.x86_64: Pass '--disable-guile' the 2nd time as well. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Sat Jul 20 16:08:48 2019 +0200 .gitlab-ci.yml: doc-dist.Fedora: Pass "GUILE", "GUILD", and "guile_snarf" to 'configure'. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Sat Aug 31 16:38:13 2019 +0200 maint: Include Guile's M4 macros. This ensures 'GUILE_PKG' & co. behaves as we want. Previously we had problem in CI when using 'guile.m4' coming from potentially old distro packages, as discussed in issue !1020: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_194443890 * m4/guile.m4: New file, from Guile's 'stable-2.2' branch, commit 9846178c69445142ef0b9432417453d2d4de6635. * .x-sc_prohibit_test_minus_ao: New file. Signed-off-by: Ludovic Courtès Author: Dmitry Baryshkov Date: Thu Sep 5 11:36:27 2019 +0300 priority: fix loop which removes systemwide disabled KX algos Fix c&p error in KX-removal loop. Signed-off-by: Dmitry Eremin-Solenikov Author: Tom Vrancken Date: Sun Sep 1 13:50:35 2019 +0200 Added initial corpora for rawpk client and server fuzzers. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Sun Sep 1 13:49:59 2019 +0200 Implemented server rawpk fuzzer. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Sun Sep 1 13:49:40 2019 +0200 Implemented client rawpk fuzzer. Signed-off-by: Tom Vrancken Author: Dmitry Baryshkov Date: Mon Sep 2 16:34:08 2019 +0300 gnutls-cli-debug: fix early break for no version supported check Currently gnutls-cli-debug code hardodes index of tests, after which it will check if any known protocols (SSL 3.0/TLS1.[0123]) are supported by the server. However this number is hardcoded and thus easy to break. This is exactly what happened after adding %ALLOW_SMALL_RECORDS check. Two tests were added in front of tests lists without updating this index. So let's make this check robust by adding another test which will return fatal error if no known protocols are supported. While we are at it, also simplify tests loop by removing internal loop completely and controlling opening/closing a socket with a flag. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Sat Aug 3 21:32:47 2019 +0200 tests: added interoperability test with gnutls 2.12.x This enables this test in debian build. Signed-off-by: Nikos Mavrogiannopoulos Author: Ludovic Courtès Date: Sat Aug 31 16:33:33 2019 +0200 guile: Update the list of certificate status values. * guile/modules/gnutls/build/enums.scm (%certificate-status-enum): Add 'gnutls_certificate_status_t' values that were missing. * guile/src/core.c (scm_gnutls_peer_certificate_status): Add 'MATCH_STATUS' clauses to handle them. * guile/modules/gnutls.in: Export them. Signed-off-by: Ludovic Courtès Author: Michael Catanzaro Date: Tue Aug 13 14:55:19 2019 -0500 Fix typo in gnutls_db_set_cache_expiration() docs 21600 seconds is six hours. Signed-off-by: Michael Catanzaro Author: Daiki Ueno Date: Fri Aug 2 07:40:44 2019 +0200 crypto-api: add gnutls_aead_cipher_{en,de}cryptv2 This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and gnutls_aead_cipher_decrypt(), that works on data buffers. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Aug 1 18:13:38 2019 +0200 crypto-api: use giovec_t iterator interface for aead_encryptv This replaces the macros AUTH_UPDATE and ENCRYPT used in gnutls_aead_cipher_encryptv() with the iov_iter interface. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Aug 1 17:41:45 2019 +0200 iov: add iterator interface for giovec_t This adds an iterator interface over giovec_t array, extracting a fixed sized block. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Aug 7 15:55:44 2019 +0200 nettle: prohibit deterministic ECDSA/DSA under FIPS except selftests Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Aug 5 15:21:55 2019 +0200 nettle: enable deterministic ECDSA/DSA during FIPS selftests Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jul 29 14:01:11 2019 +0200 pk: implement deterministic ECDSA/DSA This exposes the deterministic ECDSA/DSA functionality through the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Aug 7 14:37:00 2019 +0200 privkey_sign_prehashed: remove unused argument Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jul 29 15:10:51 2019 +0200 privkey_sign_raw_data: remove unnecessary local variable Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jul 29 14:00:30 2019 +0200 nettle: add functions for deterministic ECDSA/DSA This adds functions to perform deterministic ECDSA/DSA, namely _gnutls_{ecdsa,dsa}_compute_k(), which computes the k value according to RFC 6979. The retrieved k value can be given to nettle_{ecdsa,dsa}_sign() through a wrapper random function. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Fri Aug 2 21:57:40 2019 +0200 read_cpuid_vals: use __get_cpuid_count() only when available This makes the functionality available on gcc 4.8. Resolves: #812 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 2 22:16:31 2019 +0200 src/Makefile.am: fix detection of .bak files This fixes detection in a way to work in builds outside the source directory. Resolves: #810 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 2 21:25:39 2019 +0200 configure: AS_HELP_STRING cannot print variables; don't try Signed-off-by: Nikos Mavrogiannopoulos Author: Karsten Ohme Date: Tue Jun 18 12:17:14 2019 +0000 Notes about Ubuntu specific software versions not available. Signed-off-by: Karsten Ohme Author: Andreas Metzler Date: Mon Jul 29 17:47:42 2019 +0200 Ship inih/LICENSE.txt in release tarball inih's license terms requires shipping a copy of the license when redistributing the source. Signed-off-by: Andreas Metzler Author: Michael Catanzaro Date: Fri Jul 26 11:18:07 2019 -0500 Improve documentation of gnutls_record_send() It's no longer required to retry this function with the same parameters if you want to use gnutls_record_discard_queued(). Fixes #806 Signed-off-by: Michael Catanzaro Author: Nikos Mavrogiannopoulos Date: Fri Jul 26 09:57:29 2019 +0200 certtool: default to yes on signing certificates for CAs When asking the questions for CA certificate generation, default to yes to signing certificates. This is because that's the most common type of CAs generated and defaulting to yes eliminates the need for restart on error. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 25 20:38:14 2019 +0200 bumped version for 3.6.9 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 22 12:43:50 2019 +0200 gnutls.h: mark AEAD ciphers as such in gnutls_cipher_algorithm_t description Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 22 10:00:51 2019 +0200 abi-check: correctly bail-out on errors Added suppressions for _MAX enumerator values. Signed-off-by: Nikos Mavrogiannopoulos Author: Karsten Ohme Date: Sat Jun 22 00:39:56 2019 +0200 Support for Generalname registeredID from RFC 5280 in subject alt name Added test certificates (cert10.der) with registered ID Updated Makefile for inclusion of test certificates Updated SAN unknown test certificates (cert5.der) Signed-off-by: Karsten Ohme Author: Nikos Mavrogiannopoulos Date: Sun Jul 21 10:18:35 2019 +0200 libgnutls.abignore: added comment linking to syntax Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 21 10:06:22 2019 +0200 NEWS: updated for upcoming release [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Jul 16 14:41:50 2019 +0200 Fix documented params for gnutls_certificate_retrieve_function3() Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sun Jul 14 22:27:50 2019 +0200 Fixed alerts returned on TLS1.3 corner cases This enables the tls-fuzzer tests 'test-tls13-certificate-verify.py'. Resolves: #682 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Sun Jul 14 12:17:18 2019 +0300 nettle/backport: fix xts-backport guarding check Check for nettle_xts_encrypt_message() function rather than just xts_encrypt_message(). All functions in nettle are renamed to contain `nettle_` prefix. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Jul 11 21:37:08 2019 +0300 nettle/gost: support building with GOST-enabled Nettle Nettle library starts to gain support for GOST algorithms. Support building GnuTLS with GOST-enabled nettle library. Signed-off-by: Dmitry Eremin-Solenikov Author: Daiki Ueno Date: Sun Jun 30 08:23:41 2019 +0200 tests: remove unused destructive/p11-kit-load.sh This file is replaced with tests/p11-kit-load.sh and tests/pkcs11/list-tokens.c. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jun 19 17:21:16 2019 +0200 pkcs11: ignore login error when traversing tokens If a token is a general access device, it is expected that login attempt to that token returns error: https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852 On the other hand, _pkcs11_traverse_tokens treats the error as fatal and stops iteration. This behavior prevents object search without token specifier if such tokens are registered in the system. Reported by Stanislav Zidek in https://bugzilla.redhat.com/show_bug.cgi?id=1705478 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jul 8 16:54:56 2019 +0200 ext/session_ticket: avoid calling memcpy on overlapping memory areas In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated from ticket_data->data, thus those memory areas may overlap. Using memcpy here leads to undefined behavior. Spotted by valgrind run on ppc64le. ==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160) ==95231== at 0x408A840: memcpy (vg_replace_strmem.c:1023) ==95231== by 0x424EE9F: pack_ticket (session_ticket.c:139) ==95231== by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335) ==95231== by 0x4199E3B: generate_session_ticket (session_ticket.c:249) ==95231== by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307) ==95231== by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511) ==95231== by 0x4110DEB: handshake_server (handshake.c:3331) ==95231== by 0x410C70B: gnutls_handshake (handshake.c:2727) ==95231== by 0x10009EBF: retry_handshake (serv.c:1306) ==95231== by 0x1000AB67: tcp_server (serv.c:1500) ==95231== by 0x10009E5B: main (serv.c:1297) ==95231== Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Tue Jul 9 10:06:47 2019 +0200 lib: mark infinite loops explicitly There were few infinite loop constructions which were checking for an always true condition. Make sure that this construction is marked explicitly as while(1) to assist static analysers, or reviewers. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 9 09:56:24 2019 +0200 tests: improve coverage of CRQ related functions That adds sanity check of crq-related functions that were not included in the testsuite at all. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 8 19:33:50 2019 +0200 encode_ber_digest_info: added sanity check Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 3 21:04:23 2019 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 13 09:13:22 2019 +0200 testcompat-openssl: added interop test with DTLS 1.2 This tests AES-CBC ciphersuites in isolation, as they are prioritized lower than AES-GCM. We want to test them explicitly because they have different behavior under EtM. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 7 23:22:52 2019 +0200 tests: added sanity check for rfc7633 behavior Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 7 16:51:30 2019 +0200 tests: status-request-missing: renamed to rfc7633-missing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 7 16:39:53 2019 +0200 status-request-ext: run under all TLS versions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 7 16:35:11 2019 +0200 tests: status-request: cleanup Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 7 16:34:21 2019 +0200 tests: status-request-missing: run for all TLS versions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 29 21:02:11 2019 +0200 gnutls-cli-debug: test whether RSA key exchange is supported Resolves: #449 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 28 21:08:32 2019 +0200 gnutls_session_get_desc: avoid printing a NULL value When gnutls_session_set_premaster() is used (under openconnect), it is possible that gnutls_session_get_desc will print a string like this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)" With this change we ensure that we do not print null values. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Fri Jun 21 15:49:26 2019 +0200 nettle/rnd-fips: add FIPS 140-2 continuous RNG test This adds a continuous random number generator test as defined in FIPS 140-2 4.9.2, by iteratively fetching fixed sized block from the system and comparing consecutive blocks. Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Fri Jun 28 16:54:30 2019 +0300 lib: document gnutls_hmac_fast vs nonce relationship Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Jun 28 00:27:01 2019 +0300 tests/gnutls_hmac_fast: run test for AES-UMAC-96/-128 Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Jun 25 00:12:29 2019 +0300 nettle: return true for gnutls_mac_exists(AES-CMAC*) Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Jun 28 16:28:58 2019 +0300 NEWS: add an entry for AES-GMAC algorithms Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Jun 28 00:27:01 2019 +0300 tests/gnutls_hmac_fast: run test for AES-GMAC-128/-192/-256 Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Jun 28 16:19:15 2019 +0300 nettle/mac: fail mac calculation if nonce is required but not provided Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC requires nonce, but it was not supplied. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Jun 28 00:27:04 2019 +0300 nettle/mac: in mac_fast call set_nonce after set_key Calling set_nonce before set_key is plain incorrect. For GMAC key is not initialized. For UMAC set_key will reset nonce to empty. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Jun 24 20:29:31 2019 +0300 lib: add support for AES-GMAC Add support for computing AES-GMAC using MAC API, as requested by Samba for SMB3 support. Resolves: #781 Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Fri Jun 28 14:59:19 2019 +0200 tests: gnutls_x509_crt_list_import: verify that return code is as documented That checks whether the return code of gnutls_x509_crt_list_import() contains the number of loaded certificates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 28 08:20:31 2019 +0200 gnutls_x509_crt_list_import2: updated doc to reflect the actual return value options Resolves: #794 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 29 15:28:28 2019 +0200 Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would be We were not setting the third array member correctly, though this didn't have any impact to previous implementations as they did not rely on it. This also moves away from the custom implementation of cpuid (which was limited), and we now rely on the compiler's version. This effectively enables support for SHA_NI. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 26 14:43:19 2019 +0200 Updated asm files to latest version under cryptogams license Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Jun 26 14:24:42 2019 +0300 NEWS: document gnutls_hash/hmac_copy addition Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Wed Jun 26 11:27:27 2019 +0200 gnutls_hash/hmac_copy: check its usability in all cases During the test suite run we require that all supported MAC and hash algorithms implement the copy function. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 26 11:20:25 2019 +0200 accelerated ciphers: implement hmac and hash copy This implements the new API to all internal implementations. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Jun 26 11:00:39 2019 +0300 lib: add support for gnutls_hash_copy() Add gnutls_hash_copy() function for copying message digest context. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Jun 24 17:42:10 2019 +0300 crypto-selftests: add test for gnutls_hmac_copy() Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Jun 24 17:38:56 2019 +0300 api: add gnutls_hmac_copy() function Add gnutls_hmac_copy() API to duplicate MAC handler state, which is necessary for SMB3 support. Resolves: #787 Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 30 01:34:14 2016 +0300 Add MAC copying support to nettle backend Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 30 01:32:30 2016 +0300 Add MAC api to support copying of instances GOST ciphersuites requires continuously computing MAC of all the previously sent or received data. The easies way to support that is to add support for copy function, that creates MAC instance with the same internal state. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Wed May 29 10:36:24 2019 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 4 16:25:37 2019 +0200 config: added ability to override and mark algorithms as disabled This allows the system administrator or the distributor to use the gnutls configuration file to mark hashes, signature algorithms, TLS versions, curves, groups, ciphers KX, and MAC algorithms as insecure (the last four only in the context of a TLS session). It also allows to set a minimum profile which the applications cannot fall below. The options intentionally do not allow marking algorithms as secure so that the configuration file cannot be used as an attack vector. This change also makes sure that unsupported and disabled protocols during compile time (e.g., SSL3.0), do not get listed by gnutls-cli. The configuration file feature can be disabled at compile time with an empty --with-system-priority-file. This patch it introduces the function gnutls_get_system_config_file() allowing applications to check whether a configuration file was used. Resolves: #587 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 3 11:59:37 2019 +0200 Use inih to parse configuration file This introduces the inih copylib, and makes our configuration file parsing more flexible. Relates: #587 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 19 21:38:32 2019 +0200 Marked the crypto backend registration APIs as deprecated This is to warn for a future conversion of these APIs to a no-op. Resolves: #789 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 19 14:20:26 2019 +0000 gnutls-cli-debug.sh: sanity check of %ALLOW_SMALL_RECORDS test Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Fri Jun 7 11:39:53 2019 +0200 tlsfuzzer: test both with and without %ALLOW_SMALL_RECORDS The option changes the behavior of the server, it would make sense to check both with and without %ALLOW_SMALL_RECORDS. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 7 15:10:36 2019 +0200 tlsfuzzer: use fixed HTTP response for record_size_limit tests Previously those tests assumed varying sizes of connection information gnutls-serv sends. This is too brittle and if the default algorithm has changed the tests need to be updated. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 7 14:54:58 2019 +0200 gnutls-serv: add --httpdata option to respond with fixed sized data By default, the gnutls-server --http responds with the connection information. While this is useful for manual testing, fixed content would be more desirable for automated testing. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 7 11:37:37 2019 +0200 gnutls-cli-debug: check if %ALLOW_SMALL_RECORDS is required This adds a new test against the server to check if %ALLOW_SMALL_RECORDS is required to continue communicating with the server. The test is in two parts: one to check if the server accepts records with the default size (512 bytes) and the other is to check if %ALLOW_SMALL_RECORDS helps if the previuos test fails. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jun 19 14:36:31 2019 +0200 gnutls-serv: add --recordsize option This adds a means to set maximum record size to receive. If the size is less than our default (< 512), --priority with %ALLOW_SMALL_RECORDS also needs to be specified. Signed-off-by: Daiki Ueno Author: Karsten Ohme Date: Wed Jun 19 07:51:16 2019 +0200 Corrected call for updating ABI files Signed-off-by: Karsten Ohme Author: Nikos Mavrogiannopoulos Date: Sun Jun 16 14:08:54 2019 +0200 doc: updated p11-kit links [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sat Jun 15 11:38:46 2019 +0200 CONTRIBUTING.md: Fix syntax error [ci skip] Signed-off-by: Andreas Metzler Author: Ludovic Courtès Date: Wed Jun 12 11:37:39 2019 +0200 guile: Add support for post-handshake reauthentication. * guile/modules/gnutls/build/enums.scm (%connection-flag-enum): New variable. (%gnutls-enums): Add it. * guile/modules/gnutls.in: Export 'reauthenticate', 'connection-flag->string', and all the 'connection-flag/' bindings. * guile/src/core.c (scm_gnutls_make_session): Add rest arguments FLAGS and honor it. (scm_gnutls_reauthenticate): New function. * guile/tests/reauth.scm: New file. * guile/Makefile.am (TESTS): Add it. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Wed Jun 12 11:32:19 2019 +0200 guile: Loop or poll upon GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED. * guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Loop while 'gnutls_record_recv' returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. (read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise, and return -1 if SCM_GNUTLS_SESSION_TRANSPORT_IS_FD and we got GNUTLS_E_AGAIN. (session_record_port_fd) [!USING_GUILE_BEFORE_2_2]: New function. (scm_init_gnutls_session_record_port_type) [!USING_GUILE_BEFORE_2_2]: Call 'scm_set_port_read_wait_fd'. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Fri Jun 7 11:06:18 2019 +0200 guile: Add bindings for 'gnutls_error_is_fatal'. * guile/src/errors.c (scm_gnutls_fatal_error_p): New function. * guile/modules/gnutls.in: Export 'fatal-error?'. * guile/tests/errors.scm: test 'fatal-error?'. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Fri Jun 7 10:34:42 2019 +0200 guile: Update list of error values. * guile/modules/gnutls/build/enums.scm (%error-enum): Update list of error constants. * guile/modules/gnutls.in (gnutls): Adjust exports accordingly. Signed-off-by: Ludovic Courtès Author: Daiki Ueno Date: Wed Jun 12 14:02:05 2019 +0200 fips: run selftests over overridden AES-CBC algorithm Previously, we only tested nettle's AES-CBC in _gnutls_fips_perform_self_checks1(), which is called before the implementation is overridden. This adds an AES-CBC self-test in _gnutls_fips_perform_self_checks2() so it can test the actual implementation. Signed-off-by: Daiki Ueno Author: Ludovic Courtès Date: Thu Jun 6 18:30:28 2019 +0200 guile: Deprecate OpenPGP bindings. * guile/modules/gnutls.in (define-deprecated): New macro. Use it for all the *openpgp* bindings. * guile/src/core.c: Rename *openpgp* bindings with a '%' prefix. Signed-off-by: Ludovic Courtès Author: Nikos Mavrogiannopoulos Date: Mon Jun 10 22:12:09 2019 +0200 gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag Previously this flag was ignored, although documented not to. This patch also enables the tests sign-verify-newapi and sign-verify-data-newapi which were supposed to test this interface, but were never enabled. This was caught by Andreas Metzler. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 30 13:49:22 2019 +0200 tests: removed debugging output from GETPORT Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 8 19:19:03 2019 +0200 .gitlab-ci.yml: include top log files in all build failures [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Ludovic Courtès Date: Fri Jun 7 10:16:02 2019 +0200 guile: Remove unbounded uses of 'alloca'. * guile/src/core.c (ALLOCA_MAX_SIZE, FAST_ALLOC): New macros. (set_certificate_file): (scm_gnutls_set_certificate_credentials_x509_key_files_x) (scm_gnutls_set_srp_server_credentials_files_x) (scm_gnutls_set_srp_client_credentials_x) (scm_gnutls_srp_base64_encode, scm_gnutls_srp_base64_decode) (scm_gnutls_set_psk_server_credentials_file_x) (scm_gnutls_pkcs8_import_x509_private_key) (scm_gnutls_x509_certificate_matches_hostname_p) (scm_gnutls_import_openpgp_private_key): Use 'FAST_ALLOC' instead of 'alloca'. * guile/src/utils.c: Remove unneeded include. Signed-off-by: Ludovic Courtès Author: Ludovic Courtès Date: Fri Jun 7 10:11:12 2019 +0200 guile: Always provide 'scm_gc_malloc_pointerless'. * guile/src/core.c (scm_gc_malloc_pointerless) [!HAVE_SCM_GC_MALLOC_POINTERLESS]: New macro. (make_session_record_port): Remove #ifdef HAVE_SCM_GC_MALLOC_POINTERLESS. Signed-off-by: Ludovic Courtès Author: Daiki Ueno Date: Wed Jun 5 16:48:39 2019 +0200 tls13/key_update: ignore multiple key updates instead of error This fixes the multiple KeyUpdate messages handling in commit 65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is sent even if the limit doesn't exceed. Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Mon Jun 3 21:53:05 2019 +0200 Prefix gcc attributes with 'attr_' Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Mon Jun 3 13:26:18 2019 +0200 gnutls_prf_early: corrected Since version [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Sun Jun 2 12:42:16 2019 +0200 Fix warn_unused_result for clang < 4 Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sat Jun 1 16:18:50 2019 +0200 .gitlab-ci.yml: switched fedora to latest version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 30 14:42:52 2019 +0200 Makefile.am: do not create files when it shouldn't If a pdf or html file is not distributed, previously `make dist` would create a file called '*.pdf' which did not make sense. This addresses this problem. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 25 21:17:27 2019 +0200 Do not regenerate autogen files if --enable-local-libopts is given This addresses issue on installed systems which have autogen but use --enable-local-libopts. In these systems if the installed autogen would not match the local libopts library version compilation would fail because the auto-generated files depend on the corresponding to autogen version libopts internals. Resolves: #772 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 27 15:16:52 2019 +0200 Remove malloc from gnutls_srp_set_server_fake_salt_seed() Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Mon May 20 12:49:51 2019 +0200 gnutls_session_set_data(): Check for allocation error Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon May 20 12:46:54 2019 +0200 _gnutls_set_[str]datum: Cleanup, add function attributes _gnutls_set_datum(): Do not change output 'dat' on error _gnutls_set_strdatum: Likewise, cleanup code Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue May 21 11:17:39 2019 +0200 Add nonnull, nonnull_all and warn_unusd_result attributes in lib/gnutls_int.h Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Tue May 28 07:05:46 2019 +0200 doc: do not distribute pdf files It compicates the 'make dist' phase and does not add much value as the files are available from the web site. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 28 06:45:56 2019 +0200 released 3.6.8 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 27 22:34:42 2019 +0200 minor updates in the latex version of the manual [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 27 21:29:44 2019 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun May 26 21:35:19 2019 +0200 RELEASES.md: document the releases policy [ci skip] This adds a file to document the policy on releases based on the discussions taken place in the last face to face meeting. https://gitlab.com/gnutls/gnutls/wikis/face2face-meeting-fosdem2019 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 24 12:59:13 2019 +0200 .gitlab-ci.yml: ensure that the LIBS variable is empty after a configure run We do not use this variable as it is global and applies to all of tests, applications and library, and when it is set it is usually due to bugs in configure.ac. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 23 21:20:49 2019 +0200 Do not add libraries in the global LIBS in configure This ensures that libraries are linked with the programs requiring them. Resolves: #735 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 23 11:41:45 2019 +0200 bumped version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 24 05:46:18 2019 +0200 tests: prf-early fixes the global version This allows having fixed data in the hello message involved. That required exposing the variable holding the global gnutls version number for testing. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 23 21:32:58 2019 +0200 certtool: corrected typo in manual [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 23 21:11:58 2019 +0200 Revert "bumped version" In order to make the CI functional again. The version number update seems to conflict with tests/tls13/prf-early.sh This reverts commit d34d93b8713cf10235ce7016fd69b6932b0752c0. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 23 15:29:23 2019 +0200 tests: prf-early.sh: use the static flag of datefudge This eliminates unexpected failures of the test in slower systems. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 23 15:41:19 2019 +0200 tlsfuzzer: reverted accidental move to incorrect version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 23 11:44:12 2019 +0200 NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 23 11:41:45 2019 +0200 bumped version Signed-off-by: Nikos Mavrogiannopoulos Author: Simo Sorce Date: Wed May 22 15:08:45 2019 -0400 Pass down Q for FFDHE in al pre TLS1.3 as well Signed-off-by: Simo Sorce Author: Simo Sorce Date: Tue May 21 09:40:01 2019 -0400 Check Q for FFDHE primes in prime-check These are mersenne primes so q = (p - 1) / 2 We check that p = (q * 2) + 1 Signed-off-by: Simo Sorce Author: Simo Sorce Date: Mon May 20 17:13:12 2019 -0400 Always pass in and check Q in TLS 1.3 In FIPS mode do an extra check that we did have Q, but it is always passed into the tls13 derive function from the callers. Signed-off-by: Simo Sorce Author: Simo Sorce Date: Fri May 17 14:05:37 2019 -0400 Add plumbing to handle Q parameter in DH exchanges Signed-off-by: Simo Sorce Author: Simo Sorce Date: Tue May 14 18:38:33 2019 -0400 Add test to ensure ECDH exchange behaves correctly This test ensures that public keys are properly tested for validity before a ECDH exchange is computed. Signed-off-by: Simo Sorce Author: Simo Sorce Date: Fri May 10 14:49:05 2019 -0400 Add test to ensure DH exchange behaves correctly This test ensures that public keys are properly tested for validity before a DH exchange is computed. Signed-off-by: Simo Sorce Author: Simo Sorce Date: Fri May 3 12:32:56 2019 -0400 Add Full Public Key Check for DH This is for NIST SP800-56A requirements and FIPS CAVS testing. GnuTLS never passes in a non-empty Q for normal operations, but tests will and if Q is passed in it needs to be checked. Signed-off-by: Simo Sorce Author: Simo Sorce Date: Wed May 1 10:57:51 2019 -0400 Fix Copy&Paste error Signed-off-by: Simo Sorce Author: Daiki Ueno Date: Wed May 22 10:39:27 2019 +0200 tls13/key_update: increase handling limit from 1 to 8 The limit was too small when testing the capability of handling multiple KeyUpdate messages with tlsfuzzer. This requires a change in the rate limit logic, as previously it doesn't count the KeyUpdate messages despite the name of KEY_UPDATES_PER_SEC. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed May 22 11:51:57 2019 +0200 tlsfuzzer: use %ALLOW_SMALL_RECORDS for testing Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed May 22 11:16:03 2019 +0200 priority: add new option to allow small records (>= 64) There is a mismatch in the lower limit of record sizes in RFC 8449 (64) and our default (512). If the server advertises a smaller limit than our default, the client has no way to keep communicating with the server. This patch adds a new priority string option %ALLOW_SMALL_RECORDS to set the limit to 64. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue May 21 08:32:21 2019 +0200 record_add_to_buffers: check if there is an incomplete handshake header The function checks if a Handshake message is interleaved with an Application Data, but the check was insuffient because it assumed that a complete header is received in the buffer. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri May 17 11:51:00 2019 +0200 algorithms: eliminate the FFDHE alert desc requirement This implements the errata for RFC 7919 eliminating the requirement to reply with an insufficient_security alert when we have negotiated an FFDHE group, but cannot find common ciphersuite: https://www.rfc-editor.org/errata/eid4908 Signed-off-by: Daiki Ueno Author: Aleksei Nikiforov Date: Fri May 17 14:44:06 2019 +0300 Mark second argument of function gnutls_x509_crt_equals2 as const This will allow using this function with certificates returned by function gnutls_certificate_get_peers without casts dropping const qualifier or making temporary copies out of retrieved data. Signed-off-by: Aleksei Nikiforov Author: Nikos Mavrogiannopoulos Date: Tue May 21 08:22:08 2019 +0200 tests: verify functionality of GNUTLS_VERIFY_DISABLE_CA_SIGN flag Signed-off-by: Nikos Mavrogiannopoulos Author: Kenneth J. Miller Date: Mon Apr 15 17:56:13 2019 +0200 pubkey: remove deprecated TLS1_RSA flag check The gnutls_certificate_verify_flags comparisons against OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA. Resolves: #754 Signed-off-by: Kenneth J. Miller Author: Nikos Mavrogiannopoulos Date: Tue May 21 05:54:35 2019 +0200 x509.h: corrected typo in newly introduced definition Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 20 21:34:30 2019 +0200 x509.h: removed stray '%' Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 20 16:13:12 2019 +0200 certtool: CA certificates will contain the digital signature key usage flag This change ensures that all certificates will contain the digital signature key usage flag if that's specified in the template. Resolves: #767 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 20 14:40:31 2019 +0200 Added profile to correspond to the future security parameter It seems that the FUTURE security level parameter was added without a corresponding verification profile. This patch address the issue by introducing it. Resolves: #770 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 20 15:47:41 2019 +0200 tests: added unit tests of utc and generalTime convertor Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Mon Apr 29 19:03:55 2019 +0200 server auth: disable TLS 1.3 if no signature algorithm is usable This is a server side counterpart of 005a4d04145707daad9588acedfdb5f6cd97c80c. Instead of signalling an error when no algorithm is usable in TLS 1.3, it downgrades the session to TLS 1.2 with a warning. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sat May 18 21:13:10 2019 +0200 algorithms/secparams.c: fixed indentation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 20 14:34:56 2019 +0200 gnutls-serv: GERR macro will output in stderr Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Mon May 20 11:10:11 2019 +0200 Apply STD3 ASCII rules in gnutls_idna_map() Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri May 10 11:42:46 2019 +0200 Fix _Thread_local for C99 installed in C11 environments Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri May 10 11:27:32 2019 +0200 Remove redundant typedef of Tspi_Context_GetTpmObject_func() Gcc 4.4 errors out on this. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed May 15 09:47:24 2019 +0200 Update gnulib for gcc-9 manywarnings Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Tue May 14 21:39:46 2019 +0200 Check all memory allocation in examples and certtool Resolves: #739 Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu Apr 25 17:08:43 2019 +0200 ext/record_size_limit: distinguish sending and receiving limits The previous behavior was that both sending and receiving limits are negotiated to be the same value. It was problematic when: - client sends a record_size_limit with a large value in CH - server sends a record_size_limit with a smaller value in EE - client updates the limit for both sending and receiving, upon receiving EE - server sends a Certificate message larger than the limit With this patch, each peer maintains the sending / receiving limits separately so not to confuse with the contradicting settings. Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Tue May 7 14:49:05 2019 +0300 lib/nettle: fix carry flag in Streebog code Fix carry flag being calculated incorrectly in Streebog code. Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Fri May 10 13:31:23 2019 +0200 Fix endless looping GETPORT in tests/scripts/common.sh Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Fri May 10 06:30:12 2019 +0200 _gnutls_srp_entry_free: follow consistent behavior in freeing data _gnutls_srp_entry_free would previously not free any parameters that were known to gnutls to account for documented behavior of gnutls_srp_set_server_credentials_function(). This was not updated when the newly added 8192 parameter was added to the library. This introduces a safety check for generator parameters, even though in practice they are the same pointer. Resolves: #761 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 8 22:08:18 2019 +0200 dane.h: added multiple inclusion header guard Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 8 21:52:54 2019 +0200 tools: suppress ctime() error from static analysers This function is not thread safe and can be easily misused even in single threaded scenarios (one such minor bug fixed). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 8 22:05:10 2019 +0200 accelerated: added header guards Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Sun Apr 28 11:11:23 2019 +0200 Add or clean header guards in lib/includes/gnutls/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed May 1 20:33:28 2019 +0200 Add or clean header guards in lib/nettle Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Apr 28 12:22:59 2019 +0200 Add or clean header guards in tests/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Apr 28 12:19:01 2019 +0200 Add or clean header guards in src/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Apr 28 12:11:13 2019 +0200 Add or clean header guards in lib/x509/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Apr 28 12:08:27 2019 +0200 Add or clean header guards in lib/tls13/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Apr 28 12:05:32 2019 +0200 Add or clean header guards in lib/extras/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Apr 28 12:03:07 2019 +0200 Add or clean header guards in lib/ext/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Apr 28 11:55:37 2019 +0200 Add or clean header guards in lib/auth/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Mar 14 21:21:50 2019 +0100 Add or clean header guards in lib/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Apr 24 21:21:12 2019 +0200 Add 'Header guards' section in CONTRIBUTING.md Signed-off-by: Tim Rühsen Author: Daniel Schaefer Date: Sun May 5 14:35:02 2019 +0200 guile: Properly format guile configure options Without the square brackets autoconf turns hyphens into underscores, which is not what we want or what the help says. Signed-off-by: Daniel Schaefer Author: Nikos Mavrogiannopoulos Date: Fri May 3 19:10:03 2019 +0200 gnutls_sign_list: document the non-thread-safeness Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Tue Apr 30 14:42:51 2019 +0200 crypto: add private API to retrieve internal IV For FIPS validation purposes, this adds a new function _gnutls_cipher_get_iv() that exposes internal IV after encryption and decryption. The function is not generally useful because the IV value can be easily calculated from the initial IV and the subsequent ciphertext but for FIPS validation purposes. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Apr 29 13:15:33 2019 +0200 abi-check: supply --hd2 to abi-check-latest target To suppress changes in internal structures. Suggested by Nikos Mavrogiannopoulos. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sat Apr 20 18:46:23 2019 +0200 certtool: refuse to accept an incompatible key type Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 15 14:32:55 2019 +0200 certtool: generate RSA-PSS certificates from RSA keys When generating certificates it was not possible to generate an RSA-PSS certificate from an RSA key (common scenario). This fixes the certificate generation to include such a method. Ironically there was a test for this scenario but the test was limited to checking that the combination of certtool parameters succeeded; modified the test to check the textual expression of the certificate for the RSA-PSS indicators. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Fri Apr 19 22:04:24 2019 +0200 tls13/session_ticket: use the same ticket_age_add regardless of endianness Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 19 16:59:31 2019 +0200 tls13/session_ticket: avoid UB regarding 64-bit time encoding On 32-bit platform, struct timespec.tv_sec can be signed 32-bit and thus right shifting 32 could be an undefined behavior. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Apr 19 08:12:56 2019 +0200 tests: make datefudge check robuster When checking datefudge availability under cross-compiling environment with a binfmt wrapper, it is not sufficient to check against the host executable. This instead uses a test executable compiled for the target architecture. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 11 14:35:32 2019 +0200 serv, cli: add --keymatexport option This adds --keymatexport and --keymatexportsize options to both gnutls-serv and gnutls-cli. Those would be useful for testing interoperability with other implementations. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 11 12:11:00 2019 +0200 prf: add function to retrieve early keying material This adds a new function gnutls_prf_early, which shall be called in a handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO. The test needs to be run in a datefudge wrapper as the early secrets depend on the current time (through PSK). Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 11 12:07:00 2019 +0200 handshake: generate early exporter secret Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 11 12:00:46 2019 +0200 handshake: move early secrets calculation to pre_shared_key TLS 1.3 Early Secret and the derived keys are calculated upon a PSK being selected, thus the code fits better in ext/pre_shared_key.c. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 11 12:10:00 2019 +0200 tests/tls13/prf: check if the exported material matches on server Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 11 11:23:26 2019 +0200 prf: centrally define "exporter" label in handshake.h Signed-off-by: Daiki Ueno Author: Andreas Metzler Date: Thu Apr 18 18:43:30 2019 +0200 doc: Add documentation for GNUTLS_CERT_IGNORE Signed-off-by: Andreas Metzler Author: Daiki Ueno Date: Tue Apr 16 14:27:10 2019 +0200 p11tool: copy vendor query attributes when listing privkeys When listing private keys on a specified token, "pin-value" is ignored and the tool looks for GNUTLS_PIN, because it internally strips out vendor query attributes from the original URL. This also replaces the global uses of GNUTLS_PIN envvar in testpkcs11.sh to check the case where the envvar is not in effect. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sun Apr 7 13:22:21 2019 +0200 abi-check: simplify ABI comparison using libabigail tools These have output ABI format compatibility and that means we can take snapshots to test ABI against. We also hard-code explicitly the SONAME version to ensure no accidental SONAME bumps happen. This patch also moves symbols.last in the devel/ subdirectory and no internal files are shipped. Relates: #292 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 7 18:29:02 2019 +0200 .gitignore: ignore tests/libpkcs11mock2.la Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 7 14:30:30 2019 +0200 gnutls.h: re-define GNUTLS_CRT_RAWPK This was available before 3.6.4, and was incorrectly removed. It was found using libabigail tools. Signed-off-by: Nikos Mavrogiannopoulos Author: Bernhard M. Wiedemann Date: Sun Apr 14 16:53:52 2019 +0200 Extend test cert to 2049-05-27 instead of expiring in 2024-02-29 This update did not trigger y2038 bugs on 32-bit systems. Without this patch, one test fails after 2024: doit:124: rsa pss key: gnutls_x509_crt_verify_data2 | FAIL x509sign-verify (exit status: 1) Signed-off-by: Bernhard M. Wiedemann Author: Andreas Metzler Date: Sun Apr 14 15:25:31 2019 +0000 Fix link error with gcc-9 Use LDADD instead of LDFLAGS to link test cipher-openssl-compat against libcrypto. This fixes a build error with gcc9 which passes the linker option --as-needed by default. Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Sun Apr 14 16:15:23 2019 +0200 doc: mark TLS1.2 functions as such [ci skip] gnutls_cipher_suite_get_name and gnutls_session_get_master_secret are marked as TLS1.2 or earlier-only as they cannot be used with TLS 1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 13 08:37:50 2019 +0200 gnutlsxx.h: removed fixme comments [ci skip] They served no purpose. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 13 08:33:57 2019 +0200 gnutls-cli: renamed global variable name That is because the same variable name is used by local variables as well. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Thu Apr 11 09:46:21 2019 +0200 Fix WIN32 custom push/pull functions Signed-off-by: Tim Rühsen Reported-by: J. Ali Harlow (@j_ali on Gitlab.com) Author: Daiki Ueno Date: Tue Apr 9 18:20:15 2019 +0200 tests: fix race condition in tls13/post-handshake-with-cert-pkcs11 The test had a strange setup of server/client processes: the server runs in a child process and the client runs in a parent process. The intention behind this was to detect softhsm availability in the parent process and exit with 77 if missing. However, there was a potential race when the server exits and proceeds to the next call of start(). This fixes the process setup and moves the softhsm detection at the program startup. Signed-off-by: Daiki Ueno Author: Alon Bar-Lev Date: Tue Apr 9 19:01:46 2019 +0300 build: rename guile variables to match upstream names Reduce confusion between the upstream terms and the gnutls terms. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Wed Apr 3 18:42:26 2019 +0300 build: allow override guile system location guile has three settings acquired from system: * GUILE_SITE * GUILE_SITE_CCACHE * GUILE_EXTENSION The =guile-2.2 m4 macro provides all settings for build to use as default, while allowing to override each. Resolves: #748 Signed-off-by: Alon Bar-Lev Author: Marius Bakke Date: Tue Apr 9 14:17:09 2019 +0200 Makefile.am: Don't assume autoopts-config returns a single dash. On distributions such as Nix or Guix, `autoopts-config libsrc` may return something along the lines of "/gnu/store/...-autogen-5.18.16/share/autogen/libopts-42.1.17.tar.gz". * Makefile.am (libopts-check): Print only the last field from autoopts-config output. Signed-off-by: Marius Bakke Author: Tim Rühsen Date: Tue Apr 9 12:19:00 2019 +0200 Pass CI commit check if branches are 'even' Signed-off-by: Tim Rühsen Author: Alon Bar-Lev Date: Mon Apr 8 20:34:24 2019 +0300 tests: cert-tests: crl: cleanup files Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Tue Apr 9 07:59:53 2019 +0300 ci: refresh the cache due to failures in debian Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Sun Apr 7 13:03:20 2019 +0200 CONTRIBUTING.md: document unit testing method of internal functions [ci skip] Resolves: #749 Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu Apr 4 16:51:28 2019 +0200 tests: add post-handshake auth test using PKCS#11 token This adds a test that exercise the client's auth rejection logic, using the RSA-PSS disabled PKCS #11 token. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Apr 4 16:40:11 2019 +0200 tests: add mock PKCS#11 module disabling RSA-PSS This adds libpkcs11mock2.so, which wraps SoftHSM but filters out the use of the CKM_RSA_PKCS_PSS mechanism. That way we can simulate the situation where the certificate is RSA while the private key cannot be used for RSA-PSS. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sat Apr 6 08:34:43 2019 +0200 nettle: include config.h before checking for definitions This makes sure that we don't include the internal backport if compiled with a version of nettle that includes that code. We also exclude nettle/backport from the static analyzer's list as it contains files outside our control (from nettle project). Signed-off-by: Nikos Mavrogiannopoulos Author: Maciej S. Szmigiero Date: Thu Mar 28 23:04:13 2019 +0100 gnutls_memset(): calling explicit_bzero() is enough to zero-fill a buffer If we use explicit_bzero() to zero-fill a buffer in gnutls_memset() we don't need to zero it again via a volatile trick later in this function. Signed-off-by: Maciej S. Szmigiero Author: Elta Koepp Date: Fri Apr 5 10:04:12 2019 -0400 [OSCP] Fix : null pointer resp Signed-off-by: Elta Koepp Author: Daiki Ueno Date: Thu Apr 4 17:01:24 2019 +0200 cert auth: reject auth if no signature algorithm is usable in TLS 1.3 Previously, when there is no overlap between usable signature algorithms and the "signature_algorithms" extension in Certificate Request, the client failed in sending Certificate Verify, followed by a connection close. In TLS 1.3, it is possible to keep the connection but reject the authentication by not sending Certificate Verify. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Apr 1 14:14:12 2019 +0200 handshake: remove unnecessary HSK_CRT_SENT flag Previously, while the flag HSK_CRT_SENT was checked in _gnutls13_send_certificate_verify, the flag was never set anywhere. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Wed Apr 3 11:59:37 2019 +0200 .gitlab-ci.yml: do not run commit-check on master branch That is, because there are no diffs to check. Signed-off-by: Nikos Mavrogiannopoulos Author: Simo Sorce Date: Fri Mar 29 14:01:14 2019 -0400 Fix check_if_signed Fix the target branch we check against by adding upstream as remote. Drop the use of set -e as this causes the shell to immediately exit on errors instead of allowing the code to check the failure and report what it faled about. Also print which commits are being checked and what information was found so that a CI failure can be better diagnosed. Signed-off-by: Simo Sorce Author: Nikos Mavrogiannopoulos Date: Sat Mar 30 05:37:02 2019 +0100 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Simo Sorce Date: Fri Oct 19 15:53:27 2018 -0400 Vendor in XTS functionality from Nettle If nettle's XTS is not available, use a vendored in version from master. This is necessary as long as we need to link against 3.4 for ABI compatibility reasons. Signed-off-by: Simo Sorce Author: Nikos Mavrogiannopoulos Date: Fri Mar 29 06:08:06 2019 +0100 fuzz: improvements in gnutls_x509_verify_fuzzer [ci skip] Added a larger set of corpus (generated with afl-fuzz), and made sure that the fuzzer application crashes if verification succeeds. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Thu Mar 28 10:41:13 2019 +0100 Let check_if_signed fail if git fails Signed-off-by: Tim Rühsen Author: Elta Koepp Date: Wed Mar 27 13:38:50 2019 +0000 Update ocsptool-common.c Author: Elta Koepp Date: Wed Mar 27 12:55:55 2019 +0000 Detect malloc failure. malloc(data.size + 1) maybe returns NULL on failure. Author: Nikos Mavrogiannopoulos Date: Wed Mar 27 07:21:31 2019 +0100 released 3.6.7 Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Mon Mar 25 16:06:39 2019 +0100 handshake: add missing initialization of local variable Resolves: #704 Signed-off-by: Daiki Ueno Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 25 15:47:51 2019 +0100 fuzz: added fuzzer for certificate verification This also adds a reproducer for CVE-2019-3829. Resolves: #694 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 26 16:11:42 2019 +0100 bumped version Signed-off-by: Nikos Mavrogiannopoulos Author: Anderson Toshiyuki Sasaki Date: Tue Mar 26 11:05:06 2019 +0100 fips140: Perform SHA-3 self tests It is required to perform the self tests to validate SHA-3 implementation. Signed-off-by: Anderson Toshiyuki Sasaki Author: Nikos Mavrogiannopoulos Date: Sun Mar 24 08:37:05 2019 +0100 tools: removed unused code Signed-off-by: Nikos Mavrogiannopoulos Author: Ke Zhao Date: Thu Mar 21 11:27:24 2019 -0400 gnutls-cli: Fix output with option "--logfile" The X.509 connection would still print informational message to the stdout by default. Move that output to logfile and add x509 functionality test in the test suite. Signed-off-by: Ke Zhao Author: Alon Bar-Lev Date: Sat Mar 23 00:38:17 2019 +0200 configure.ac: remove --with-guile-site-dir The hack of distcheck is not known and should not be the default as the GUILE_SITE_DIR macro is the default expected behavior. There is little value in specifying any other location of the site-dir as it is out of the guile configuration so best to remove. Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Wed Mar 20 11:40:15 2019 +0100 _x509_en/decode_provable_seed: clarified purpose of functions [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 1 11:15:47 2019 +0100 handshake: increase the default number of tickets we send to 2 This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. That's because 2 tickets allow for 2 new connections (if one is using each ticket once as recommended), which in turn lead to 4 new and so on. Resolves: #596 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 23 21:02:56 2019 +0100 Improved estimation of wait in gnutls_session_get_data2 Previously we would wait an arbitrary value of 50ms for the server to send session tickets. This change makes the client wait for the estimated single trip time + 60 ms for the server to calculate the session tickets. This improves the chance to obtain tickets from internet servers during the call of gnutls_session_get_data2(). Resolves: #706 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 16 19:59:07 2019 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Ke Zhao Date: Wed Mar 6 13:23:24 2019 -0500 gnutls-cli: Add option "--logfile" to redirect information message output First, add an option "--logfile" so user could choose a specific file to store all the informational messages. In some cases, informational messages may cause unexpected result if the output is standard output. With this option, user could redirect these messages to a specific file. This will be helpful in testing and tracking. Second, replace printf() function with log_msg() function This log_msg() function is used when "--logfile" is enabled. Third, add a functionality test for "--logfile" option Add a test script to test if "--logfile" option works as it should be. Signed-off-by: Ke Zhao Author: Nikos Mavrogiannopoulos Date: Fri Mar 15 17:00:17 2019 +0100 Removed all FIXME comments in code [ci skip] We expand informational comments on limitations, but with removing FIXME (keyword didn't help fixing these), and remove completely unhelpful comments, obsolete ones, or comments about ideas. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 13 15:14:37 2019 +0100 pkcs11: security officer login implies writable session According to the PKCS#11 v2.30, 6.7.1 there are no read-only Security Officer sessions. Resolves: #721 Signed-off-by: Nikos Mavrogiannopoulos Author: Steve Lhomme Date: Wed Mar 13 14:54:28 2019 +0000 inet_ntop is available in Windows but not via arpa/inet.h It's found in ws2tcpip.h which is already included in gnutls_int.h arpa/inet.h doesn't exist on Windows, so add arpa_inet to the list of headers replaced by gnulib if not found. Signed-off-by: Steve Lhomme Author: Tim Rühsen Date: Thu Mar 7 10:16:46 2019 +0100 Update the GNU Free Documentation License (FDL) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Feb 25 10:36:36 2019 +0100 Fix URL of ABI compliance checker Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Feb 25 10:32:24 2019 +0100 Fix URLs of p11-kit Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Feb 5 17:00:41 2019 +0100 Use https:// in lib/, src/, and m4/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Feb 5 16:56:08 2019 +0100 Use https:// for arbitrary files #1 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Feb 5 16:44:37 2019 +0100 Use https:// for www.iana.org Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Feb 5 16:25:25 2019 +0100 Use https:// for csrc.nist.gov Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Feb 5 16:22:43 2019 +0100 Use https:// for www.gnu.org and www.example.com Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Wed Mar 13 09:03:39 2019 +0100 .gitlab-ci.yml: updated cache key name Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 10 13:59:32 2019 +0100 tests: verify that 'certtool -i --outder' does not output text A common regression in the past, was certtool outputting text while writing raw DER data. Ensure that the certificate-info option does not regress. Resolves: #627 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 9 21:50:46 2019 +0100 SECURITY.md: updated to reflect the current practice [ci skip] This change updates the SECURITY guidelines to reflect the current practice (no special security releases), and thus refer directly to the upcoming or following release. Furthermore, it removes any mention of absolute time, as the release cadence is already fixed to bi-monthly. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 9 21:14:39 2019 +0100 doc: removed cyclo subdir This directory had a makefile which was intended to calculate the cyclomatic complexity, however that was not functional, and not related with gnutls' documentation. Resolves: #727 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 8 20:17:49 2019 +0100 NEWS: fix NEWS entries [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Mon Mar 4 17:17:47 2019 +0100 tls13/certificate: utilize "certificate_required" alert This could make errors more distinguishable when the client sends no certificates or a bad certificate. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Feb 27 18:38:09 2019 +0100 alert: recognize "certificate_required" This may be sent if the server received an empty Certificate message. Signed-off-by: Daiki Ueno Author: Anderson Toshiyuki Sasaki Date: Fri Jan 18 13:17:46 2019 +0100 .gitlab-ci.yml: Test FIPS HMAC self-test This enables the integrity self-tests in FIPS140 test build. Signed-off-by: Anderson Toshiyuki Sasaki Author: Anderson Toshiyuki Sasaki Date: Fri Jan 11 11:23:21 2019 +0100 fips140: Ignore newlines read at the end of HMAC file This makes the integrity check to ignore newlines appended after the HMAC value. Signed-off-by: Anderson Toshiyuki Sasaki Author: Anderson Toshiyuki Sasaki Date: Thu Jan 10 14:04:02 2019 +0100 fips140: Fix the names of files used in integrity checks The names of the libraries haven't been updated when the soname version were bumped. Signed-off-by: Anderson Toshiyuki Sasaki Author: Bas van Schaik Date: Thu Feb 28 22:15:26 2019 +0000 Create .lgtm.yml for LGTM.com C/C++ analysis Signed-off-by: Bas van Schaik Author: Nikos Mavrogiannopoulos Date: Mon Feb 25 14:41:24 2019 +0100 .gitlab-ci.yml: added thread sanitizer run This checks for unsafe uses of variables in our included threaded tests. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 25 14:35:16 2019 +0100 Protected _gnutls_epoch_get from _gnutls_epoch_gc on false start Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 25 15:11:19 2019 +0100 gnutls_record_send2: try to ensure integrity of operations on false and early start This adds a double check in the sanity check of gnutls_record_send2() for the initial_negotiation_completed value, making sure that the check will be successful even in parallel operation of send/recv. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 24 21:13:27 2019 +0100 mini-dtls-pthread: renamed and fixed several shortcomings Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 24 00:19:21 2019 +0100 Make false start and early start multi-thread recv/send safe An application that is sending and receiving from different threads after handshake is complete cannot take advantage of false start because gnutls_record_send2() detects operations during the handshake process as invalid. Because in early start and false start the remaining handshake process needs only to receive data, and the sending side is already set-up, this error detection is bogus. With this patch we remove it. Resolves: #713 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 23 18:57:09 2019 +0100 doc: added more information on operation under multiple threads Relates: #713 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Fri Mar 1 20:13:38 2019 +0100 Update ./bootstrap from latest gnulib Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Wed Feb 27 10:01:47 2019 +0100 Clarifications on AEAD ciphers Relates: #716 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 27 09:29:04 2019 +0100 Improve documentation for gnutls_cipher_get_iv_size This clarifies what is returned and what is to be expected on algorithms with variable IV sizes. Resolves: #717 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 26 15:42:01 2019 +0100 pkcs11: clarify GNUTLS_PKCS11_TOKEN_MODNAME presence [ci skip] Resolves: #633 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 26 15:21:48 2019 +0100 cppcheck: suppress warning on nettle code [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sat Feb 23 18:43:49 2019 +0100 gnutls-cli: fix --benchmark-ciphers type overflow Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Sat Feb 23 21:19:06 2019 +0100 _gnutls_recv_handshake: added explicit sanity checks Although, this function acts on the message provided as expected and thus it should never call a message parsing function on unexpected messages, we make a more explicit sanity check. This unifies the sanity checks existing within the involved functions. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Feb 12 15:20:23 2019 +0100 gnutls_x509_crt_init: Fix dereference of NULL pointer Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Feb 12 15:14:07 2019 +0100 Remove redundant resets of variables after free() Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Feb 12 15:09:11 2019 +0100 Automatically NULLify after gnutls_free() This method prevents direct use-after-free and double-free issues. Signed-off-by: Tim Rühsen Author: Daiki Ueno Date: Tue Feb 19 13:56:35 2019 +0100 tlsfuzzer: update to the latest upstream for downgrade protection tests Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Feb 9 10:26:56 2019 +0100 ext/supported_versions: regenerate server random This adds a call to _gnutls_gen_server_random() in handling the "supported_versions" extension, so that the TLS 1.3 downgrade sentinel is set only when the earlier versions are selected. Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Tue Feb 5 11:01:20 2019 +0100 Update ax_code_coverage.m4 to latest release of autoconf-archive Signed-off-by: Tim Rühsen Author: Hugo Beauzée-Luyssen Date: Thu Feb 21 14:49:36 2019 +0100 lib: x509: Minor directory browsing simplification Signed-off-by: Hugo Beauzée-Luyssen Author: Hugo Beauzée-Luyssen Date: Mon Feb 18 14:41:56 2019 +0100 Revert "Revert "verify-high2: Fix cert dir iteration on Win32"" This reverts commit 681330882da19099eea360fab141cab937c45677. Signed-off-by: Hugo Beauzée-Luyssen This revert also contains the fix to the original commit (invalid utf8->utf16 conversion) and a minor simplification of the _treaddir loop. Author: Hugo Beauzée-Luyssen Date: Mon Feb 18 17:12:54 2019 +0100 iconv: Allow _gnutls_utf8_to_ucs2 to output little endian Signed-off-by: Hugo Beauzée-Luyssen Author: Hugo Beauzée-Luyssen Date: Mon Feb 18 09:37:04 2019 +0100 lib: Provide _Thread_local on MSVC Signed-off-by: Hugo Beauzée-Luyssen Author: Tim Rühsen Date: Mon Feb 18 21:38:38 2019 +0100 Add test for starttls XMPP Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Feb 6 11:30:06 2019 +0100 gnutls-cli: Fix --starttls-proto=xmpp Fixes two issues with gnutls-cli --starttls-proto=xmpp: 1. Print 'Timeout' on timeout instead of random errno message 2. Do not wait for linefeed when using XMPP (XML) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Feb 18 15:38:56 2019 +0100 check_if_signed: Get source branch if not set Signed-off-by: Tim Rühsen Author: R. Andrew Bailey Date: Thu Feb 14 09:38:33 2019 -0500 tests: wrap ADD_SYSCALL for getrandom in test for SYS_getrandom Signed-off-by: R. Andrew Bailey Author: Daiki Ueno Date: Fri Feb 8 14:46:33 2019 +0100 gnutls_record_set_max_size: make it work on server side The record_size_limit extension can also be specified by the server to indicate the maximum plaintext. Also add test cases for asymmetric settings between server and client. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jan 31 13:39:35 2019 +0100 tlsfuzzer: update to the latest upstream for record_size_limit test Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Feb 8 13:22:13 2019 +0100 ext/record_size_limit: account for content type octet in TLS 1.3 In TLS 1.3, the protocol maximum of plaintext size is 2^14+1, while it is 2^14 in TLS 1.2. To accommodate that, this introduces the following invariant: - when the maximum is set by the user with gnutls_record_set_max_size(), store it as is. The value range is [511, 16834]. - when the maximum is negotiated through record_size_limit extension, it can be [512, 16385]. In TLS 1.3, subtract by 1 to fit in [511, 16384]. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jan 31 16:56:55 2019 +0100 decrypt_packet_tls13: add check for max plaintext size There is check in _gnutls_recv_in_buffers already, but for TLS 1.3 we need to take account of the padding. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 25 17:00:44 2019 +0100 record: reject too large plaintext after decryption Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 30 16:45:08 2019 +0100 constate: reset max_record_recv_size upon renegotiation Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 30 10:21:07 2019 +0100 session_pack: reset max_record_recv_size when packing Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jan 17 11:53:35 2019 +0100 ext/record_size_limit: don't confuse with negotiated/user-supplied maximum As documented in gnutls_int.h, max_record_send_size is for tracking the user-supplied maximum, while max_record_recv_size for the protocol negotiated maximum. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Jan 20 09:18:21 2019 +0100 ext/max_record: server shouldn't send it with record_size_limit Otherwise, the connection will be disconnected by the client, as suggested in RFC: A client MUST treat receipt of both "max_fragment_length" and "record_size_limit" as a fatal error, and it SHOULD generate an "illegal_parameter" alert. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Feb 7 16:28:52 2019 +0100 _gnutls_hello_ext_is_present: don't ignore max_fragment_length The extension is assigned the internal ID 0. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jan 25 17:04:40 2019 +0100 .dir-locals.el: disable indent-tabs-mode in js-mode Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Thu Feb 14 13:01:34 2019 +0100 bootstrap.conf: do not override GNULIB_SRCDIR This was not set in all of our CI platforms, and was causing issues in MacOSX. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 11 09:18:46 2019 +0100 x509: corrected issue in the algorithm parameters comparison Each certificate has two fields to set the signature algorithm and parameters used for the digital signature. One of the fields is authenticated and the other is not. It is required from RFC5280 to enforce the equality of these fields, but currently due to an issue we wouldn't enforce the equality of the parameters fields. This fix corrects the issue. We also move an RSA-PSS certificate in chainverify that was relying on invalid parameters, to this set of invalid certificates. Resolves: #698 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 13 07:54:59 2019 +0000 tests: added further checks for gnutls_pkcs11_token_get_info Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Jan 29 16:10:59 2019 +0100 Fix uninitialized warning in pkcs11.c Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Feb 13 17:22:21 2019 +0100 Cleanup lib/auth/cert.c as suggested by cppcheck Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Feb 11 10:41:47 2019 +0100 Fix 32bit overflow issue in src/serv-args.def Fixing this warning seen on 32bit architectures: serv-args.c: In function 'doOptMaxearlydata': serv-args.c:1431:14: warning: overflow in conversion from 'long long int' to 'long int' changes value from '4294967296' to '0' [-Woverflow] { 1, 4294967296 } }; ^~~~~~~~~~ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Feb 8 13:03:30 2019 +0100 Remove typedef'ing ssize_t in gnutls.h Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Feb 6 20:54:45 2019 +0100 Use inet_pton() from gnulib Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sat Feb 9 10:52:29 2019 +0100 bootstrap: refuse to bootstrap if any dependencies bring gnulib's network stack If gnulib's network stack is brought (due to a dependency) in the library it will make the library unusable to non-gnulib using applications. This prevents windows applications for example to use gnutls, and so on. Even more it is quite hard to catch that issue because our testsuite uses gnulib as well. Instead we try to catch the these modules at import time. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Wed Feb 6 20:35:11 2019 +0100 Use inet_ntop() from gnulib Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sun Feb 3 12:18:30 2019 +0100 _gnutls_gen_rawpk_crt: corrected the use of assert The API could return 0 or 1 matching certificates. The case of zero can only happen in client side. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 3 08:47:50 2019 +0100 raw public keys: apply the key usage bits the same way as X.509 That is, we require a signing certificate when negotiating TLS1.3, or when sending a client certificate (on all cases). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 2 09:13:40 2019 +0100 Fallback to TLS 1.2 when incompatible with signature certs are provided This only takes into account certificates in the credentials structure. If certificates are provided in a callback, these must be checked by the provider. For that we assume that the credentials structure is filled when associated with a session; if not then the fallback mechanism will not work and the handshake will fail. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 2 07:10:10 2019 +0100 Enforce the certificate key usage restrictions on all cases That is, we require a signing certificate when negotiating TLS1.3, or when sending a client certificate (on all cases). Before we would not perform any checks under TLS1.3 or when client certificates are sent, assuming that the certificates used will always be signing ones. However if the user sets up incorrectly a decryption certificate we would use it for signing. This fix makes sure that an error is returned early when these scenarios are detected. Resolves: #690 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Mon Jan 21 12:54:58 2019 +0100 Fetch OSS-Fuzz corpora much faster [skip ci] Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Mon Feb 4 15:10:19 2019 +0100 .triage-policies.yml: added [ci skip] This adds a set of policies regarding issues and merge requests to be enforced by the gitlab-triage bot. That is: - Issues without any label for more than a month are marked with needs attention label - Issues with needinfo label are closed if they are not updated within a month - Merge requests marked as WIP with no update within 5 months are closed. These rules are not enforced automatically; we have to schedule a run of the gitlab-triage bot. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Sat Feb 2 17:47:48 2019 +0300 build: do not generate mech-list.h if p11-kit is not available Compiling GnuTLS with no p11-kit installed will result in a serie of warnings during build time because mech-list.h will be generated even if pkcs11 tool compilation is disabled. Move mech-list.h generation to happen only if pkcs11 is enabled, thus removing these warnings. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Feb 2 17:32:01 2019 +0300 build: pass NETTLE_LIBS together with HOGWEED_LIBS libhogweed might depend on exact non-system-wide nettle, so let's pass NETTLE_LIBS flags together when using HOGWEED_LIBS. Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Sat Jan 26 21:44:28 2019 +0100 Add GNUTLS_E_RECEIVED_DISALLOWED_NAME for illegal SNI names An illegal/disallowed SNI server name previously generated the misleading message "An illegal parameter has been received.". This commit changes it to "A disallowed SNI server name has been received.". Signed-off-by: Tim Rühsen Author: Dmitry Baryshkov Date: Wed Jan 30 21:58:34 2019 +0300 lib/nettle: replace nettle-stdint.h with just stdint.h Nettle library is going to drop nettle-stdint.h. Replace this include with with just . Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Mon Jan 28 15:25:30 2019 +0100 Fix 'make glimport' and update CONTRIBUTING.md Signed-off-by: Tim Rühsen Author: Alon Bar-Lev Date: Sun Jan 27 13:59:56 2019 +0200 .gitignore: add test files Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Sun Jan 27 13:17:35 2019 +0200 build: detect previous supported guile A recent change in the m4 macro of guile enforces latest guile: --- AC_DEFUN([GUILE_PROGS], [_guile_required_version="m4_default([$1], [$GUILE_EFFECTIVE_VERSION])" if test -z "$_guile_required_version"; then _guile_required_version=2.2 fi --- The result: --- checking for guile-snarf... /usr/bin/guile-snarf checking for guild... /usr/bin/guild checking for guile-2.2... no checking for guile2.2... no checking for guile-2... no checking for guile2... no checking for guile... /usr/bin/guile checking for Guile version >= 2.2... configure: error: Guile 2.2 required, but 2.0.14 found --- Probably best to specify the supported version explicitly when calling GUILE_PROGS, to keep existing behavior calling the GUILE_PKG detects the existing packages. Signed-off-by: Alon Bar-Lev Author: Tim Rühsen Date: Fri Jan 25 11:51:56 2019 +0100 Fix unused var warning in guile/src/core.c Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Jan 25 12:26:46 2019 +0100 Fix abi-check failure Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Fri Jan 25 08:32:17 2019 +0100 NEWS: updated Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 25 08:24:21 2019 +0100 src/Makefile.am: remove .bak files before autogenerating This avoids errors due to files pre-existing but not being writable. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 25 08:18:01 2019 +0100 bumped versions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 25 08:13:26 2019 +0100 Makefile.am: require guile-2.2 for release That's because guile.m4 from previous releases has issues with the latest version. Resolves: #631 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 24 20:25:59 2019 +0100 priorities: when %NO_EXTENSIONS is specified disable TLS1.3 This makes the behavior of this priority string option well-defined even when TLS1.3 is enabled. Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Thu Jan 24 18:48:40 2019 +0100 certtool.1: fix formatting Apostroph at start of a line is a control character in manpages, avoid it. Also drop wrong indent. See https://bugs.debian.org/920215 Signed-off-by: Andreas Metzler Author: Daiki Ueno Date: Wed Jan 23 17:52:47 2019 +0100 tlsfuzzer: update to the latest upstream for record_size_limit tests Signed-off-by: Daiki Ueno Author: Dmitry Baryshkov Date: Thu Jan 24 01:57:13 2019 +0300 configure.ac: fix substitution for libatomic Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Wed Jan 23 20:51:11 2019 +0100 .travis.yml: avoid installing submodules They are not necessary for building and testing the basic test suite. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 23 20:42:34 2019 +0100 update on "Fix gnutls.pc for multiarch builds" This replaces LTLIBUNISTRING with LIBUNISTRING in Makefile.am. The former is no longer produced by configure.ac. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Wed Jan 23 15:13:12 2019 +0100 set_ciphersuite_list(): Use linear approach to cleanup priorities Signed-off-by: Tim Rühsen Author: Daiki Ueno Date: Tue Jan 22 15:47:39 2019 +0100 tests: check record_size_limit is reset after resumption Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Jan 19 10:31:52 2019 +0100 constate: don't restore max_record_recv_size from resumed data Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jan 17 17:50:49 2019 +0100 ext/record_size_limit: mark it as mandatory extension In a resuming session record_size_limit is always renegotiated, and thus the server should parse the extension always. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Jan 17 11:52:50 2019 +0100 ext/record_size_limit: reject too large extension payload Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sat Jan 5 14:12:46 2019 +0100 gnutls-serv: improvements in UDP server This modifies the server to deinitialize the session after use (avoiding leaks), and to only send the hello verify request when a client hello is seen. This also adds a basic unit test of gnutls-serv with the --udp option. Resolves #632 Signed-off-by: Nikos Mavrogiannopoulos Author: Fabrice Fontaine Date: Wed Jan 23 13:36:23 2019 +0100 configure.ac: add comment for -latomic Signed-off-by: Fabrice Fontaine Author: Nikos Mavrogiannopoulos Date: Wed Jan 23 08:42:54 2019 +0100 tests: added tests for multiple ticket reception This introduces tests for the reception (parsing) of multiple tickets by a gnutls client. It uses the tlslite-ng server because unlike a gnutls server, tlslite-ng does send multiple tickets in a single record. That way we test that we can parse both ways of sending tickets. Resolves: #511 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Wed Jan 23 11:45:39 2019 +0100 Update gnulib Closes #653 (printf %n crashes on Android) Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Mon Jan 21 20:53:06 2019 +0100 gnutls_alert_send_appropriate: do not send alert to peer on all errors That is, do not send alerts for success, or for errors indicating that an alert has been received. This changes the documented function behavior but does not break any existing caller expectations. Relates: #672 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 21 20:33:00 2019 +0100 gnutls_pkcs11_privkey_import_url: enable RSA-PSS only when an RSA key can sign In gnutls_pkcs11_privkey_import_url() we only enabled RSA-PSS functionality to the key if the CKM_RSA_PKCS_PSS mechanism is available to the token. However, if the specific key is not marked for use with digital signatures (CKA_SIGN set), then we may have still ended-up using it and fail when using it. We now test whether CKA_SIGN is set prior to enabling such keys for PSS. Resolves: #667 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 21 20:56:10 2019 +0100 alert: associate unsupported curve alerts with handshake failure Resolves: #672 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Thu Jan 10 14:53:32 2019 +0100 Check for Signed-off-by: in CI Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sun Jan 20 12:00:07 2019 +0100 Avoid excessive CPU usage in gnutls_idna_map() Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sat Jan 19 18:19:42 2019 +0100 Fix uninitialized variable in tests/x509dn.c Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sat Jan 19 18:04:31 2019 +0100 crypto-selftests.c: Fix checking return value Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Fri Jan 11 07:23:40 2019 +0100 auto-generate the AUTHORS file The original file was unmaintained since long time. This is now auto-generated from the git shortlog, at release time. Relates: #606 Signed-off-by: Nikos Mavrogiannopoulos Author: Fabrice Fontaine Date: Thu Jan 17 13:24:04 2019 +0100 configure.ac: check if libatomic is needed gnutls source code uses the C++11 functionality since https://github.com/gnutls/gnutls/commit/7978a733460f92b31033affd0e487c86d66c643d, which internally is implemented using the __atomic_*() gcc built-ins On certain architectures, the __atomic_*() built-ins are implemented in the libatomic library that comes with the rest of the gcc runtime. Due to this, code using might need to link against libatomic, otherwise one hits build issues such as: ../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4' on an architecture like SPARC. To solve this, a configure.ac check is added to know if we need to link against libatomic or not. The library is also added to gnutls.pc. Fixes: - http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2 - http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343 Signed-off-by: Fabrice Fontaine Author: Tim Rühsen Date: Thu Jan 17 10:22:45 2019 +0100 Fix gnutls.pc for multiarch builds Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Mon Jan 14 10:56:27 2019 +0100 certtool: data encipherment is disabled by default For the TLS protocol this option is not necessary, and if enabled by mistake (as default) and no other option is set, then the generated key will be unusable. Thus we disable it, to generate working keys by default. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 10 19:23:12 2019 +0100 .travis.yml: use ./bootstrap instead of make autoreconf The latter is no longer available after the removal of GNUMakefile. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 10 07:56:17 2019 +0100 The flag %NO_EXTENSIONS is disabling extension support while being functional That is, the %NO_EXTENSIONS option is the only documented way to disable extensions completely from a session. Clarify that message, mention that its behavior is undefined when combine with TLS1.3, and make sure that it is functional. The latter makes sure that safe renegotiation and extended master secret extensions remain disabled when this flag is given. That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when no extensions must be used. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 8 12:26:19 2019 +0100 When sending no extensions do not include a zero length According to RFC5246: The presence of extensions can be detected by determining whether there are bytes following the compression_method field at the end of the ServerHello. and as such we correct our behavior to not send the zero length bytes. This was our behavior in 3.5.x and 3.3.x branch, and thus this corrects a regression of gnutls with these branches. Signed-off-by: Nikos Mavrogiannopoulos Signed-off-by: David Woodhouse Author: Nikos Mavrogiannopoulos Date: Tue Jan 8 19:37:49 2019 +0000 Avoid calling sign_algorithm_get_name() when we already have pointer to the algorithm. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Wed Jan 2 13:21:49 2019 +0100 tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2 This extends commit 51d21634 to cover the optional TLS 1.2 cases, which RFC 8446 4.2.3 suggests: "Implementations that advertise support for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to accept a signature using that scheme even when TLS 1.2 is negotiated". Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 8 18:09:29 2019 +0100 tlsfuzzer: update to the latest upstream for the TLS 1.2 CV tests Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 8 18:06:17 2019 +0100 alert: map GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM to illegal_parameter This alert is more appropriate according to the tlsfuzzer test: https://github.com/tomato42/tlsfuzzer/commit/4b6a4aa8b00cf3f3bcb2388d1bfdad985610ed1d Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jan 8 14:40:25 2019 +0100 Revert "build: remove src/*.bak from distribution" This reverts commit 9ba397aa841730e4824d2bf8537aa15e711ad9b3, as it turned out to be not practical. See !862 for the discussion. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Tue Jan 8 12:07:00 2019 +0100 _gnutls_hello_ext_set_datum: removed unnecessary remark [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Maks Naumov Date: Tue Jan 8 00:05:23 2019 +0200 Fix _gnutls_write_new_general_name() result checking Author: Alon Bar-Lev Date: Mon Jan 7 17:46:10 2019 +0200 build: install all m4 macros having all m4 macros in m4/ directory enables easier autoreconf process for downstream as dependency programs that provide these macros are not required. both gtk-doc and guile requires huge dependency list, and currently are required per any change (patch) in autotools. Signed-off-by: Alon Bar-Lev Author: Daiki Ueno Date: Wed Jan 2 13:44:50 2019 +0100 ext/pre_shared_key: avoid unnecessary use of VLA for MSVC Suggested by Gisle Vanem in: https://github.com/gnutls/gnutls/commit/fd8c1ec8fe155861dffa28811127f101b6697b4b#r31802648 Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Fri Jan 4 09:47:24 2019 +0100 Fix typos in lib/ Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu Jan 3 16:36:17 2019 +0100 Unroll MinGW CI runner commands Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Thu Jan 3 09:51:34 2019 +0100 tests: treat all signals as error Previously we were only treating SIGSEGV as error though there is no reason to treat other signals as success and they may hide an actual error case (e.g., when SIGPIPE is received). With this change we treat any signals received by the child except SIGTERM as error, and we ensure that SIGPIPE is ignored in all tests. This also updates tests/slow/cipher-api-test.c to test failures with SIGABRT or otherwise consistently. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 4 14:48:26 2019 +0100 Revert "verify-high2: Fix cert dir iteration on Win32" This was failing CI (x509cert-tl) but was not detected due to a bug. This reverts commit 362a0c30b79ccede7e5bc3a7747c3e7f1d30889a. Signed-off-by: Nikos Mavrogiannopoulos Author: Marga Manterola Date: Thu Jan 3 17:57:29 2019 +0000 Fix typo when checking for ed25519 support Author: Tim Rühsen Date: Tue Jan 1 14:26:04 2019 +0100 Fix typos in doc/ Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Thu Jan 3 09:13:56 2019 +0100 _gnutls13_handshake_sign_data: properly fail on signing error When signing failed, gnutls would return an invalid signed message (with no data) instead of failing. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Wed Jan 2 10:29:48 2019 +0100 Fix 'make distcheck' The following error will be fixed: ERROR: files left in build directory after distclean: ./tests/softhsm-privkey-eddsa-test.config make[1]: *** [Makefile:1833: distcleancheck] Error 1 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Jan 2 10:22:26 2019 +0100 Remove auto-generated gnulib files from repo Bootstrapping with latest gnulib updated both files, so they are obviously auto-generated files which do not belong into the repository. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Jan 2 10:02:11 2019 +0100 Update required autoconf version to 2.63 This fixes the bootstrap error with the latest gnulib: gnulib/gnulib-tool: *** minimum supported autoconf version is 2.63. Try adding AC_PREREQ([2.63]) to your configure.ac. gnulib/gnulib-tool: *** Stop. ./bootstrap: gnulib-tool failed Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Jan 2 09:56:42 2019 +0100 Update gnulib This fixes the following 'make syntax-check' failure: maint.mk: out of date copyright in ./gnulib/lib/version-etc.c; update it make: *** [maint.mk:1199: sc_copyright_check] Error 1 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Jan 2 09:49:19 2019 +0100 Update copyright year in doc/gnutls.texi This fixes the following error of 'make syntax-check': maint.mk: out of date copyright in doc/gnutls.texi; update it make: *** [maint.mk:1201: sc_copyright_check] Error 1 Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sun Dec 30 16:25:08 2018 +0100 examples: ignore GNUTLS_E_AGAIN or INTERRUPTED errors Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Dec 30 16:00:43 2018 +0100 examples: use a valid DNS name This prevents a gnutls server from sending an unexpected message alert due to invalid DNS name encoding, if the example is not modified. Resolves: #663 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Sat Dec 29 19:16:57 2018 +0100 Fix OSS-Fuzz build Signed-off-by: Tim Rühsen Author: Dmitry Baryshkov Date: Tue Dec 25 14:44:11 2018 +0300 tests: cipher-openssl-compat: don't call EVP_CIPHER_CTX_init() There is no need to call EVP_CIPHER_CTX_init() after EVP_CIPHER_CTX_new(). Fixes #658 Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Dec 25 14:43:56 2018 +0300 tests: cipher-openssl-compat: don't fail if OpenSSL doesn't provide cipher LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER interface, so let's skip the test if cipher is not available. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Thu Dec 20 17:49:21 2018 +0100 gnutls_pubkey_import_ecc_raw: set the public key bits This sets the number of key bits once an ECC key is imported. Resolves #640 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Dec 21 07:58:24 2018 +0100 GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated This removes the documented use of this macro. It was non-functional. Given the nature of the definition of the non-well defined date for certificates, it may be wise not to use a special macro at all. The reason is that the no-well defined date is a real date (~year 9999), and any approximation with seconds will be unstable due to irregular leap seconds. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Dec 21 07:54:40 2018 +0100 gnutls-cli-debug: removed unused variable Signed-off-by: Nikos Mavrogiannopoulos Author: Hugo Beauzée-Luyssen Date: Mon Dec 17 11:37:12 2018 +0100 win32: Check that CertOpenStore is behaving as CertOpenSystemStore The test isn't located in tests/windows since we need the actual libcrypt32 implementations. Author: Tim Rühsen Date: Thu Dec 20 16:33:34 2018 +0100 testrandom.sh: Fix endless loop Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Wed Dec 19 09:41:41 2018 +0100 vasprintf: use from gnulib; don't bundle twice Relates #653 Signed-off-by: Nikos Mavrogiannopoulos Author: Hugo Beauzée-Luyssen Date: Thu Dec 13 17:31:29 2018 +0100 win32: Use CertOpenStore instead of CertOpenSystemStore CertOpenSystemStore is not available when building for windows store. Both functions are available since windows XP, so there is no compatibility change. CertOpenSystemStore documentation states "Only current user certificates are accessible using this method, not the local machine store." hence we pass CERT_SYSTEM_STORE_CURRENT_USER. We also use the wide chars variants, in the event the ansi ones are silently rejected by windows store applications (which is not documented, but which I strongly suspect) This is equivalent to Wine's implementation of CertOpenSystemStore: https://github.com/wine-mirror/wine/blob/master/dlls/crypt32/store.c#L904 Author: Hugo Beauzée-Luyssen Date: Tue Dec 4 15:18:36 2018 +0100 keys-win: Disable private key import on windows store Windows store drastically limits the available functions. In this case, at least CryptSetProvParam and the NCrypt* functions can't be used Signed-off-by: Hugo Beauzée-Luyssen Author: Hugo Beauzée-Luyssen Date: Tue Dec 4 13:22:52 2018 +0100 verify-high2: Fix cert dir iteration on Win32 And especially when building for windows store, which only allows unicode version of opendir & friends functions. Author: Hugo Beauzée-Luyssen Date: Tue Dec 4 11:53:48 2018 +0100 lib: Don't hardcode LoadLibraryA Those functions are forbidden when building for Windows Store Signed-off-by: Hugo Beauzée-Luyssen Author: Tim Rühsen Date: Tue Dec 18 16:27:29 2018 +0100 .gitlab-ci.yml: Remove assert in gl/tests/test-strerror.c A bug made our CI cross builds fail. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916779 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 16:22:10 2018 +0100 tests/cert-tests/certtool-eddsa: Increase portability (fix for busybox) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 16:20:17 2018 +0100 tests/cert-tests/certtool: SKIP if --disable-bash-tests was given Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 16:13:31 2018 +0100 tests/cert-tests/pkcs12-utf8: Use /bin/sh instead of bash Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 16:12:31 2018 +0100 tests/cert-tests/pkcs12-corner-cases: Increase portability (fix for busybox) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 16:11:53 2018 +0100 tests/cert-tests/certtool-ecdsa: Increase portability (fix for busybox) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 16:06:18 2018 +0100 tests/cert-tests/pem-decoding: Increase portability (fix for busybox) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 13:28:26 2018 +0100 tests/cert-tests/certtool-crl-decoding: Increase portability (fix for busybox) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 12:34:01 2018 +0100 tests/long-crl.sh: Increase portability (fix for busybox) Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 12:14:27 2018 +0100 tests/gnutls-cli-debug.sh: Remove bashisms Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 23 19:58:49 2018 +0100 tests/scripts/common.sh: Add check_if_equal() Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Nov 16 12:08:06 2018 +0100 tests/scripts/common.sh: Make random port value work on busybox On busybox 'date +%N' returns an empty value. On 'dash' (Debian shell) $RANDOM doesn't work. This commit works first tries $RANDOM and then falls back to 'date +%N'. Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sat Dec 15 22:14:18 2018 +0100 doc: minor fixes [ci skip] Created NEWS entry for 3.6.6 and unified the listing of gnutls_init_flags_t items. Signed-off-by: Nikos Mavrogiannopoulos Author: Peter Wu Date: Sat Dec 15 22:01:10 2018 +0100 pkcs11: fix memleak in gnutls_pkcs11_token_get_ptr find_token_modname_cb uses p11_kit_config_option to retrieve the module name, but its return value (stored in tn.modname) must be freed. Author: Tom Vrancken Date: Sat Aug 26 14:22:44 2017 +0200 Implemented support for raw public-key functionality (RFC7250). Signed-off-by: Tom Vrancken Author: Hugo Beauzée-Luyssen Date: Thu Dec 13 11:00:03 2018 +0100 configure.ac: Always enable unicode support on windows Author: Peter Wu Date: Thu Nov 29 18:21:22 2018 +0100 pkcs11: fix memleak when querying for GNUTLS_PKCS11_TOKEN_MODNAME find_token_modname_cb uses p11_kit_config_option to retrieve the module name, but its return value must be free'd. Other fixes: - Do not silently truncate the output buffer, return an error instead. - If the module name is unavailable, do not write "(null)" to the output. Write an empty string instead. - The module path can be of arbitrary length, so passing output=NULL to learn the length seems reasonable, except that snprintf crashed on a NULL pointer dereference. Fixes: 241f9f0b1 ("Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info") Signed-off-by: Peter Wu Author: Peter Wu Date: Thu Nov 29 18:43:39 2018 +0100 pkcs11: clarify gnutls_pkcs11_*_get_info output_size It was not clear whether @output_size contains the actual string length or the buffer length (including null terminator). Signed-off-by: Peter Wu Author: Tim Rühsen Date: Thu Nov 15 10:44:20 2018 +0100 build: remove src/*.bak from distribution Instead, include the autogen-generated *.c, *.h and the stamp files in the distribution. To prevent the bundled files being linked with incompatible autogen libopts, this adds an extra check in configure. If the detected system libopts version is too old, it will use the included libopts implementation. Signed-off-by: Tim Rühsen Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Wed Dec 12 09:48:01 2018 +0100 GNUTLS_PCERT_NO_CERT: marked as unused/ignored This flag was already a no-op. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Dec 11 09:34:22 2018 +0100 srp/psk: update recommendations for usernames [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 12 06:15:25 2018 +0100 doc: include PSK examples into documentation Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu Dec 6 14:59:30 2018 +0100 tlsfuzzer: update to the latest upstream to eanble CCS tests Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Tue Dec 4 17:15:02 2018 +0100 Fix gnutls_handshake_set_timeout() for values < 1000 handshake-timeout.c now tests for <1000ms timeout and for >=1000ms timeout. The test duration decreased from 45s to 1.2s. Signed-off-by: Tim Rühsen Author: Daiki Ueno Date: Thu Nov 22 14:59:11 2018 +0100 record: make CCS handling stricter in TLS 1.3 In TLS 1.3, the change_cipher_spec messages received under the following conditions should be treated as unexpected record type: containing value other than 0x01, or received after the handshake. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Wed Dec 5 14:44:23 2018 +0100 bootstrap: only update the required submodules for building Although we have few submodules they are not all required for building and testing. This patch modified bootstrap.conf not to update all of them, but only the necessary for building and testing. Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sat Dec 1 13:26:20 2018 +0100 Fix error message on old or missing nettle. Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Sat Dec 1 06:04:45 2018 +0100 released 3.4.1 Signed-off-by: Nikos Mavrogiannopoulos Author: Simo Sorce Date: Wed Oct 3 13:12:38 2018 -0400 Constant time/cache PKCS#1 RSA decryption This patch tries to make the code have the same time and memory access aptterns across all branches of the decryption function so that timining or cache side channels are minimized or neutralized. To do so it uses a new nettle rsa decryption function that is side-channel silent. Signed-off-by: Simo Sorce Author: Nikos Mavrogiannopoulos Date: Wed Nov 28 16:00:34 2018 +0100 Added test about rsa decryption under pkcs11 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 30 10:28:28 2018 +0100 gnutls_x509_crt_set_expiration_time: fixed documentation [ci skip] Fixed the documentation of the function to reflect reality. This function did not accept the GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 30 08:49:50 2018 +0100 NEWS: updated [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 30 08:44:35 2018 +0100 bumped version Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Thu Nov 29 06:05:22 2018 +0300 tests: attempt to fix test errors on Mac OS X It looks like Mac OS X's grep has issues with applying basic regexps with alternation operator inside. Use several grep calls in pipeline to achieve the same result. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 28 23:39:32 2018 +0300 travis: print logs for all failed tests Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 28 14:10:35 2018 +0300 lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSA pkcs11 support code uses several definitions from forthcoming PKCS#11 standard version. Older p11-kit versions do not provide these definitions. Detect and disable code supporting EdDSA if compiling GnuTLS with older p11-kit library. Closes #626 Signed-off-by: Dmitry Eremin-Solenikov Fixes: 88377775a3eff679a9ec60ab9bfc6b3c683a0407 Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Wed Nov 28 20:08:29 2018 +0100 CONTRIBUTING.md: specify rules for static/inline functions [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 22 17:36:17 2018 +0100 CONTRIBUTING.md: proposal for new features/modifications approach [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 21 21:09:33 2018 +0100 CONTRIBUTING.md: added proposal on commenting style [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Nov 28 16:03:59 2018 +0300 tests: fix crl test under MinGW32/64 Use --outfile instead of output redirection to stop CR from sneaking into temp file. Extra CR symbols make grep choke on that file. Signed-off-by: Dmitry Eremin-Solenikov Author: Stephan Mueller Date: Tue Nov 27 22:27:26 2018 +0100 DRBG: Use ACVP validated test vector in self test Due to removing all of the FIPS 140-2 continuous self test leftovers, the DRBG test vector must be updated as the very first DRBG block is not dropped any more. The test complies with the CAVP test definition specified in "The NIST SP 800-90A Deterministic Random Bit Generator Validation System (DRBGVS)" section 6.2. The test vector is obtained during a successful trial run using the NIST ACVP server. The following registration was used to generate the test vector: { "algorithm":"ctrDRBG", "prereqVals":[ { "algorithm":"AES", "valValue":"same" } ], "predResistanceEnabled":[ false ], "reseedImplemented":true, "capabilities":[ { "mode":"AES-256", "derFuncEnabled":false, "entropyInputLen":[ 384 ], "nonceLen":[ 0 ], "persoStringLen":[ 0, 256 ], "additionalInputLen":[ 0, 256 ], "returnedBitsLen":512 } ] }, Signed-off-by: Stephan Mueller Author: Nikos Mavrogiannopoulos Date: Tue Nov 27 13:47:46 2018 +0100 Fix session description info printing This fixes a truncation issue in session description information printing for certain ciphersuites, and adds a limited testing of expected description strings for certain ciphersuites. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 20 11:30:22 2018 +0100 Prevent applications from combining legacy versions of TLS with TLS1.3 It can happen that an application due to a misconfiguration, enables TLS1.3 in combination with TLS1.0 or TLS1.1 only. In that case a server which is unaware of the TLS1.3 protocol will reply by selecting the TLS1.2 protocol instead and that answer will be rejected by the client. With this change we ensure that TLS1.3 is not enabled in these problematic scenarios. Resolves: #621 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Nov 21 18:35:07 2018 +0300 cert-tests: verify --no-text switch for pkcs7/pkcs12 info Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Nov 16 03:46:52 2018 +0300 certtool: don't output textual information if --no-text was given Disable text output if --no-text option was given for --p7-info and --p12-info. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 21 20:05:20 2018 +0300 certtool: don't output pkcs12 information to stderr Print all pkcs12-info output to outfile, rather than stderr. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 21 18:35:07 2018 +0300 cert-tests: verify --no-text switch for cert/crq/pub/privkeys Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Nov 16 03:46:52 2018 +0300 certtool: don't output textual information if --no-text was given Change privkey/certificate/CRL/CSR handling to disable text output if --no-text option was given. Closes #487 Signed-off-by: Dmitry Eremin-Solenikov Author: Stefan Berger Date: Mon Nov 19 11:47:45 2018 -0500 tests: tpm: Use kill_proc to terminate a process Use kill_proc to terminate a process by first sending it SIGTERM, waiting max. 1 second and then use SIGKILL. Signed-off-by: Stefan Berger Author: Stefan Berger Date: Mon Nov 19 11:19:53 2018 -0500 tests: tpm: Redirect help screen output to stdout The dash shell doesn't seem to understand &>/dev/null, so use >/dev/null to quiet down the help screen check. Signed-off-by: Stefan Berger Author: Daiki Ueno Date: Sat Nov 24 16:59:12 2018 +0100 doc: suggest to check max_early_data_size before sending early data Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Nov 22 14:59:54 2018 +0100 tests: resume: suppress compiler warnings Signed-off-by: Daiki Ueno Author: Stephan Mueller Date: Sun Nov 25 13:46:44 2018 +0100 DRBG: Remove all traces of FIPS 140-2 continuous self test The removal allows the CAVS / ACVP test required for a successful FIPS 140-2 validation to pass. Signed-off-by: Stephan Mueller Author: Daiki Ueno Date: Thu Nov 22 15:04:00 2018 +0100 .gitignore: ignore more files and sort them alphabetically Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Sat Nov 24 15:58:48 2018 +0100 bootstrap.conf: add "autogen" to buildreq Signed-off-by: Tim Rühsen Author: Daiki Ueno Date: Sat Nov 24 15:57:11 2018 +0100 build: fix srcdir detection when VPATH build Unlike the ".c.c.bak:" and ".h.h.bak:" rules, ".def.stamp:" needs this adjustment because the source files (*.bak) are not provided as $<. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sat Nov 24 16:00:48 2018 +0100 tests: remove unnecessary session creation in tls13/anti_replay This test only checks the behavior of _gnutls_anti_replay_check, thus session is not needed at all. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Wed Nov 21 21:09:55 2018 +0100 doc: corrected typos [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 19 14:16:50 2018 +0100 tests: added test for RSA decryption under gnutls_privkey_import_ext4 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 19 14:07:39 2018 +0100 crypto-self-tests-pk: added RSA-PSS sign/verify tests This also corrects the GOST R 34.10-2012-512-TC26-512-A self test. Relates: #597 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 16 21:04:49 2018 +0100 tests: added TLS1.3 tests for PKCS#11 and external key types Signed-off-by: Nikos Mavrogiannopoulos Author: Simo Sorce Date: Thu Oct 25 10:03:01 2018 -0400 Add support for EDDSA/Ed25519 object support via PKCS#11 Tested with softHSM 2.5.0 Resolves #417 Signed-off-by: Simo Sorce Signed-off-by: Nikos Mavrogiannopoulos Author: Simo Sorce Date: Thu Oct 25 10:44:14 2018 -0400 Fix RSA-PSS tests to properly return skip value Signed-off-by: Simo Sorce Author: Nikos Mavrogiannopoulos Date: Sun Nov 18 20:22:08 2018 +0100 gnutls_certificate_type_get*: updated documentation to list limitations Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 19 06:50:55 2018 +0100 tests: resume: use spaces around '?' and ':' according to coding style Also set a link to the kernel coding style in CONTRIBUTIONS.md Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 14 15:20:08 2018 +0100 gnutls_certificate_type_get*: ensure that the default type is returned That is, ensure that unless we negotiate something else than X509, the default certificate type is returned to applications. Previously we wouldn't do that for TLS1.3 resumed sessions, and we would return zero (invalid type) instead. That addresses issues with applications checking explicitly for X509 certificate type being present. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Fri Nov 16 16:13:31 2018 +0100 tests/tls13-early-data: check if max_early_data_size is advertised Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Nov 16 14:25:49 2018 +0100 serv: add --maxearlydata option Also exercise this in testcompat-tls13-openssl.sh. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Nov 18 05:47:08 2018 +0100 record: gnutls_record_send_early_data: check the upper limit Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Nov 16 16:12:13 2018 +0100 tls13/session_ticket: fix "max_early_data_size" extension handling session->security_parameters.max_early_data_size is initially set to 0. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sat Nov 17 19:30:20 2018 +0100 update documentation on GNUTLS_AUTO_REAUTH and gnutls_record_get_direction [ci skip] That clarifiesthe intention, and adds warning of using this flag when multiple threads are involved. Based on suggestion by Michael Catanzaro. Relates: #615 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 16 21:16:33 2018 +0100 .gitlab-ci.yml: run coverage build over fedora This will include the TPM subsystem in the coverage report. Signed-off-by: Nikos Mavrogiannopoulos Author: Stefan Berger Date: Fri Nov 16 10:47:23 2018 -0500 tests: tpm: Extend test case to not use --register Extend the tpmtool test case to also test without the --register parameter. Signed-off-by: Stefan Berger Author: Stefan Berger Date: Wed Nov 14 10:07:08 2018 -0500 tests: tpm: Add a test case for tpmtool This test case exercises tpmtool and uses certtool to create a self-signed certificate with the TPM. It uses swtpm as TPM emulator and configures tcsd to talk to swtpm. Extend the Readme.md with the packages needed for TPM support and TPM test support. This test case needs to be run as root since tcsd needs to be started as root. Signed-off-by: Stefan Berger Author: Stefan Berger Date: Fri Nov 16 06:48:01 2018 -0500 .gitlab-ci.yml: copy the log files of minimal.Fedora to the gitlab server Signed-off-by: Stefan Berger Author: Stefan Berger Date: Thu Nov 15 19:55:02 2018 -0500 lib: tpm: Fix a memory leak Signed-off-by: Stefan Berger Author: Dmitry Baryshkov Date: Fri Nov 16 03:38:38 2018 +0300 doc: mention GOST private key unmasking and additional format support Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 13 11:25:17 2018 +0300 cert-tests: test parsing and decoding of GOST private keys Add a test for parsing and decoding GOST private keys in different formats, incuding encrypted keys. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 13 11:23:37 2018 +0300 certtool: support --pkcs-cipher none If password is specified on command line currently certtool will always output encrypted pkcs8 file. Add `--pkcs-cipher none' allowing one to force certtool to output unencrypted private keys. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 13 03:02:35 2018 +0300 nettle/gost: gostdsa: use size_t instead of mp_limb_t Use size_t for size variables instead of mp_limb_t (data type rather than size type). Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 13 02:48:05 2018 +0300 pkcs8: support GOST keys without encapsulation Add support for yet another representation of GOST private keys: LE-formatted number encoded into pkcs-8-PrivateKeyInfo.privateKey without any additional encapsulation. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 13 02:47:39 2018 +0300 nettle: unmaks GOST private keys if necessary Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 13 02:45:18 2018 +0300 nettle/gost: support GOST key unmasking New Russian reccomendation defines 'key masking' in the form of several concatenated numbers, which must be multiplied modulo Q to get private key. Signed-off-by: Dmitry Eremin-Solenikov Author: Stefan Berger Date: Thu Nov 15 12:43:01 2018 -0500 tpmtool: Fix a memory leak related to TPM key list Signed-off-by: Stefan Berger Author: Nikos Mavrogiannopoulos Date: Thu Nov 15 16:03:38 2018 +0100 updated auto-generated-files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 14 13:56:52 2018 +0100 anti_replay: moved new add function into anti_replay structure The new function was not sharing anything with the existing gnutls_db_* backend, and moving it to anti_replay structure is more clean and allows for deviations from the old API conventions (e.g., now we can pass pointers for efficiency and pass the expiration time as part of the call). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 13 22:49:26 2018 +0100 _gnutls_x509_read_eddsa_pubkey(): sanity check the input values Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 13 09:24:06 2018 +0100 gnutls_x509_privkey_import_ecc_raw(): fail on invalid sizes Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Nov 11 08:25:56 2018 +0100 tests: verify whether certificate request levels behave consistently This verifies whether the behavior of GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST and GNUTLS_CERT_REQUIRE is consistent accross protocols. Relates #615 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Nov 11 08:52:13 2018 +0100 doc: minor updates in elliptic curve documentation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 14 13:42:01 2018 +0100 tests: added a test for detecting duplicate early data Resolves #610 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Nov 14 01:43:05 2018 +0300 tests: add testfile from RFC4134 Section 4.5 Add test example demonstrating indefinite-length BER encoding of PKCS#7 data. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 12 03:34:31 2018 +0300 pkcs7: allow BER encoding when parsing encapContentInfo.eContent CMS specification explicitly allows BER encoding in CMS files. RFC 4134 example 4.5 uses BER indefinite encoding. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 14 01:49:08 2018 +0300 configure.ac: drop obsolete info line Since 4b567871 there is no `ac_enable_session_tickets` variable, so let's drop obsolete remnants. Closes #616 Signed-off-by: Dmitry Eremin-Solenikov Noted-by: Dilyan Palauzov Author: Daiki Ueno Date: Tue Nov 13 10:07:09 2018 +0100 build: minor cleanup of mech-list.h generation Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Nov 13 10:02:17 2018 +0100 README-ci.freebsd.md: require autogen Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Nov 12 13:41:19 2018 +0100 build: remove autogen .bak files from the repository While the .bak files are necessary for not requiring autogen on deployment environment, they are not needed for development and may cause conflict when other developers use different version of autogen. This removes those files from the repository and require autogen at make dist time. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Nov 12 15:48:44 2018 +0100 build: use suffix rules for generating .bak files Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Nov 12 15:48:14 2018 +0100 build: use AM_MISSING_PROG for autogen That makes error message more friendly when autogen is not installed on developing environment. Signed-off-by: Daiki Ueno Author: Stefan Berger Date: Mon Nov 12 09:20:44 2018 -0500 tpm: Fix memory leak in encode_tpmkey_url When returning the key URL in encode_tpm_key_url we do not need to allocate a separate buffer for the URL since we return the allocated buffer from _gnutls_buffer_to_datum(). Signed-off-by: Stefan Berger Author: Daiki Ueno Date: Mon Oct 15 13:35:43 2018 +0200 doc: mention 0-RTT Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 21 07:34:07 2018 +0200 serv: enable anti-replay when early data is used Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 19 17:52:48 2018 +0200 TLS 1.3: implement anti-replay measure using ClientHello recording This implements ClientHello recording outlined in section 8.2 of RFC 8446. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Nov 1 15:37:42 2018 +0100 db: introduce gnutls_db_set_add_function This adds a way to store an entry if it is not found in the database, so that the implementation can provide atomic test-and-set. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Nov 8 17:54:11 2018 +0100 db: introduce gnutls_db_check_entry_expire_time This would be particularly useful when the same database is used to store long-lived TLS 1.2 session data and short-lived TLS 1.3 anti-replay entries. Note that the existing gnutls_db_check_entry doesn't fit in this use-case, as it takes gnutls_session_t as the argument. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 22 15:26:07 2018 +0200 tls13/session_ticket: record timestamp in ticket This is needed for implementing freshness checks outlined in 8.3 of RFC 8446. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Nov 8 15:46:42 2018 +0100 str: suppress compiler warning when time_t is 32-bit Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 22 11:12:02 2018 +0200 testcompat-tls13-openssl: exercise early data transmission Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Oct 15 11:29:56 2018 +0200 tests: add tests for early data Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 12 13:33:13 2018 +0200 cli: add --earlydata option Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 12 13:33:00 2018 +0200 serv: add --earlydata option Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 12 13:34:21 2018 +0200 record: introduce new API functions for early data This introduces gnutls_record_get_max_early_data_size(), gnutls_record_send_early_data(), and gnutls_record_recv_early_data() functions. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 12 11:45:59 2018 +0200 handshake: handle early data This plumbers early data handling in the handshake processes, which consists of: - traffic key updates taking into account of client_early_traffic_secret - early data buffering in both server and client - the EndOfEarlyData message handling - making use of max_early_data_size extension in NewSessionTicket Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 28 07:57:34 2018 +0100 session_pack: record max_early_data_size in session data max_early_data_size sent as part of NST should be recorded and restored when the session data is set back on the session. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Sun Oct 28 07:57:57 2018 +0100 record: fix memleak when rejecting early data The "discard" label previously used assumes that the decrypted record is already added to record_recv_buffer. It is not the case when rejecting early data. Release the allocated memory manually and return early. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 12 17:10:51 2018 +0200 constate: add epoch_rel argument to _gnutls_epoch_dup This is necessary for handling early data. Previously, _gnutls_epoch_dup() copied the parameters from EPOCH_READ_CURRENT, while the client only sets EPOCH_WRITE_CURRENT when sending early data. This allows caller to specify from which epoch the parameters are copied. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 12 11:29:57 2018 +0200 handshake: refactor early secret derivation Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 5 10:41:23 2018 +0200 handshake: record transcript hash for ClientHello This is necessary to compute client_early_traffic_secret and early_exporter_master_secret in TLS 1.3. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 5 11:13:24 2018 +0200 ext/pre_shared_key: use predefined macros for secret labels Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Tue Nov 6 09:38:43 2018 +0100 Unconditionally include nettle/memxor.h Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sat Nov 10 10:54:32 2018 +0100 gnutls-cli: use assert to mark impossible path This avoids static analyzers from complaining. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Nov 10 07:46:24 2018 +0100 pkcs12: cleanups, and two memory leak fixes Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 9 07:44:02 2018 +0100 tls13: use system's openssl for interop testing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 9 20:11:42 2018 +0100 Added checks to avoid false negatives reported by static analyzers Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Tue Nov 6 14:47:41 2018 +0300 src: update autogenerated .bak files Update files to include proper year, version, etc. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 6 14:42:56 2018 +0300 src: include .bak files in EXTRA_DIST Including .bak files in EXTRA_DIST allows us to stop hand-generating these files in distribution. Instead they are directly copied from the source tree. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 6 14:34:18 2018 +0300 src: update .bak files during -args.c/.h regeneration To ease updating of .bak files, update them when regenerating Autogen'erated source files. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 6 12:01:49 2018 +0300 doc: fix texi generation in out-of-tree builds Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 6 10:52:47 2018 +0300 src: mark autogen'ed sources as nodist_ Mark autogenerated sources as not distributable. We are distributing .bak files instead. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 5 16:37:02 2018 +0300 Makefile.am: drop manpages regeneration from dist-hook There is no need anymore to regenerate tools manpages, they will be generated automatically from doc/manpages/Makefile.am. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 5 16:22:25 2018 +0300 manpages: fix manpages distribution It seems that dist_man_MANS does not work properly with Automake conditionals. Automake will not distribute files which are conditionally disabled at this make run. As released tarballs include all manpages already, let's include them unconditionally. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 5 15:02:50 2018 +0300 manpages: fix tools manpages generation Pass additional include path to let autogen find common arguments template. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 5 14:53:46 2018 +0300 manpages: un-unroll the loop Replace unrolled loop over header files with for-loop to simplify Makefile. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 5 14:30:53 2018 +0300 configure.ac: merge autogen/libopts checks Move handling of autogen/libopts to a single place. Enforce usage of local libopts if autogen is not found. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 5 13:12:51 2018 +0300 doc: fix documentation generation in out-of-tree builds gtk-doc will not process gnutls.h.in file, so we need to point it to generated gnutls.h file, found inside builddir. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 5 00:43:55 2018 +0300 cfg.mk: fix ChangeLog generation on out-of-tree builds ChangeLog regeneration does not work for out-of-tree build, so let's fix that. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Nov 4 14:29:11 2018 +0300 src: args-std.def: substitute variables using configure Use standard way (configure script) to substiture variables in args-std.def file, instead of manually replacing them in dist-hook. Fixes #567 Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Fri Nov 9 20:07:24 2018 +0100 Initialize output var to avoid false negative from static analyzers This was identified by clang analyzer's on _gnutls_x509_dn_to_string and _gnutls_x509_decode_string. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 5 20:51:33 2018 +0100 .gitlab-ci.yml: move to fedora29 for CI This also moves the x86 CI builds to the debian cross infrastructure as we have a more reliable way of generating a 32-bit image. Resolves #607 Signed-off-by: Nikos Mavrogiannopoulos Author: Stefan Berger Date: Fri Nov 2 18:33:32 2018 -0400 tpmtool: Support --srk-well-known for SRK with 20 zero bytes password Implement --srk-well-known for SRK with 20 zero bytes password. Signed-off-by: Stefan Berger Author: Nikos Mavrogiannopoulos Date: Wed Nov 7 09:56:56 2018 +0100 testcompat-openssl: do not test DSS or small curves with 1.1.1 DSA uses 1024-bit parameters, and these together with curves of less than 256 bits are not accepted by debian's openssl. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 7 10:20:32 2018 +0100 doc/credentials: increased key size in RSA client cert This is used by the test suite and recent openssl in debian requires a larger certificates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 7 10:16:10 2018 +0100 certtool: allow --update-certificate to replace public key Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 7 08:37:23 2018 +0100 README.md: updated instructions to apply to fedora29 Signed-off-by: Nikos Mavrogiannopoulos Author: Ander Juaristi Date: Thu Oct 4 14:57:47 2018 +0200 Update docs for session ticket key rotation [ci skip] Fix #581. Signed-off-by: Ander Juaristi Author: Daiki Ueno Date: Thu Nov 1 13:43:17 2018 +0100 ext/record_size_limit: handle the extension in TLS 1.2 ServerHello Previously it had assumed that TLS 1.2 servers don't send the extension, while actually it can be present in ServerHello. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Tue Oct 30 19:56:47 2018 +0100 gnutls_priority_init: ignore CTYPE-OPENPGP options In GnuTLS 3.6.0 we dropped support for openpgp keys, however the CTYPE-OPENPGP is often seen in applications, sometimes as -CTYPE-OPENPGP to ensure it is not enabled. We simply ignore this priority string when seen, to avoid preventing these applications from running. Resolves #593 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 30 19:46:09 2018 +0100 gnutls_priority_init: fixed indentation according to project rules Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 19 12:04:29 2018 +0200 gnutls_priority_set: re-organized The sanity tests we moved prior to setting these priorities and the %GNUTLS_E_NO_PRIORITIES_WERE_SET error code is returned consistently to indicate that the existing priorities were not overwritten. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 17 14:53:47 2018 +0200 gnutls_priority_set: do not override the version after handshake is complete When an application would re-set priorities prior to a rehandshake we would override the negotiated version with the highest supported, something which may lead to issues. This disables that unnecessary version override. See: https://bugzilla.redhat.com/show_bug.cgi?id=1634736 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 30 10:28:20 2018 +0100 gnutls-serv: use default priorities when none are given This makes it in par with gnutls-cli. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Mon Oct 29 01:42:28 2018 +0300 self-tests: add GOST public key tests Test vectors provided in standard are not that usefull (they use unsupported curves with a != -3), so these test vectors were generated by hand. Fixes #492 Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Mon Oct 29 07:24:01 2018 +0100 NEWS: added CMAC entries [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Simo Sorce Date: Sun Oct 28 12:19:46 2018 -0400 Add NEWS entry about AES-CMAC Signed-off-by: Simo Sorce Author: Simo Sorce Date: Fri Oct 26 16:55:27 2018 -0400 Add selftests for CMAC Signed-off-by: Simo Sorce Author: Simo Sorce Date: Fri Oct 26 13:38:13 2018 -0400 Vendor in CMAC functionality from Nettle If nettle's CMAC is not available, use a vendored in version from master. This is necessary as long as we need to link against 3.4 for ABI compatibility reasons. Signed-off-by: Simo Sorce Author: Simo Sorce Date: Fri Oct 26 13:22:23 2018 -0400 Add CMAC Support Signed-off-by: Simo Sorce Author: Dmitry Baryshkov Date: Sun Oct 28 15:44:15 2018 +0300 NEWS: Add entry mentioning fix of S-BOXes for CryptoPro-B,-C,-D variants Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Oct 28 10:13:00 2018 +0300 self-tests: add GOST symmetric algorithms tests Add tests for: - GOST 28147-89 CFB cipher - GOST R 34.11-94 hash function - Streebog-256/-512 hash functions - HMAC using GOST R 34.11-94/Streebog functions Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Oct 28 10:11:21 2018 +0300 nettle: fix s-boxes selection for rare GOST 28147-89 variants gost28147-89 code contained c&p error, which resulted in using S-BOX CryptoPro-A instead of -B, -C, -D. Fix that. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Fri Oct 26 22:50:52 2018 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Wed Oct 24 13:08:45 2018 +0200 ext/pre_shared_key: don't assume ob_ticket_age < ticket_age_add Previously, the server treated the condition as error, while it is possible that ob_ticket_age may have wrapped round by 2^32. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Oct 25 12:32:52 2018 +0200 tls13/session_ticket: calculate ticket_age in milliseconds Previously we calculated ticket age from the current wall clock in seconds, multiplying by 1000. This is conceptually wrong, because ticket age is designed to be in milliseconds. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Oct 26 08:18:01 2018 +0200 str: add macros to encode/decode struct timespec value Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Oct 25 13:47:13 2018 +0200 system: provide a means to replace gettime implementation While gettime() is extensively used in the code, the library previously hadn't provided a way to replace it for testing. This adds a new internal function _gnutls_global_set_gettime_function and makes use of it through virt-time.h. Signed-off-by: Daiki Ueno Author: Simo Sorce Date: Wed Oct 24 15:45:23 2018 -0400 Add selftest for CFB8 Author: Daiki Ueno Date: Thu Oct 25 12:09:05 2018 +0200 _gnutls_timespec_cmp: new inline function Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Oct 25 12:02:53 2018 +0200 tls13/session_ticket: rename tls13_ticket_t type to tls13_ticket_st This is consistent with the coding guideline. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Thu Oct 25 08:29:27 2018 +0200 gnutls-cli: reduce printed session information When connecting to a server we were printing a lot of duplicate information that was already part of the "Description" string. No longer print that information unless --verbose is given. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 24 13:05:58 2018 +0200 gnutls-cli: do not print errors twice Signed-off-by: Nikos Mavrogiannopoulos Author: Simo Sorce Date: Wed Oct 24 13:04:22 2018 -0400 Vendor in CFB8 functionality from Nettle If nettle's CFB8 is not available, use a vendored in version from master. This is necessary as long as we need to link against 3.4 for ABI compatibility reasons. Signed-off-by: Simo Sorce Author: Simo Sorce Date: Wed Oct 24 12:14:51 2018 -0400 Add AES-CFB8 Support Signed-off-by: Simo Sorce Author: Nikos Mavrogiannopoulos Date: Mon Oct 15 15:59:48 2018 +0200 p11tool: fix initialization of security officer's PIN Previously we would call gnutls_pkcs11_token_set_pin() without an old PIN provided, which will result to the use of C_InitPIN() on the underlying module. The C_InitPIN() in contrast with C_SetPIN() will only work for the user and not for the administrator. As such, we always provide the oldpin for when we change the admin's PIN. Resolves #561 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 23 15:20:45 2018 +0200 fips140: aligned code with documentation That is, we introduce the documented but unimplemented macros GNUTLS_FIPS140_SET_LAX_MODE() and GNUTLS_FIPS140_SET_STRICT_MODE(). Signed-off-by: Nikos Mavrogiannopoulos Author: Tom Vrancken Date: Mon Oct 22 10:52:08 2018 +0200 Simplified check for NULL pointer to reduce code changes. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Mon Oct 22 10:51:19 2018 +0200 Unified abbreviation for certificate type priorities in code. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Thu Oct 11 21:25:11 2018 +0200 Renamed CHECK_AUTH macro to CHECK_AUTH_TYPE to be more clear what it checks. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Thu Oct 11 21:13:45 2018 +0200 Renamed _gnutls_server_select_cert() to _gnutls_select_server_cert() for consistency reasons with its client couterpart. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Thu Oct 11 21:05:33 2018 +0200 Renamed certificate_credential_append_crt_list() to certificate_credential_append_keypair(). Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Thu Oct 11 21:01:25 2018 +0200 Renamed _gnutls_auth_info_set() to _gnutls_auth_info_init(). Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Wed May 23 10:16:00 2018 +0200 Renamed fields in priority_st to improve code readability. Fixes #453. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Tue May 22 12:35:31 2018 +0200 Added NULL pointer check in gnutls_certificate_free_credentials for safety. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Mon May 21 10:11:28 2018 +0200 Renamed _gnutls_proc_x509_server_crt to _gnutls_proc_x509_crt. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Sat May 19 16:01:01 2018 +0200 Small fixes for comments and log strings. Signed-off-by: Tom Vrancken Author: Tim Rühsen Date: Thu Oct 18 11:09:09 2018 +0200 SKIP tests/global-init-override if weak symbols don't work Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Tue Oct 16 15:06:04 2018 +0200 tests: eagain-auto-auth: only compiled in systems with cmocka available This fixes build issue at MacOSX CI. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 12 16:36:12 2018 +0200 tlsfuzzer: updated to latest upstream and enabled new tests Resolves: #591 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 12 17:08:15 2018 +0200 handshake: send missing extension alert When a key share extension is not seen under TLS1.3, send the missing extension alert. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Oct 4 08:27:10 2018 +0200 _gnutls_server_select_cert: return error when no server cert is selected When a certificate callback is used and no certificate is provided by it, return an error rather than trying to use it (and crashing) later. Note that this affects only an "illegal" code path when a server would have provided no certificate, something which must not happen on a real-world server. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 1 11:58:15 2018 +0200 gnutls_init: added flag for automatic re-authentication This introduces the GNUTLS_AUTO_REAUTH gnutls_init() flag and makes re-authentication under TLS simpler to enable and use. Resolves #571 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 29 14:21:59 2018 +0200 pkcs11 uris: the URI scheme is case insensitive Makes the comparisons of the URI scheme to use c_strcasecmp from gnulib. It also replaces various straw strcasecmp with the gnulib variant. This ensures that comparison will be reliable irrespective of the locale. Resolves #590 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Oct 11 21:49:11 2018 +0200 .gitlab-ci.yml: cross CI requires privileged systems Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Oct 9 12:46:12 2018 +0200 Fix check for GNU C compiler in eina_cpu.c Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Oct 9 12:34:26 2018 +0200 Fix gen-mech-list.sh on Solaris / Bourne Shell `cmd` is more compatible than $(cmd). The shell is "sh (Schily Bourne Shell) version 2013/01/14 a+ (i386-pc-solaris2.9)" Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Oct 5 19:41:15 2018 +0200 Let bootstrap check for gperf and autopoint Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Oct 8 11:25:23 2018 +0200 Skip tests/tls13/prf.c if visibility 'protected' doesn't work Overriding gnutls_rnd() with visibility 'protected' doesn't always work. E.g. LDFLAGS="-Wl,-Bsymbolic-functions" seems to have priority on Debian derived systems. Fixes #584 Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sat Oct 6 16:43:33 2018 +0200 tests: added unit test for gnutls_session_set_id This adds a unit and a negative test which ensures that a client will not be tricked in performing resumption when this function is used. Resolves #585 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Oct 4 08:29:41 2018 +0200 doc: fix use of gnutls_ext_raw_parse callback [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Sep 30 22:05:59 2018 +0200 gnutls_priority_set: do not override version on handshake When handshake is in progress, do not override the default TLS version in the session. This allows gnutls_priority_set to be called in the post_client_hello function without breaking the handshake. Resolves #580 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 2 11:57:31 2018 +0200 encrypt_packet_tls13: added explicit check on iv_size bounds Although there are no ciphers defined for TLS1.3 which would overflow the assumed bound, an explicit check is necessary to avoid that code be a liability in future updates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 1 09:18:46 2018 +0200 privkey_pkcs8: added reference for validation parameters OID [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 1 08:31:16 2018 +0200 NEWS: corrected typo [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Thu Sep 27 21:11:21 2018 +0200 Use ASCII version of strcasecmp() in library code strcasecmp() has side effects in some locales. What we really need is c_strcasecmp() from Gnulib for comparing ASCII strings. Fixes #570 Signed-off-by: Tim Rühsen Author: Dmitry Baryshkov Date: Thu Sep 27 11:02:33 2018 +0300 .gitlab-ci.yml: reenable SSLv2 hello support for SSL-3.0.Fedora.x86_64 Reenable SSLv2 hello support to let several SSL-3.0 tls-fuzzer tests pass. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Sep 27 01:05:09 2018 +0300 tlsfuzzer: disable SSL3.0 in export-ciphers-rejected test These tests will fail with SSL3.0-enabled gnutls-serv unless --ssl3 option was passed. We will run these tests anyway from gnutls-nocert-ssl3.json, so disable them here. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Sep 27 00:42:21 2018 +0300 tlsfuzzer: support running from separate build dir Adapt tls-fuzzer-common.sh script to be able to run tests in case srcdir != builddir. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Sep 25 17:00:14 2018 +0300 .gitlab-ci.yml: reenable full test suite in SSL-3.0/SHA-1 case Reenable full test suite run in SSL-3.0/SHA-1 CI test case to let us catch issues in legacy code. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Sep 24 16:07:19 2018 +0300 tlsfuzzer: add missing script Makefile.am refers tls-fuzzer-nocert-ssl3.sh script, which is missing in the source tree. Add it back. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Sep 27 00:35:20 2018 +0300 tlsfuzzer: move common code to separate file Move common code to tls-fuzzer-common.sh to ease further adjustments. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Sep 26 23:34:16 2018 +0300 tlsfuzzer: use random port for tls-fuzzer-nocert test Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing usage of random port for server. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Sep 26 23:34:16 2018 +0300 tlsfuzzer: use random port for tls-fuzzer-cert test Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing usage of random port for server. Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Wed Sep 26 12:54:37 2018 +0200 Make tlsproxy/buffer.c compilable by gcc 4.4.7 Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Wed Sep 26 09:38:04 2018 +0200 _gnutls_check_key_purpose: eliminated dead code Resolves #573 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 25 13:52:25 2018 +0200 manpages: do not generate any manpages for openpgp.h This API is no longer functional and is only available as stubs for backwards binary compatibility. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 25 13:06:57 2018 +0200 manpage generation: cleanup Recognize parameters of the form unsigned char name[8], and do not print obscure warnings. Furthermore gdoc will fail when a function parameter is not described or when no function is found. This addresses the generation of undetected errors in generated manpages. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 25 12:07:10 2018 +0200 doc: fixed missing function and enumeration parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 25 14:12:26 2018 +0200 tests: removed unused file Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 25 18:10:12 2018 +0200 mech-list.h: generate unique entries Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 24 17:33:03 2018 +0200 released 3.6.4 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 21 16:31:58 2018 +0200 tests: pkcs12-utf8 depend on bash The NetBSD default shell cannot handle the UTF-8 strings we use in that script. Resolves #544 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 21 16:20:36 2018 +0200 bumped versions and updated NEWS file Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 21 16:18:23 2018 +0200 Enable the TLS1.3 protocol by default As the protocol has been finalized, and the implementation is stable and interoperable, there is no need to enable it conditionally. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 18 08:36:18 2018 +0200 gnutls-cli: enable CRL validation on startup This also makes the failure in adding CRLs or CAs, a fatal error. Resolves #564 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 20 16:44:51 2018 +0200 Provide a more flexible PKCS#11 search of trust store certificates This addresses the problem where the CA certificate doesn't have a subject key identifier whereas the end certificates have an authority key identifier. Resolves #569 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 18 08:35:32 2018 +0200 trust list: added flag to force failure on CRL validation error This allows an application to be notified of the addition of invalid CRLs in the trust list. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Sep 18 11:50:43 2018 +0200 Remove auto-generated src/mech-list.h from repo Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Sep 18 15:35:20 2018 +0200 Fix issue introduced in 20886264fe This makes _gnutls_resolve_priorities() return a string that is always allocated with the gnutls memory functions. Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Wed Sep 19 14:15:20 2018 +0200 session tickets: check timestamp for validity We were previously only relying on the client's view of the ticket lifetime for TLS1.3 tickets. This makes sure that we only resume tickets that the server considers valid and consolidates the expiration time checks to _gnutls_check_resumed_params(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 20 10:11:42 2018 +0200 ECC export/import: updated documentation on EdDSA curves This clarifies the format that parameters in the EdDSA curves will be returned, and also ensures that the import/export functions fail on unsupported curves. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 19 15:03:32 2018 +0200 tests: use virt-time.h in resumption tests Signed-off-by: Nikos Mavrogiannopoulos Author: Ander Juaristi Date: Tue Sep 18 09:40:20 2018 +0200 Added session ticket key rotation with TOTP This introduces session ticket key rotation on server side. The key set with gnutls_session_ticket_enable_server() is used as a master key to generate time-based keys for tickets. The rotation relates to the gnutls_db_set_cache_expiration() period. Resolves #184 Signed-off-by: Ander Juaristi Author: Dmitry Baryshkov Date: Tue Sep 18 03:05:51 2018 +0300 certtool: print GOST public key with MSB first OpenSSL and other libraries print MSB first, when printing GOST public keys. Let's return to this convention. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Sep 18 03:05:51 2018 +0300 x509: print_pubkey: print GOST public key with MSB first OpenSSL and other libraries print MSB first, when printing GOST public keys. Let's return to this convention. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Sep 18 00:53:17 2018 +0300 lib: use little endian when importing/exporting GOST keys GOST R 34.10 native format is little endian. It is better for the application code to use native format data to interface library, rather than convert buffers on their own. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Sep 18 00:51:05 2018 +0300 mpi: add function to dprint mpi in little endianness Add little endian counterpart to _gnutls_mpi_dprint and _gnutls_mpi_dprint_le. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Sep 17 12:26:31 2018 +0300 gnutls.h: correct GOST R number references [ci skip] Fix numeric GOST R ids used in documentation, too many numbers: - GOST R 34.11 is digest function - GOST R 34.10-2001 is a digital signature over GOST R 34.11-94 digest - GOST R 34.10-2012 is a digital signature over GOST R 34.11-2012 digest Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Mon Sep 17 10:12:38 2018 +0200 Update git submodules via ./bootstrap Setting $SUBMODULE_NOFETCH to a non-empty value adds --no-fetch to the git command (for CI speedup). Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Mon Sep 17 15:14:12 2018 +0200 tests: pkcs1-pad: run with SHA-1 enabled or disabled Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 17 12:58:38 2018 +0200 .gitlab-ci.yml: enable run with SHA-1 enabled This adds a CI run with SHA-1 enabled, and corrects issues in the testsuite when that's the case. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 17 09:28:08 2018 +0200 gnutls_x509_trust_list_add_trust_mem: fix behavior with unaccounted certs If gnutls_x509_trust_list_add_cas returns less than clist_size, the additional unaccounted certificates will never be freed. Relates #552 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 17 09:12:29 2018 +0200 gnutls_x509_trust_list_add_cas: corrected return value When the flag GNUTLS_TL_USE_IN_TLS is used and add_new_ca_to_rdn_seq the return value did not include the last certificate added to the list. This corrects its return value. Relates #552 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 17 09:10:24 2018 +0200 fixed documentation in trust list functions That clarifies and addresses issues in the documentation of gnutls_x509_trust_list_add_crls() and gnutls_x509_trust_list_add_cas() Relates #552 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Sep 16 15:54:41 2018 +0200 tests: added CRL verification tests This tests CRL verification with certtool --verify-crl on correct and incorrect cases. Relates #564 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Sep 16 15:35:19 2018 +0200 certtool: updates in documentation in messages for CRL generation This fixes the messages printed for the generation of a CRL, and makes the return code of the CRL verification depending on the verification result. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 14 16:32:05 2018 +0200 Fix variable used in reallocation This corrects the variable name used in the sizeof argument for realloc. This does not alter the actual allocation size, but rather it fixes a logic error. Relates: #554 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 22 15:25:06 2018 +0200 .gitignore: updated Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 22 10:08:41 2018 +0200 dtls: recover when a NewSessionTicket message is lost When the server's NewSessionTicket gets lost while the ChangeCipherSpec goes through, the client did not request retransmission by retransmitting his last flight, and the handshake was blocked. This commit addresses the issue and adds a reproducer. Resolves #543 Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Mon Aug 27 17:44:35 2018 +0200 tlsfuzzer: remove duplicate tests and sort them alphabetically Signed-off-by: Daiki Ueno Author: Andreas Schwab Date: Mon Sep 10 17:35:08 2018 +0200 doc: fix reference to invocation nodes Signed-off-by: Andreas Schwab Author: Nikos Mavrogiannopoulos Date: Mon Aug 20 15:17:04 2018 +0200 priority: be backwards compatible with priority strings starting with NONE That is, we allow priority strings which do not enable any groups to work, by disabling TLS1.3. For example 'NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL' is still operational, but no TLS1.3 is enabled when specified. Resolves: #549 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Fri Aug 24 16:34:14 2018 +0200 Use gnutls_strdup() instead of strdup() in library code Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Aug 24 16:27:36 2018 +0200 Remove gnulib work-around '#undef strdup' The 'issue' should be fixed already. Even if not, it has to addressed in gnulib. Signed-off-by: Tim Rühsen Author: Daiki Ueno Date: Tue Aug 21 15:02:56 2018 +0200 ext/pre_shared_key: use consistent name for regitration entry Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Aug 21 14:54:41 2018 +0200 ext/pre_shared_key: make ticket age calculation consistent Previously we used a pattern like this: uint32_t obfuscated_ticket_age, ticket_age_add; time_t ticket_age; ticket_age = obfuscated_ticket_age - ticket_age_add; if (ticket_age < 0) { ... } This always evaluates to false, because subtraction between unsigned integers yields an unsigned integer. Let's do the comparison before subtraction and also use correct types for representing time: uint32_t for protocol time and time_t for system time. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Aug 17 15:45:20 2018 +0200 tls13/psk_ext_parser: simplify the iterator interface Previously it was unclear whether psk_ext_parser_st is stateful or not. This change introduces the simpler API to iterate over the immutable data (psk_ext_parser_st), following the iterator pattern. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Tue Aug 21 16:18:11 2018 +0200 gnutls-cli-debug: mention RFC8446 for TLS1.3 and RFC8422 for X25519 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Aug 21 13:10:48 2018 +0200 Remove --no-git from ./bootstrap [ci skip] This removes the --no-git option as bootstrap itself does not use the remote repository for cloning. At least as long $GNULIB_SRCDIR points to a recent enough local gnulib git repo. Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Fri Aug 17 14:02:34 2018 +0200 handshake: do not negotiate TLS1.3 using the legacy version field Previously we could end-up with a TLS1.3 connection if the TLS1.3 ID was seen on the wire. We now explicitly fallback to TLS1.2 when we see a protocol with TLS1.3 semantics in an SSL2.0 or in the legacy version of the client hello. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 17 12:57:25 2018 +0200 handshake: simplified protocol version checking functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 17 10:50:15 2018 +0200 tlsfuzzer: modify to use the final code points Relates #542 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 13 20:55:50 2018 +0200 fuzz: updated traces for final TLS1.3 version Resolves #359 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 13 20:46:21 2018 +0200 protocols: bumped TLS1.3 version number to RFC8446 value This adds support of the final RFC numbers. Resolves #542 Signed-off-by: Nikos Mavrogiannopoulos Author: Tom Vrancken Date: Wed Aug 15 18:29:32 2018 +0200 Implemented RFC7250 certificate type negotiation extensions. Signed-off-by: Tom Vrancken Author: Daiki Ueno Date: Fri Aug 10 14:06:16 2018 +0200 ext/record_size_limit: new extension This implements the record_size_limit extension as defined in RFC 8449. Although it obsoletes the max_record_size extension, for compatibility reasons GnuTLS still sends it on certain occasions. For example, when the new size is representable as the codepoint defined for max_record_size. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Aug 14 16:46:12 2018 +0200 ext/max_record: remove use of extension private data As the extension data is always stored in session->security_parameters.max_record_send_size, it shouldn't be necessary to track it with the private data. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Fri Aug 17 14:43:30 2018 +0200 gnutls_session_resumption_requested: fixed behavior under TLS1.3 This makes gnutls_session_resumption_requested() functional under TLS1.3 and introduces a unit test of the function. Resolves #546 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 19 18:59:02 2018 +0200 .gitlab-ci.yml: use --no-git to bootstrap That is, to reduce CI time, and avoid failures due to non-availability of the gnulib git repo. Resolves #547 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 17 14:48:56 2018 +0200 hello_ext: removed bogus comment Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 17 16:08:37 2018 +0200 .gitmodules: gnulib submodule is now synced from libidn's mirror This mirror is updated hourly and is hosted on gitlab, meaning less dependency on external sites downtime. Resolves: #547 Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Wed Aug 15 14:20:43 2018 +0200 Fix two typos (overriden/guarranteed) Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Mon Aug 13 21:47:53 2018 +0200 doc: document the non-portability of NONE priority string Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 13 20:22:48 2018 +0200 tools: check output of called functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 13 20:19:55 2018 +0200 write_oid_and_params: moved nullity check of params earlier Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 9 16:13:50 2018 +0200 gnutls_session_set_premaster: corrected error checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 9 16:12:36 2018 +0200 pubkey_verify_hashed_data: apply algorithm checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 9 16:09:21 2018 +0200 privkey_sign_raw_data: use assert to mark code which always succeeds Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 9 16:05:47 2018 +0200 _gnutls_send_change_cipher_spec: removed unnecessary test Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 13 21:04:56 2018 +0200 .travis.yml: do not run brew upgrade This addresses issue with travis compilation on MacOSX. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 7 16:27:19 2018 +0200 gnutls_memset: use explicit_bzero That is, use the glibc function when available and the second parameter is zero. Resolves #230 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 7 09:52:55 2018 +0200 use a consistent method to mark fall-through in switch cases Also document that method in contribution guide. Resolves #306 Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Tue Aug 7 14:45:07 2018 +0200 ext/pre_shared_key: prevent crash if no server credentials are set Previously, if server is configured without PSK credentials and the client authenticated with PSK, the server crashed with: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7b190ba in server_recv_params (session=0x636fc0, data=0x634e6e "", len=46, pskcred=0x0) at pre_shared_key.c:523 523 prf = pskcred->binder_algo; Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Aug 7 13:21:16 2018 +0200 tlsfuzzer: update to the latest version Also enable test-tls13-ffdhe-sanity.py, test-tls13-session-resumption.py, and test-tls13-unrecognised-groups.py. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Aug 7 12:32:56 2018 +0200 alert: map GNUTLS_E_NO_COMMON_KEY_SHARE to handshake_failure Previously, when server received a ClientHello that does include only groups from unassigned ranges in supported_groups, it aborted the connection with an illegal_parameter. Resolves #537 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Aug 7 11:43:32 2018 +0200 algorithms: add support for FFDHE6144 Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Fri Aug 3 22:26:47 2018 +0200 Corrected the importing of ECDSA public keys This seems to be a regression since EdDSA support. The call to _gnutls_x509_get_pk_algorithm() in public key import was unnecessary and in fact it was overriding the available curve with a curve associated with the OID. As the ECDSA OID doesn't include the curve, that had the result of deleting the already read curve. Resolves #538 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 3 14:13:14 2018 +0200 Ensure we are sending the right protocol version on second client hello That is, when we respond to a Hello Retry Request as client, we put the TLS1.2 version on the second client hello to send a hello that is as close as possible to the original hello. That effectively separates the handling of TLS1.2 rehandshake and TLS1.3 hello retry request when sending a client hello. Resolves #535 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 7 07:30:55 2018 +0200 doc: improved text on certifications Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 7 07:13:35 2018 +0200 doc: few improvements over certificate validation text Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 30 21:50:35 2018 +0200 gnutls-serv: re-introduce the session identifier message The message "If your browser supports session resuming, then you should see the same session ID, when you press the reload button", is now printed again even under TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 30 16:48:26 2018 +0200 resume: keep persistent session identifiers With the introduction of session ticket support (TLS1.2) and TLS1.3, session identifiers have no persistency on server or client side. Improve the situation by introducing persistent session identifiers on server side in a backwards compatible way. Resolves #484 Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu Jul 19 15:57:59 2018 +0200 .gitlab-ci.yml: include fuzz/*.log in artifacts Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jul 18 15:56:17 2018 +0200 tests: tls-fuzzer: enable tests relying on header fragmentation Those tests were previously disabled because splitting of handshake messages in a very short (< 4 bytes) fragments is not implemented. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Aug 2 15:44:15 2018 +0200 record: send unexpected_message upon empty unencrypted records Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 27 06:30:41 2018 +0200 buffers: handle very short fragmentation of handshake messages If the received record doesn't even complete the handshake header (i.e., the record size < 4), keep it in a temporary buffer and let the caller receive more records. Once enough amount of data is received, move the already received records back to record_buffer and proceed to the normal processing. Fixes: #272 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 27 06:23:12 2018 +0200 mbuffers: introduce _mbuffer_head_push_first This is similar to _mbuffer_enqueue, but adds an element to the beginning of the buffer. This is to make the incomplete header handling case easier. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 27 06:10:37 2018 +0200 _gnutls_parse_record_buffered_msgs: eliminate local variable usage If `remain > 0` is true, `recv_buf[0].length > 0` always holds. Combine those conditions and remove the `remain` utilizing MIN(). This is to make the incomplete header handling case easier. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jul 27 05:35:02 2018 +0200 buffers: avoid confusion in fragment length calculation Previously, to calculate the fragment length, it added/subtracted one to the ending offset back and forth; that was not easier to read and couldn't handle empty payload messages in TLS. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Aug 2 16:59:27 2018 +0200 tlsfuzzer: update to the latest version Also enable test-tls13-0rtt-garbage.py. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jul 16 11:30:05 2018 +0200 TLS 1.3: ignore "early_data" extension As 0-RTT is still not implemented in GnuTLS, the server responds with 1-RTT, by skipping decryption failure up to max_early_data_size, as suggested in 4.2.10 Early Data Detection. Resolves #512 Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Fri Aug 3 21:45:14 2018 +0200 p11tool: print expiration time on certificates This is particularly useful when displaying information about a certificate trust store. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 19 15:52:26 2018 +0200 tls1.3: server returns early on handshake when no cert is provided by client Under TLS1.3 the server knows the negotiated keys early, if no client certificate is sent. In that case, the server is not only able to transmit the session ticket immediately after its finished message, but is also able to transmit data, similarly to false start. Resolves #481 Resolves #457 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 23 15:01:49 2018 +0200 gnutls-serv: don't close connection properly when handshake is not yet complete In the case handshake is not yet complete and we need to terminate, it is because of an issue. As such prefer an unclear termination at this stage. This addresses error detection issues with tlsfuzzer. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 2 16:16:27 2018 +0200 gnutls-cli: corrected input buffer null-termination This was a regression in the previous cleanup at f138ff85df69976badce44a5c46157cce091020f included in 3.6.3. Resolves #534 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 31 11:37:50 2018 +0200 certtool: added example of converting to DER in manpage Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Fri Jul 27 23:46:50 2018 +0200 Fix gcc-8 -Wabi warnings Fixes #531 Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Fri Jul 27 11:58:38 2018 +0200 ext/key_share: check the validity of server key shares That is, when generating the public key based on the server's key share, ensure that the algorithms match completely with the key shares the client initially sent. This was detected by the updated traces for TLS1.3 fuzzying. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 26 15:37:58 2018 +0200 gnutls-serv: improve output under TLS1.3 That is, silence fields no longer applicable under TLS1.3 and make sure that newer functions like gnutls_session_get_desc() get used when describing the session. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 26 15:06:34 2018 +0200 fuzz: updated traces for latest TLS1.3 draft Relates #359 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 26 12:40:54 2018 +0200 tests: run tls-fuzzer PSK testsuite Resolves #508 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 26 11:27:23 2018 +0200 tests: added unit test of handshake with large certificate This checks whether handshake message fragmentation and de-fragmentation is functional on server and client. Resolves #513 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 26 11:02:37 2018 +0200 certtool: eliminated limits in certificate export size That allows printing an exporting certificates of size only bounded by avail memory. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 26 10:56:25 2018 +0200 certtool: eliminate maximum limit in fields read with READ_MULTI_LINE_TOKENIZED() This allows to generate a certificate with an extension of arbitrary size. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 25 16:41:38 2018 +0200 gnutls.h: corrected typo Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 25 14:48:47 2018 +0200 send_client_hello: don't override version after HRR is received When a Hello Retry Request is received, do not set our (transient) version to TLS1.2 on the second client hello. That's because both peers have already negotiated TLS1.3. This addresses issue with peers which may send a changecipherspec message at this stage, which is now allowed when our version is set to be TLS1.2. Introduced test suite using openssl and resumption using HRR which reproduces the issue. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 25 13:08:35 2018 +0200 hello_ext_parse: apply the test for pre-shared key ext being last on client hello We were incorrectly insisting on pre-shared key extension being last in both client and server hello. That was incorrect, as only in client hello it is required by TLS1.3 to be last. Quoting: The "pre_shared_key" extension MUST be the last extension in the ClientHello (this facilitates implementation as described below). Servers MUST check that it is the last extension and otherwise fail the handshake with an "illegal_parameter" alert. Resolves #525 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 24 20:58:10 2018 +0200 .gitlab-ci.yml: automatically retry failed jobs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 24 16:48:32 2018 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 24 16:38:08 2018 +0200 allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks In 9829ef9a we introduced a wrapper over the older callback functions which didn't handle this case. Resolves #528 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Fri Jul 20 20:49:28 2018 +0300 cert-cred: fix possible segfault when resetting cert retrieval function Reset get_cert_callback3 callback to NULL if provided callback is NULL. Otherwise after the certificate request call_legacy_cert_cb1 / call_legacy_cert_cb2 will try to unconditionally call legacy_cert_cb1 / legacy_cert_cb2 callback (set to NULL) leading to segfault. Fixes: 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2 Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Jul 22 20:31:36 2018 +0300 kx: for uniformity print master secret size During keys setup phase debug log will contain sizes of all keys and secrets, except master secret. Dump MS length (48) to log for uniformity. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Jul 22 20:31:09 2018 +0300 constate: dump full key block to log Include full key block to the debug log. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Jul 22 20:30:04 2018 +0300 constate: dump MAC keys to debug log _gnutls_set_keys() can dump client/server write keys/ivs to debug log, but it skips MAC keys. Add MAC keys to log. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Jul 22 20:25:35 2018 +0300 constate: drop unused variable in _gnutls_set_keys _gnutls_set_keys() creates rrnd as client random + server random, but does not use it (it was used before for export key generation, but was not removed when dropping support for export cipher suites). Signed-off-by: Dmitry Eremin-Solenikov Fixes: 8bdb8d53aa5b4c5d04255b6c9b5f2dac8b23d51b Author: Dmitry Baryshkov Date: Sat Jul 21 13:23:42 2018 +0300 cert auth: simplify certificate selection code Merge pubkey_is_compat_with_cs() and select_sign_algorithm() functions to ease extension of certificate selection code. Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Thu Jul 19 12:50:13 2018 +0200 Remove trailing dot from hostname input Fixes #532 Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Tue Jul 17 09:03:38 2018 +0200 gnutls_x509_privkey_import_ecc_raw: encode parameters on import That makes the structure fully usable after import. In _encode_privkey() use the lower-level _gnutls_x509_export_int2() for key encoding as the call to higher gnutls_x509_privkey_export2() could result to an infinite recursion when keys are incomplete. Introduced additional tests for PKCS#8 key import and export. Resolves: #516 Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Thu Jul 19 14:19:07 2018 +0300 certtool: use gnutls_gost_paramset_get_name gost_param_name() predates gnutls_gost_paramset_get_name() and gnutls_gost_paramset_t. Use current API functions instead of hand-coding new functions. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Thu Jul 19 11:24:04 2018 +0200 gnutls-cli: do not fail if CKA_ID is too long Increased the buffer needed to read reasonable-sized CKA_IDs and avoid failure when the CKA_ID is too long. Resolves #520 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 19 07:47:40 2018 +0200 .gitlab-ci.yml: combined abi-check and TLS1.3 check runs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 19 06:06:34 2018 +0200 tests: handshake-timeout: reverted virt-time.h usage The tests nature (waiting on a socket) didn't fit well with the virt-time implementation. Reverted to original real-time wait and improved error detection in child process. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 16 14:04:01 2018 +0200 gnutls_priority_init: fix err_pos on invalid strings When the provided string would be resolved (e.g., due to a @ priority being used), to a different string, then do not attempt to detect the right location of the error. It will not be useful to the caller. This addresses the issue of test suite failure when --with-system-priority-file and --with-default-priority-string are provided. It also enhances the test suite with these options being active. Resolves #517 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 17 21:55:33 2018 +0200 examples: tlsproxy: use snprintf instead of strncpy Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 17 08:17:13 2018 +0200 doc: simplified documentation on threads Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 17 13:53:02 2018 +0200 examples: tlsproxy: eliminated warnings Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 16 09:10:21 2018 +0200 .gitlab-ci.yml: updated win32 targets Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 16 08:27:54 2018 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 15 18:38:40 2018 +0200 gnutls-cli: mark legacy options as deprecated This removes the --ranges and --disable-extensions options from the default listing of options. They are disfunctional and may be removed in the future. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 14 17:39:03 2018 +0200 .travis.yml: update brew and use nettle 3.4 Resolves #480 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 14 08:39:52 2018 +0200 .gitlab-ci.yml: Werror build runs with -std=c99 This ensures that the errors reported will be relevant for the required version of the standard. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 14 17:30:49 2018 +0200 bumped versions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 14 08:27:26 2018 +0200 _gnutls_resolve_priorities: avoid gnu extension for ?: construct Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 16:11:16 2018 +0200 NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 14:23:28 2018 +0200 nettle/rnd-fips: updated documentation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 14:01:44 2018 +0200 gnutls-cli: improve error reporting with -l --priority option Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 11:18:21 2018 +0200 cipher-listings: use the sed found by configure script and make it portable Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 09:04:42 2018 +0200 tests: tls-fuzzer: separated SSL3.0 from TLS1.x tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 12 16:17:02 2018 +0200 gnutls-cli-debug: do not attempt SSL3.0 negotiation when not enabled Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 12 15:41:21 2018 +0200 priorities: ensure that SSL3.0 enablement fails early when disabled That is, that a priority string with only SSL3.0 present is discarded as invalid. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 12 15:14:39 2018 +0200 The SSL 3.0 protocol is disabled on compile time by default It can be re-enabled by specifying --enable-ssl3-support on configure script. This is the first step before removing support for the protocol completely. Relates #103 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 08:45:49 2018 +0200 tests: gnutls-cli-debug.sh: corrected run under FIPS mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 07:10:11 2018 +0200 doc: minor text updates Updated text for gnutls_session_ext_master_secret_status and for GNUTLS_NO_EXTENSIONS flag which is defunc. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 07:08:42 2018 +0200 gnutls-cli-debug: fix EtM and extended master secret discovery In particular do not set the GNUTLS_NO_EXTENSIONS flag by default, and only enable block ciphers for the EtM check. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 13 06:40:08 2018 +0200 tests: improved unit test of gnutls-cli-debug Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 12 09:20:57 2018 +0200 gnutls-cli-debug: generalized cipher tests That is, tests now check for either the 128-bit or the 256-bit of the cipher consistently. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 12 09:19:13 2018 +0200 gnutls-cli-debug: removed legacy tests no longer applicable Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 12 09:17:11 2018 +0200 gnutls-cli-debug: detect TLS1.3 support Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 11 21:26:05 2018 +0200 gnutls-cli-debug: when testing servers enable all ciphers Resolves #515 Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Tue Jul 3 11:33:21 2018 +0200 doc: update for TLS 1.3 Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 09:56:35 2018 +0200 _gnutls13_recv_async_handshake: process multiple and split handshake messages It is permitted to concatenate multiple async handshake messages in a single record message as well as split large messages (NST) into multiple records. Modified _gnutls13_recv_async_handshake() to process them correctly, instead of assuming that they are formatted as one message per record. Resolves #510 Resolves #504 Relates #511 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 10:18:23 2018 +0200 tests: check whether multiple tickets can be sent/received Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 10:11:41 2018 +0200 gnutls_session_ticket_send: allow sending multiple tickets in one go This allows combining the tickets in a single record message when possible. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 4 07:42:44 2018 +0200 tests: handshake-timeout: use virt_sec_sleep() to avoid long delays in test Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 16:28:28 2018 +0200 generate_session_ticket: tickets cannot extend the original session time That is, on a resumed session the server would not issue new tickets that would have extended the lifetime of the originally issued ticket. Resolves #476 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 3 18:42:01 2018 +0200 pre_shared_key: do not send extension when no identities are present Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 20:25:40 2018 +0200 tests: corrected priority strings in session-tickets-ok and other cleanups Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 3 10:22:04 2018 +0200 doc: mention session ticket behavior under TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 16:29:04 2018 +0200 generate_session_ticket: use a 4-byte nonce by default It is not necessary to use large nonces. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 16:22:04 2018 +0200 pre_shared_key: use time_t type for ticket_age variable This is guarranteed to allow negative values, and also be 32-bits. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 16:19:35 2018 +0200 generate_session_ticket: fixed comment Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Mon Jul 9 18:21:20 2018 +0300 lib: document digest and paramset in gost key import functions Document behaviour of gnutls_pubkey_import_gost_raw, gnutls_privkey_import_gost_raw and gnutls_x509_privkey_import_gost_raw. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Jul 9 14:22:34 2018 +0300 lib/x509: use new function to deduce default GOST paramset Use new _gnutls_gost_paramset_default() function to deduce default GOST paramset, instead of hardcoding if/else in several places. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Jul 9 14:02:14 2018 +0300 lib: remove undefined behaviour when handling GOST paramset Initial version of GOST patchset used param < 0 to represent unknown value. Later special enum entry GNUTLS_GOST_PARAMSET_UNKNOWN was introduced. Fix several leftovers comparing params to 0 directly. Closes #505. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Mon Jul 9 12:40:59 2018 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 25 10:36:18 2018 +0200 gnutls_priority_init2,gnutls_set_default_priority_append: introduced This allows enhancing the default priority with additional options, allowing an application to introduce stricter (or weaker) settings without requiring it to override all settings. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 7 19:52:04 2018 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 7 19:48:14 2018 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sat Jul 7 14:20:01 2018 +0200 configure: Fix progress message for --enable-tls13-support Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Sat Jul 7 10:21:51 2018 +0200 tests: tls-fuzzer-alpn: operate on random port This allows parallel run of the test with other tlsfuzzer tests. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 3 08:49:06 2018 +0200 configure: added option --enable-tls13-support The new option enables TLS1.3 draft-28 support unconditionally. Updated the test suite to run when TLS1.3 is enabled by default, and added a CI run with TLS1.3 enabled. Resolves #424 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 3 11:45:31 2018 +0200 _gnutls_figure_common_ciphersuite: apply rfc7919 requirements only under TLS1.2 Under TLS1.3 there is no requirement to return insufficient security depending on the FFDHE group negotiation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 3 09:06:27 2018 +0200 supported_versions: do not parse in server side when TLS1.3 is disabled This allows a server to negotiate older versions using the previous TLS negotiation scheme. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 3 08:31:13 2018 +0200 protocols: bumped TLS1.3 protocol to draft-28 Resolves #506 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 4 10:08:06 2018 +0200 tests: mini-record-timing: avoid warning for too large stack usage Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 11:47:34 2018 +0200 tlsfuzzer: updated to include RSA and RSA-PSS related tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 08:32:52 2018 +0200 sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS If the signature algorithm sets the `cert_pk` field, ignore the `pk` field completely. Not doing that would make the RSAE signature algorithms with RSA-PSS certificates which is against the intended use of `cert_pk`. Resolves #500 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 14:12:48 2018 +0200 tlsproxy: included but not as submodule This allows updating the example when necessary within the repository and reduces the amount of external dependencies for CI. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 14:12:15 2018 +0200 tlsproxy: removed submodule Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 1 21:03:28 2018 +0200 tests: introduced tests about crypto API failures on illegal use This ensures that any mistakes in using the crypto API are propagated to the higher level calls, or result to an abort(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 1 12:49:55 2018 +0200 gnutls_aead_cipher_encryptv: eliminate signed/unsigned warnings under x86 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 1 22:00:09 2018 +0200 accelerated: error on the cases where the nettle API would have errored This ensures that illegal uses of the API would be propagated to the higher levels. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 1 22:08:16 2018 +0200 gnutls_cipher_add_auth: propagate error codes Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 1 11:27:48 2018 +0200 certtool: properly print an int64_t value Also included the gnulib inttype module for portability. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 1 11:24:16 2018 +0200 certtool: print information on time_t restrictions on failure This informs the user of the tool why dates after 2038 cannot be expressed on systems with a 32-bit time_t. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 30 16:49:53 2018 +0200 tests: verify that certtool operates as expected with dates after 2038 That is, whether it works with a time_t of 64-bit size, and fails with a time_t of 32-bit size. Resolves #370 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 1 12:39:28 2018 +0200 tests: check explicitly the size of time_t Previously we were disabling the 2038 tests on 32-bit systems, but there can be 32-bit systems with a 64-bit time_t. Ensure that we run the right tests. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 30 16:48:54 2018 +0200 tests: better guarding of variable SKIP_DATEFUDGE_CHECK Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 21:31:43 2018 +0200 tests: ignore PIPE signal on TLS1.3-related tests This was inadvertently omitted and that could cause unexpected issues when one of the peers would close the connection earlier than expected. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 15:00:13 2018 +0200 tests: check for GNUTLS_E_GOT_APPLICATION_DATA on post-handshake auth That is, check whether GNUTLS_E_GOT_APPLICATION_DATA is received as documented, and whether post-handshake auth can complete while this is being sent. Resolves #490 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 14:38:40 2018 +0200 post-handshake: return GNUTLS_E_GOT_APPLICATION_DATA as documented to Relates #490 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 13:57:11 2018 +0200 tests: introduced test for post-handshake auth + PSK Relates #489 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 14:19:02 2018 +0200 tls13 handshake: allow certificate messages after handshake This allows post-handshake authentication even when PSK is negotiated. Resolves #489 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 13:41:13 2018 +0200 gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH This allows a server application to detect whether the client would support post handshake authentication or not without initiating via gnutls_reauth(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 2 08:10:45 2018 +0200 gnutls-serv: make --disable-client-cert and --require-client-cert options incompatible That is refuse to run when both options are specified. Resolves #502 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 29 22:40:27 2018 +0200 tests: verify whether GNUTLS_TLS_VERSION_MAX is negotiated on default mode Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Fri Jun 29 10:33:18 2018 +0200 Fixes + cleanups for .gitlab-ci.yml Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 21:46:24 2018 +0200 p11tool: remove duplicate branch The GNUTLS_PKCS11_OBJ_ATTR_MATCH and GNUTLS_PKCS11_OBJ_ATTR_ALL attributes are the same, so there is no need to handle them separately. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Jun 26 12:50:30 2018 +0200 Add strdup-posix gnulib module Some files in gl/tests won't build in environments without strdup(), e.g. MinGW on Debian. The gnulib docs advise to explicitly add the module. Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Thu Jun 21 11:29:19 2018 +0200 testcompat-tls13-openssl: fix openssl interactions * Do not require certificate validation on tests where no certificate is sent * Rekey test performs data transfer after re-key This introduces a dependency on the expect package for testing, and updates openssl to address an issue in post-handshake auth interop testing. Resolves #488 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 22 14:14:07 2018 +0200 gnutls-serv: when post-handshake auth is asked; require a certificate This allows testing post-handshake authentication using gnutls-serv. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 21 15:05:40 2018 +0200 key update: corrected generation of keys Resolves #485 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 21 08:46:04 2018 +0200 gnutls-cli: wait for all server data prior to closing connection This cleans-up the existing code which was disfunctional and allows detecting errors which happen after we transmit data to the server. Relates #485 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 13:34:16 2018 +0200 .gitignore: added new test executables Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 27 13:27:39 2018 +0200 tests: eliminated compiler warnings Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Tue Jun 26 16:02:45 2018 +0300 Update .gitignore files according to bootstrap Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Jun 26 15:22:49 2018 +0300 src: fix regenerating autogen files if builddir = srcdir Signed-off-by: Dmitry Eremin-Solenikov Author: Rolf Eike Beer Date: Tue Jun 26 15:18:36 2018 +0200 convert from milliseconds to timespec without loop Signed-off-by: Rolf Eike Beer Author: Rolf Eike Beer Date: Tue Jun 26 15:02:51 2018 +0200 use timespec_sub_ms() instead of open coding it Signed-off-by: Rolf Eike Beer Author: Rolf Eike Beer Date: Tue Jun 26 14:59:54 2018 +0200 avoid overflow when substracting timespecs if rdtsc is not available This may still overflow on platforms where unsigned long is 32 bit (e.g. 32 bit Un*x, any Windows) when the delta is more than 4 seconds. Signed-off-by: Rolf Eike Beer Author: Dmitry Baryshkov Date: Tue Jun 26 11:38:58 2018 +0300 lib/nettle/gost: support building with mini-nettle/mini-gmp Do not depend directly on gmp.h. Closes: #497 Signed-off-by: Dmitry Eremin-Solenikov Author: Rolf Eike Beer Date: Tue Jun 26 09:39:19 2018 +0200 avoid rounding errors and overflows when substracting timespecs The current Unix time will cause overflows if multiplied with 1000, which could lead to rounding errors afterwards. Do the substractions first so all numbers stay small enough to fit into unsigned ints. Signed-off-by: Rolf Eike Beer Author: Nikos Mavrogiannopoulos Date: Mon Jun 25 12:30:55 2018 +0200 wrap_nettle_pk_generate_keys: retry on provable key generation This resolves issue with occasional failures under RSA key generation in FIPS140-2 mode. Resolves #283 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Sat Jun 23 15:11:17 2018 +0200 Let ./bootstrap sync from translationproject.org This makes manual updating of the translations obsolete. From now on, builds and tarballs will always have the latest translations included. We should not forget to inform translationproject.org to update the translations before a release. How to do that is described at https://translationproject.org/html/maintainers.html (6. Announcing). Author: Nikos Mavrogiannopoulos Date: Tue Jun 26 02:38:51 2018 +0200 gnutls_session_get_desc: fixed desc printing of custom groups Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 25 10:06:25 2018 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 24 21:46:15 2018 +0200 aarch64: use getauxval() if available to discover cpu caps This improves CPU detection by avoiding the parsing of of a human-readable file and allows operation under debian multilib qemu setup. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 24 21:50:15 2018 +0200 .gitlab-ci.yml: no need for submodule update on cross-builds Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 18 13:14:03 2018 +0200 .gitlab-ci.yml: use qemu for aarch64 testing This eliminates the need (and costs) to maintain a separate baremetal system. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 24 08:27:00 2018 +0200 .gitlab-ci.yml: corrected typo Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 24 08:06:55 2018 +0200 .gitlab-ci.yml: skip submodule initialization when not necessary This prevents unnecessary download of submodules on CI. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 24 06:51:14 2018 +0200 .gitlab-ci.yml: updated x86 CI builds with better datefudge detection Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 24 06:58:37 2018 +0200 .gitlab-ci.yml: debian stretch build replaced by buster Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 23 19:38:26 2018 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 23 19:35:13 2018 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Fri Jun 15 13:38:44 2018 +0300 tests: add PKCS#12 test script for GOST 28147-89-encrypted files Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Jun 15 13:06:41 2018 +0300 certtool: honour --hash option when generating PKCS#12 files Use algorithm specified with --hash option when generating MAC for PKCS#12 file, allowing user to select algorithms other than SHA-1. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Sep 24 10:31:39 2017 +0300 tests: expand pkcs7 test to also check GOST files Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Sep 23 22:51:19 2017 +0300 test: test GOST keys import/export Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Sep 23 21:40:34 2017 +0300 certtool: ask if certificate will be used for data encryption Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Sep 23 21:37:18 2017 +0300 tests: add common gost certificates for tests Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Dec 6 03:57:24 2016 +0300 Support key matching with GOST keys GOST keys do not support signing non-GOST hashes, so use correct digest algorithm when verifying that GOST public and private keys match. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Nov 26 04:51:41 2016 +0300 Add generated GOST credentials for tests Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 21 20:58:00 2016 +0300 Use GOST R 34.11-94 when generating key for PKCS data to be encrypted with GOST 28147-89 Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 21 20:52:43 2016 +0300 certtool: support generating GOST-encrypted PKCS#8/12 files Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Nov 18 00:23:54 2016 +0300 Add gost certificates to chainverify tests Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Nov 17 10:47:16 2016 +0300 Expand x509 sign/verify test with GOST algorithms Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Nov 17 10:22:11 2016 +0300 oids: expand to include GOST digests/signatures Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Aug 29 17:44:10 2017 +0300 tests: privkey-keygen: adapt to support GOST algorithms Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Oct 24 20:56:46 2016 +0300 Support GOST private keys generation Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 18:01:20 2016 +0300 certtool: support dumping GOST private key information Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 17:38:57 2016 +0300 Add several DN entry definitions used by qualified GOST signatures Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Aug 28 14:34:33 2017 +0300 certool: export GOST privkeys only in PKCS#8 format Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 9 14:19:58 2016 +0300 Add support for PKCS12 files using GOST MAC Local PKCS12-based standard derives from RFC 7292 (PKCS #12) in using PBKDF2 to generate MAC key rather than using PKCS12 scheme. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 9 14:02:56 2016 +0300 Add support for PBES2/PBKDF2 using GOST algorithms Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Jan 28 06:01:01 2017 +0300 Support PKCS#12 key derivation with GOST digests Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 17:56:04 2016 +0300 Add support for importing/exporting GOST private keys Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Sep 18 12:54:12 2017 +0300 Support importing/exporting X.509 GOST public keys Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 04:43:35 2016 +0300 Add ASN.1 definitions for GOST keys Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 04:07:36 2016 +0300 nettle: add support for GOST 34.10 public keys There is no support for GOST public keys derivation, as it is used only for TLS or PKCS#7 with encrypted content. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 17:05:38 2016 +0300 Add few functions to support basic operations with GOST public keys Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 04:02:30 2016 +0300 Add declarations for GOST R 34.10 signatures Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 03:55:10 2016 +0300 Define GOST R 34.10 curves Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 04:00:21 2016 +0300 Add declarations to support GOST public keys Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 29 05:28:17 2016 +0300 Add support for I/O of little-endian MPI Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Nov 29 05:30:10 2016 +0300 nettle: add support for unsigned LE MPIs Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 04:05:41 2016 +0300 nettle: add support for GOST 34.11 hash functions Add support for GOST R 34.11-94 and Streebog (256/512) functions. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 04:05:07 2016 +0300 nettle: support GOST28147-89 in CFB mode Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Thu Oct 27 03:18:32 2016 +0300 Add declarations for GOST 28147-89 cipher in CFB mode Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 03:57:17 2016 +0300 Add declarations for GOST R 34.11 (-94 and -2012) digest algorithms Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Aug 29 15:12:53 2017 +0300 Import GOST-supporting part from Nettle pending patches Nettle upstream takes significant time to accept GOST-related patches. As per Nikos' suggestion, push relevant parts to GnuTLS, so that they can be tested in wild at the same time supporting GOST ciphersuite code. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sun Sep 17 20:57:52 2017 +0300 .gitlab-ci.yml: disable gost in minimal build Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Oct 26 22:34:17 2016 +0300 Add configure argument to disable GOST support Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Tue Jun 12 10:16:10 2018 +0200 _gnutls_parse_hello_extensions: enforce that pre-shared-key extension is last This is a requirement in draft-ietf-tls-tls13-28 4.2.11 section: The "pre_shared_key" extension MUST be the last extension in the ClientHello (this facilitates implementation as described below). Servers MUST check that it is the last extension and otherwise fail the handshake with an "illegal_parameter" alert. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 12 10:01:22 2018 +0200 tests: check whether we send the pre-shared key extension after dumbfw Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 12 09:35:16 2018 +0200 tests: corrected typo in comment Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 8 10:48:32 2018 +0200 extensions: corrected order of pre-shared-key and dumbfw The pre-shared-key MUST always be last under TLS1.3 while the dumbfw extension should be last in order to do proper evaluation of extension size (gnutls requirement). As such the protocol requirement takes precedence. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Jun 19 13:21:44 2018 +0200 Fix test code for -Werror Author: Nikos Mavrogiannopoulos Date: Tue Jun 19 14:59:33 2018 +0200 tests: updated supplemental tests for TLS1.3 This includes tests that verify that TLS1.3 is not negotiated when supplemental data are set in client and/or server side. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 19 16:03:52 2018 +0200 gnutls_supplemental_register: disable TLS 1.3 globally This allows using the registered supplemental data handlers, since these are not used under TLS 1.3. Resolves #479 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 19 14:42:13 2018 +0200 gnutls_session_supplemental_register: disable TLS1.3 when set This allows using the registered supplemental data handlers, since these are not used under TLS 1.3. Resolves #479 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Jun 19 12:02:13 2018 +0200 Remove oss-fuzz copora from tarball The size of the corpora is huge and not needed for normal builds. This patch also fixes test run issues on Windows. Author: Nikos Mavrogiannopoulos Date: Wed Jun 20 13:20:27 2018 +0200 gnutls-cli: introduce the rekey1 inline command That allows performing a rekey locally and with the peer. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 18 11:33:34 2018 +0200 document new behavior on safe padding removal Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 18 11:22:36 2018 +0200 record: fail with invalid request when attempting to send no pad and no data Previously we were returning an internal error which seems to be incorrect in that case. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 18 11:15:56 2018 +0200 tests: enhance padding check This introduces tests for zero-data transfers with padding as well as padding and de-padding with safe padding flag set. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 18 11:03:40 2018 +0200 gnutls-cli: added CCM run under TLS1.2 in benchmark mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 18 11:00:39 2018 +0200 cipher: made TLS1.3 safe padding check optional This patch introduces the gnutls_init() flag GNUTLS_SAFE_PADDING_CHECK which makes the TLS1.3 safe padding check optional. That way applications which do not utilize the TLS1.3 padding do not get penalized by the performance drop in TLS1.3 packet processing. This addresses a regression in TLS1.3 packet processing performance. Resolves: #466 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 19 13:16:13 2018 +0200 gnutls_session_get_id: document restrictions This documents the fact that a TLS session ID cannot be relied to be unique or to even have a meaningful value. Resolves #484 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 19 13:08:27 2018 +0200 tests: verify that resumed session ID matches original Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Tue Jun 19 18:23:14 2018 +0300 Makefile.am: move autogen files update to src/Makefile.am Move autogen'ed files update to src/Makefile.am to simplify code and support out-of-tree builds. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Jun 19 18:20:18 2018 +0300 Makefile.am: files-update: support out-of-tree builds Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Tue Jun 19 11:26:09 2018 +0300 symbol-check: fix typo to make it work for out-of-tree builds Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Sat Jun 16 15:46:25 2018 +0200 aarch64: update elf files to correspond to the macosx version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 10 14:08:54 2018 +0200 macosx: include aarch64 asm files Relates #475 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 16 15:27:02 2018 +0200 Makefile.am: abi-check: fetch fresh tags This addresses the issue of failed abi-check CI runs on forked repositories. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 18 15:10:32 2018 +0200 drbg-aes: removed the continuous DRBG checks These are no longer necessary for FIPS140-2 compliance. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Fri Jun 15 19:39:22 2018 +0200 Fix usage of 'autoreconf' 'autoreconf' created a different configure script than ./bootstrap. The result was a broken wchar.h that failed to compile. The work-around was 'autoreconf -I gl/m4' which is not what a developer expects. This patch moves gl/m4/* to m4/ which is the default include dir for autoreconf. Signed-off-by: Tim Rühsen Author: Martin Storsjo Date: Thu Jun 14 12:53:42 2018 +0300 configure: Check for clock_gettime and fmemopen using a proper test Don't use AC_CHECK_FUNCS for these functions, but actually test by including the real header that defines the functions. This allows the macOS version selection work as intended, making the references to these functions weak if targeting a version of macOS where these functions aren't available. Thanks to -no_weak_imports, these weak references end up in failed linker tests, marking the functions as unavailable. This fixes issue #142. Signed-off-by: Martin Storsjo Author: Martin Storsjo Date: Thu Jun 14 12:52:03 2018 +0300 configure: Include sys/random.h before checking for getentropy on macOS This function is available since macOS 10.12, but it's in sys/random.h on macOS, contrary to the other platforms supporting it where it is present in unistd.h. If we don't include the right header that declares the function and its availability, the configure check would succeed even if targeting older versions of macOS that lacks the function. Also include the same header in the source file that actually uses getentropy. Signed-off-by: Martin Storsjo Author: Martin Storsjo Date: Thu Jun 14 12:36:10 2018 +0300 configure: Pass -no_weak_imports to the linker, if supported This avoids linking to functions that aren't available in the lowest targeted macOS version. If the proper header declaring a function is included, and gnutls is built with -mmacosx-version-min or the MACOSX_DEPLOYMENT_TARGET environment variable is set, each reference to a function that doesn't exist in the minimum targeted version will be made a weak reference, so that loading the binary still works, but the function pointer will resolve to NULL if running on a version of the platform that lacks it. Since this project doesn't do such runtime checks for functions it expects to have available, we should instead add this linker option to fail on the weak references. This allows autoconf to work as intended, detecting that these functions aren't usable. This flag appeared in Xcode 8, so check for its availability before using it. (Xcode 8 and the 10.12 SDK is coincidentally the release where most relevant new functions appeared, so with older Xcode versions, the modern platform functions we might want to avoid don't exist.) See issue #142. Signed-off-by: Martin Storsjo Author: Martin Storsjo Date: Thu Jun 14 13:47:41 2018 +0300 configure: Remove a duplicate check for fmemopen The duplicate was added in 5bb8a18b without any specific reasoning as to why. Signed-off-by: Martin Storsjo Author: Daiki Ueno Date: Wed Jun 13 17:50:20 2018 +0200 tlsfuzzer: update to the latest version Also enable test-tls13-hrr.py. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jun 13 17:47:50 2018 +0200 _gnutls13_handshake_server: send CCS immediately after HRR In the TLS 1.3 middlebox compatibility mode, CCS follows the first handshake message sent from the server, that is either SH or HRR. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Thu Jun 14 13:43:30 2018 +0200 _gnutls13_handshake_server: corrected transition when post_handshake callback is set Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Wed Jun 13 17:43:32 2018 +0200 _gnutls_send_change_cipher_spec: don't cache under TLS 1.3 Under TLS 1.3, when the server sent HRR, CCS may be followed by receiving ClientHello. In that case, the messsage shouldn't be cached. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sun Jun 10 11:42:10 2018 +0200 abi-check skip session::set_transport_vec_push_function This prevents an abi-compliance checker error when run under gcc8 (though this error is not there under any other gcc). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun May 27 15:13:47 2018 +0200 corrected check for iovec types in libc Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 2 22:23:29 2018 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 2 22:15:58 2018 +0200 gnutls-cli: benchmark for TLS1.3 and TLS1.2 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 2 21:37:00 2018 +0200 cipher: use gnutls_aead_cipher_encryptv This eliminates the need of a memory allocation during each packet encryption when no padding is done. Relates #458 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 2 21:25:10 2018 +0200 gnutls_aead_cipher_encryptv: introduced This API allows encryption using a scatter input, by also taking advantage of ciphers which are optimized for such input. That is particularly useful under TLS1.3 since its encryption is based on encryption of scattered data (data+pad). Resolves #458 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 2 21:23:41 2018 +0200 MAX_CIPHER_BLOCK_SIZE: increased to 64-bytes for CHACHA20 This was not necessary since that value was only used by block (in TLS sense) ciphers, but that definition could also be used for the CHACHA20. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 14 14:51:23 2018 +0200 configure: reduce warnings about implicit-fallthrough [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 14 13:22:03 2018 +0200 gnutls_alert_send_appropriate: fix type Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 14 13:18:54 2018 +0200 README-ci.freebsd.md: updated for new build method with gnulib [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Wed Jun 6 09:45:32 2018 +0200 Use $(MAKE) instead of make Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Jun 5 17:06:05 2018 +0200 distclean temp. test files for 'make distcheck' Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Tue Jun 5 10:58:10 2018 +0200 Add DISTCLEANFILES to src/Makefile.am to fix 'make distcheck' Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Jun 4 16:15:07 2018 +0200 Fix creation of ChangeLog for 'make distcheck' Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Jun 4 11:56:57 2018 +0200 Fix 'compare-makefile' make target for 'make distcheck' Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Jun 4 11:33:18 2018 +0200 Fix 'compare-exported' make target for 'make distcheck' Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu May 31 13:20:51 2018 +0200 Fix distcheck issues Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon May 21 16:25:20 2018 +0200 Fix gcc 8 warnings Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sat May 19 13:24:58 2018 +0200 Fix CI testing -Werror Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sat May 19 10:19:32 2018 +0200 Skip sc_prohibit_always_true_header_tests We can't simply remove the checks for HAVE_SYS_SOCKET_H. If we do, we have to make checks on real WIN32, which is currently not an option. So we skip sc_prohibit_always_true_header_tests. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sat May 19 09:37:24 2018 +0200 Fix sc_prohibit_always-defined_macros Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri May 18 23:23:26 2018 +0200 Avoid certain gnulib tests Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri May 18 23:10:16 2018 +0200 Update GTK-DOC check in configure.ac Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed Jun 6 09:19:45 2018 +0200 Use ./bootstrap in .gitlab-ci.yml Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri May 18 20:31:31 2018 +0200 Add bootstrap + bootstrap.conf Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri May 18 20:06:16 2018 +0200 Add gnulib submodule Signed-off-by: Tim Rühsen Author: Dmitry Baryshkov Date: Wed Jun 13 12:12:18 2018 +0300 nettle: require Nettle library >= 3.4 Nettle version 3.4 was released more than a half year ago, require it to compile GnuTLS library. It allows us to remove bundled code that was merged into that release. Signed-off-by: Dmitry Eremin-Solenikov Author: Daiki Ueno Date: Tue Jun 12 13:01:17 2018 +0200 .gitlab-ci.yml: fix artifact paths for TLS1.3/interop Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Tue Jun 12 09:12:07 2018 +0200 tlsfuzzer-tls13: use a random port for testing That eliminates the need for locking and allows parallel runs. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Fri Jun 8 13:13:27 2018 +0200 tlsfuzzer: update to the latest version Also enable the TLS 1.3 tests. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jun 11 12:08:18 2018 +0200 buffers: remove redundant assignment Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Jun 11 10:51:16 2018 +0200 record: use correct alert type upon receiving empty Alert Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 8 15:55:06 2018 +0200 record: improve empty message handling in TLS 1.3 Previously, _gnutls_recv_in_buffers() silently discarded empty messages because such messages are used as a countermeasure to vulnerabilities in the CBC mode. In TLS 1.3, however, there are only AEAD ciphers and such logic is meaningless. Moreover, in the protocol it is suggested to send "unexpected_message" alert when receiving empty messages in certain occasions. This change moves the empty message handling to record_add_to_buffers(). Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 8 12:51:40 2018 +0200 record: fix padding removal when the payload is zero-length Previoysly if TLSInnerPlaintext.content is zero-length, the loop couldn't detect ContentType following the content. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Tue Jun 5 10:37:58 2018 +0200 priorities: introduced %FORCE_ETM This introduces a priority string option to force encrypt-then-mac during negotiation, to prevent negotiating the legacy CBC ciphersuites. Resolves #472 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 6 09:25:20 2018 +0200 priorities: hmac-sha256 ciphersuites were removed from defaults These ciphersuites are deprecated since the introduction of AEAD ciphersuites, and are only necessary for compatibility with older servers. Since older servers already support hmac-sha1 there is no reason to keep these ciphersuites enabled by default, as they increase our attack surface. Relates #456 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 7 09:56:49 2018 +0200 cbc_mac_verify: require minimum padding under SSL3.0 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 7 09:54:50 2018 +0200 cipher: separated CBC w/o EtM handling This would allow to further modify for more invasive work-arounds. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 4 17:57:52 2018 +0200 dummy_wait: always hash the same amount of blocks that would have been on minimum pad This improves protection against lucky13-type of attacks when encrypt-then-mac is not in use. Resolves #456 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 21 09:04:55 2018 +0200 cbc-record-check.sh: introduced That enhances the existing CBC check and adds sha384, uses PSK to reduce handshake time, and other updates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 18 15:43:36 2018 +0200 dummy_wait: correctly account the length field in SHA384 HMAC The existing lucky13 attack count-measures did not work correctly for SHA384 HMAC. The overall impact of that should not be significant as SHA384 is prioritized lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported by the peer. Resolves #455 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Thu Jun 7 12:11:30 2018 +0200 Fix warnings seen on OpenCSW Solaris 10 Signed-off-by: Tim Rühsen Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 8 08:56:23 2018 +0200 gnutls_session_get_data2: harmonize documentation with practice Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Wed Jun 6 12:45:13 2018 +0200 Fix variable overflow in TLS1.3 session ticket code Author: Daiki Ueno Date: Fri Jun 1 15:04:49 2018 +0200 tls13/session_ticket: don't send ticket when no common KE modes When the server had received psk_key_exchange_modes extension which doesn't have any overlap with the server configuration, omit to send NewSessionTicket. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Jun 5 14:08:26 2018 +0200 ext/psk_ke_modes: always send extension unless disabled in config With the psk_key_exchange_modes extension, clients can restrict the key exchange modes for use with resumption and in that case the server shouldn't send NewSessionTicket. This patch makes use of it to avoid receiving useless tickets, by sending the psk_key_exchange_modes extension unless PSK is completely disabled. A couple of tests need to be adjusted: tls13/prf to take into account of the psk_key_exchange_modes extension sent, and tls13/no-psk-exts to not treat the presence of the extension as error. Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Wed May 23 22:26:20 2018 +0200 Add --enable-doc to DISTCHECK_CONFIGURE_FLAGS Make sure that 'make distcheck' works even if './configure --disable-doc' has been used in the project dir. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed May 23 22:24:05 2018 +0200 Fix tests 'ocsp-must-staple-connection' and 'ocsp-tls-connection' Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Wed May 23 22:22:27 2018 +0200 Fix tests/cert-tests/template-test for 'make distcheck' Signed-off-by: Tim Rühsen Author: Daiki Ueno Date: Fri Jun 1 09:54:41 2018 +0200 ext/pre_shared_key: make PSK identity parsing robuster Previously, to determine whether a PSK identity is a ticket or a PSK username, it relied on PskIdentity.obfuscated_ticket_age, which "SHOULD" be 0 if the identity is a PSK username. This patch instead checks the key name of the ticket first and then check the constraints of the PSK username. That way, it can distinguish tickets and PSK usernames in a more realible manner. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Jun 1 10:01:08 2018 +0200 _gnutls_decrypt_session_ticket: fail early on key name mismatch If the key name of the ticket doesn't match, we don't need to parse the entire ticket. Signed-off-by: Daiki Ueno Author: Tom Vrancken Date: Tue May 29 15:53:45 2018 +0200 Renamed extension supported ECC to supported groups. Fixes #451. Split combined ECC extensions into different files. Signed-off-by: Tom Vrancken Author: Tim Rühsen Date: Thu May 24 12:45:32 2018 +0200 Fix more warnings in tests/ To not introduce larger code changes, these bugs are mostly fixed by #pragma understood by gcc and clang. A check for the minimal gcc/clang version prevents warnings about unknown pragmas with other or older compilers. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Thu May 24 09:49:34 2018 +0200 Fix warnings in test suite Fixes: tls-ext-register.c:238:11: warning: unused variable 'i' [-Wunused-variable] record-retvals.c:118:14: warning: unused variable 'vers' [-Wunused-variable] record-retvals.c:347:1: warning: label 'next' defined but not used [-Wunused-label] alerts.c:71:14: warning: unused variable 'vers' [-Wunused-variable] alerts.c:71:11: warning: unused variable 'i' [-Wunused-variable] alerts.c:160:11: warning: unused variable 'i' [-Wunused-variable] send-client-cert.c:176:6: warning: no previous prototype for 'start' [-Wmissing-prototypes] tls-session-supplemental.c:186:6: warning: unused variable 'optval' [-Wunused-variable] tls-session-supplemental.c:184:7: warning: unused variable 'topbuf' [-Wunused-variable] tls-session-supplemental.c:183:6: warning: unused variable 'err' [-Wunused-variable] x509self.c:211:6: warning: unused variable 'optval' [-Wunused-variable] x509self.c:208:7: warning: unused variable 'topbuf' [-Wunused-variable] x509self.c:207:6: warning: unused variable 'err' [-Wunused-variable] Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Tue May 22 09:14:45 2018 +0200 tests: resume: check whether PSK username matches on resumption Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 22 09:04:32 2018 +0200 resumption: reduce session parameters stored under TLS1.3 That is, do not store extensions or security parameters which depend on extension negotiation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 15 16:35:32 2018 +0200 session_ticket: use random nonces Avoid using any time values in plain as this could allow association of clients. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 15 16:03:23 2018 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 15 14:14:55 2018 +0200 doc: mention changes under TLS 1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 15 11:22:24 2018 +0200 tests: added main use-case test for gnutls_session_ticket_send() It verifies whether a server can use gnutls_session_ticket_send() to send a ticket after re-authentication, and whether a client can receive that ticket and re-authenticate with it, while its certificate is made available to server. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 15 11:21:55 2018 +0200 handshake: do not include async messages into transcript This prevents the session tickets to affect re-authentication or other operations that require the transcript. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 15 10:27:00 2018 +0200 gnutls_session_ticket_send: new function Introduced in order for a server to be able to send an arbitrary amount of tickets, at any time. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 15 10:10:20 2018 +0200 handshake: store session parameters in TLS1.3 ticket This allows a TLS1.3 server to obtain certificate or other information from the client on a resumed session. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 14 16:05:27 2018 +0200 handshake: TLS1.3 async messages trigger the handshake hook That is, the callback set with gnutls_handshake_set_hook_function() is now called even on the async handshake messages received under TLS1.3, such as key update, etc. Resolves #441 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 14 14:33:15 2018 +0200 tests: check various parameters on resumption That is, check gnutls_session_is_resumed() is functional on server side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers() and gnutls_certificate_get_ours() operate as expected, and whether session resumption fails with tickets after expiration time has passed. In addition improve function documentation by documenting the current semantics for the functions above. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Tue Apr 17 13:32:18 2018 +0200 tests: exercise TLS 1.3 session resumption This requires a few changes to the resume.c test: because NewSessionTicket is a post-handshake message, gnutls_session_get_data2() needs to be called after sending the first application data. Also, when GNUTLS_E_AGAIN, gnutls_record_recv() needs to retry. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Apr 30 14:27:52 2018 +0200 gnutls-cli: ignore E_AGAIN to accommodate async handshake message When an async handshake message has arrived while no application data is available, gnutls_record_recv() returns GNUTLS_E_AGAIN and the loop in socket_recv() blocks. Since socket_recv() is guarded by select(), it should be safe to ignore GNUTLS_E_AGAIN. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Mon May 14 09:01:59 2018 +0200 gnutls_auth_get_type: simplified Signed-off-by: Nikos Mavrogiannopoulos Author: Ander Juaristi Date: Mon Apr 16 17:13:47 2018 +0200 TLS 1.3: Introduced TLS 1.3 session resumption This introduces session resumption under TLS 1.3. For that, it enables the psk_ke_modes extension when we enable session tickets. It enables sending session tickets in addition to PSK usernames. The detection of resumption vs pure PSK is done by comparing the indexes sent with the index received by the server. TLS 1.3 session tickets are always sent to the peer unless the GNUTLS_NO_TICKETS is specified. Resolves #290 Signed-off-by: Ander Juaristi Signed-off-by: Nikos Mavrogiannopoulos Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Thu May 10 14:25:12 2018 +0200 psk_ke_modes: introduce psk_ke_modes_is_required() and update doc This adds a helper function to be extended when session resumption is added, and clarifies why we send a prioritized list on ke modes. Signed-off-by: Nikos Mavrogiannopoulos Signed-off-by: Ander Juaristi Author: Ander Juaristi Date: Thu Apr 12 17:58:47 2018 +0200 session tickets: expose {encrypt,decrypt}_ticket as internal API To reuse the same ticket construction in any TLS versions, expose the private functions in ext/session_ticket.c. Signed-off-by: Ander Juaristi Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu May 3 09:39:15 2018 +0200 ext/pre_shared_key: fix binder calculation when HRR is sent In that case, ClientHello1 and HelloRetryRequest are included in the PSK binder computation, not only the truncated ClientHello2. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Mon Apr 16 17:22:19 2018 +0200 handshake: record transcript offset of client Finished This is for deriving resumption_master_secret, whose value is calculated over ClientHello...client Finished. Signed-off-by: Daiki Ueno Author: Tim Rühsen Date: Thu May 24 15:24:17 2018 +0200 Fix testdane by removing www.kumari.net danetool --check www.kumari.net: Verification: Verification failed. The certificate differs. Signed-off-by: Tim Rühsen Author: Tom Vrancken Date: Tue May 22 11:22:42 2018 +0200 Fixed some spelling issues. [ci skip] Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Mon May 21 21:58:55 2018 +0200 Added extra extension flag to docs. Added description of default pack and unpack functions. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Mon May 21 09:44:16 2018 +0200 Removed section about Heartbleed. Referenced new functions _gnutls_hello_ext_set_datum / _gnutls_hello_ext_get_datum for manipulation extension data. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Sun May 20 10:23:36 2018 +0200 Fixed typo and incorrect function references. Signed-off-by: Tom Vrancken Author: Tom Vrancken Date: Sat May 19 22:22:29 2018 +0200 Updated documentation on Hello extensions. Signed-off-by: Tom Vrancken Author: Nikos Mavrogiannopoulos Date: Sat May 19 11:30:35 2018 +0200 pkcs11: consistent/clear naming of find obj callbacks and structs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 18 11:04:34 2018 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 18 09:19:16 2018 +0200 gnutls_pkcs11_token_get_ptr, gnutls_pkcs11_obj_get_ptr: introduced This allows an application to open a PKCS#11 token using a URI, and use it directly, bypassing gnutls. That is useful to take advantage of PKCS#11 functionality not wrapped by gnutls but still use PKCS#11 URIs to identify the token. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 19 12:47:16 2018 +0200 CONTRIBUTING.md: document why gnulib is kept separate [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Martin Sucha Date: Fri May 18 18:52:41 2018 +0200 certtool: split long prompt for serial Signed-off-by: Martin Sucha Author: Martin Sucha Date: Fri May 18 13:00:43 2018 +0200 doc: add note about CRL numbers to man page Signed-off-by: Martin Sucha Author: Martin Sucha Date: Fri May 18 12:35:39 2018 +0200 certtool: ask again until serial/crl number is valid Signed-off-by: Martin Sucha Author: Martin Sucha Date: Fri May 18 11:39:53 2018 +0200 tests: remove check for broken datefudge This check is not necessary with Fedora 28 build image currently used for CI as it contains datefudge 1.22 as well. Signed-off-by: Martin Sucha Author: Martin Sucha Date: Fri May 18 10:43:26 2018 +0200 certtool: remove extra function I did not notice strip_nl previously. Signed-off-by: Martin Sucha Author: Martin Sucha Date: Fri May 18 10:31:30 2018 +0200 tests: add negative tests for certtool crl numbers Signed-off-by: Martin Sucha Author: Martin Sucha Date: Sun May 13 23:28:33 2018 +0200 doc: add NEWS about serial and CRL numbers Signed-off-by: Martin Sucha Author: Martin Sucha Date: Sun May 13 23:04:29 2018 +0200 doc: add hex format to example template Signed-off-by: Martin Sucha Author: Martin Sucha Date: Thu May 17 12:31:01 2018 +0200 certtool: use larger serial and CRL numbers Serial/CRL numbers can be up to 20 octets in length as per RFC 5280, so it should be possible to use such numbers as input to certtool. certtool only allowed to specify 63-bit numbers in template file or interactively (even though it generated larger numbers in batch mode by default). This patch allows large numbers to be specified as a hexadecimal string. Parsing of decimal numbers larger than native integers would require adding dependency on libgmp directly to certtool or extending the API exposed by GnuTLS library with parsing functions. Since most tools (including GnuTLS) display serial numbers in hexadecimal, it is not worth the trouble to support large decimal numbers. Default values are unified between batch mode and interactive input and their size is extended. CA/Browser forum recommends CAs to include at least 64 bits of random data in the certificate serial numbers in Baseline Requirements[1] section 7.1, but gnutls adds only 32 bits. Some other implementations generate default serial numbers with more entropy as well, here is the current state as of May 2018: +----------------+-------------------------------+ | Implementation | Random bits in default serial | +----------------+-------------------------------+ | OpenSSL [2] | 159 | | CFSSL [3] | 159 | | wolfSSL [4] | 128 | | GnuTLS | 32 | | Mbed TLS [5] | 0 (defaults to 1) | +----------------+-------------------------------+ The 20 octet field size can fit numbers up to 159 bits since the most significant bit must be zero as numbers in DER encoding are in two's complement and the serial and CRL numbers must be positive. Default serial numbers are extended to full 159 bits allowed by the field size and are completely random, which matches other implementations. CRL numbers have the same size requirements, but also need to be monotonic (RFC 5280, section 5.2.3). That's why timestamp is used in them. The timestamp portion is extended from 31 bits to 39 bits as 31 bits will overflow in year 2038. The rest of the available space up to 159 bits allowed in the 20 octet limit is filled with random bits. Since the new CRL numbers are larger, the requirement for them to be monotonically increasing is preserved when upgrading to a newer version. This does not hold the other way around though, so after using a newer version of certtool to generate a CRL with default number and publishing it, it's not possible to use older version anymore to generate subsequent CRLs. Unfortunately, there is no easy workaround for users of older certtool, since it is not possible to specify CRL numbers greater than 63 bits manually prior to this change. Users intending to downgrade to older version later are advised to specify the CRL numbers in new version of certtool manually with values they are smaller than what would get generated by default in the old version. grep does not recognize CRLF line endings generated in tests using MinGW, so we need to convert those to LF endings for $ in the regex to match test output correctly. datefudge 1.21 that is present in Fedora 26 image trims the timestamp to 32 bits. That bug was fixed in datefudge 1.22 available in the Debian image, so we check if datefudge behaves correctly and skip the test that uses more than 32 bits if datefudge is broken. [1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.2.pdf [2] https://github.com/openssl/openssl/blob/6ebb49f3f9c9333611192561979bb799fa1eb76d/apps/apps.c#L1513 [3] https://github.com/cloudflare/cfssl/blob/5d63dbd981b5c408effbb58c442d54761ff94fbd/signer/local/local.go#L295 [4] https://github.com/wolfSSL/wolfssl/blob/d60b16c5b8c19cc61db4a5c3f5e085a7a158cd28/wolfcrypt/src/asn.c#L9791 [5] https://github.com/ARMmbed/mbedtls/blob/84a1107818aaddfd2abe4c5a3478cf84ab2e26b4/programs/x509/cert_write.c#L81 Signed-off-by: Martin Sucha Author: Nikos Mavrogiannopoulos Date: Mon May 7 09:52:32 2018 +0200 handshake: do not send TLS extensions under DTLS and vice versa That is, introduce the notion of TLS-only and DTLS-only extensions, providing a framework to prevent sending extensions which are registered for example for TLS 1.3, under DTLS and vice versa. Resolves #440 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 7 11:51:41 2018 +0200 gnutls_ext_raw_parse: introduced GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO This allows parsing extensions from a DTLS client hello. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 16 15:32:35 2018 +0200 tests: fix serv location in testcompat-main-openssl Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sun May 13 14:39:14 2018 +0200 tests/suite: add missing file to dist Signed-off-by: Andreas Metzler Author: Andreas Metzler Date: Sun May 13 14:33:17 2018 +0200 Allow running of test against installed gnutls-serv Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Fri May 4 14:55:21 2018 +0200 gnutls_certificate_set_retrieve_function3: updated documentation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 2 14:30:24 2018 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 29 15:16:35 2018 +0200 pcert: added functionality to retrieve lists That introduces gnutls_pcert_list_import_x509_file() and gnutls_x509_crt_list_import_url(). Resolves #373 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 12 10:10:28 2018 +0200 tests: sanity-cpp: fixes for win32 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 12 09:51:59 2018 +0200 .gitlab-ci.yml: bumped version of cache due to addition of CXXFLAGS Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 12 09:04:28 2018 +0200 tests: fix failures in cxx example Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 12 08:47:15 2018 +0200 cxx: bring few modern functions, and allow to get the raw session Signed-off-by: Nikos Mavrogiannopoulos Author: Philippe Widmer Date: Thu May 10 16:44:58 2018 +0200 New constructors for classes client_session() and server_session() provide passing flags. Closes #438. Signed-off-by: Philippe Widmer Author: Nikos Mavrogiannopoulos Date: Thu May 10 13:38:32 2018 +0200 tests: mini-record-timing: updated to work under newer gnutls [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 10 05:49:07 2018 +0200 tests: key_update: improved error checking and increased timeout That is to avoid reaching the maximum number of key updates per second. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 5 22:31:39 2018 +0200 .gitlab-ci.yml: moved fedora CI builds to F28 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 5 23:21:16 2018 +0200 tests: testcompat-openssl: disable DSS ciphersuites under SSL3.0 Previously if openssl wouldn't support DSS, we would only disable DSS under TLS1.0 or later, not under SSL 3.0. This fixes interoperability with Fedora28 openssl. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 7 08:12:12 2018 +0200 Makefile.am: optimized the abi-check configure step Also ensured that the same build flags are applied in both builds for ABI checking. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 5 23:15:06 2018 +0200 several updates to address issues found by clang static analyzer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 5 22:51:26 2018 +0200 nettle: fix casts which result to warnings in newer gcc Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 7 21:58:30 2018 +0200 tests: updated for GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER from handshake Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 7 21:49:16 2018 +0200 handshake: use GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER consistently Also treat GNUTLS_E_ILLEGAL_PARAMETER as a synonym if returned during a connection. Relates #442 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 7 21:42:44 2018 +0200 CONTRIBUTING.md: documented status of C++ library [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 7 10:50:30 2018 +0200 tests: cookie: fixed exit condition [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 7 15:39:30 2018 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 7 08:17:09 2018 +0200 .gitlab-ci.yml: fixes in win32 builds Relates #439 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 4 08:39:30 2018 +0200 certtool: honor --ask-pass when loading a private key This also improves the password prompt when the password requested is not for a smart card. Resolves: #436 Signed-off-by: Nikos Mavrogiannopoulos Author: Michael Weiser Date: Fri Apr 27 15:35:30 2018 +0200 .gitlab-ci.yml: Disable full test suite for cross builds Disable the full test suite for cross CI builds to speed them up. Signed-off-by: Michael Weiser Author: Michael Weiser Date: Wed Apr 25 16:54:27 2018 +0200 .gitlab-ci.yml: Expire all build log artifacts Signed-off-by: Michael Weiser Author: Michael Weiser Date: Wed Mar 28 22:47:01 2018 +0200 Use configured CC for pkg-config test Using the configured compiler aids in running the test suite under qemu or in a multlib scenario. Signed-off-by: Michael Weiser Author: Michael Weiser Date: Mon Mar 19 19:02:12 2018 +0100 Add Debian-based qemu cross CI targets Signed-off-by: Michael Weiser Author: Nikos Mavrogiannopoulos Date: Sat May 5 22:38:56 2018 +0200 updated-auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 5 22:17:15 2018 +0200 fuzzer: added fresh TLS1.3 server trace Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 5 21:59:13 2018 +0200 gnutls-serv: all skipping DTLS cookie request Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 5 21:45:56 2018 +0200 gnutls-cli: corrected data written by server trace Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 3 11:53:51 2018 +0200 tests: post handshake auth: test more combinations Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 3 11:48:46 2018 +0200 post_handshake_auth: send extension irrespective of certificates being present The feature does not necessarily require certificates to be present and an empty cert can be presented. Furthermore, the certificates can be set later on the credentials structure. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 3 13:48:52 2018 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 8 18:38:47 2018 +0200 tests: added interop tests with openssl under TLS1.3 This adds interoperability tests for: * PSK with elliptic curve DHE * RSA,RSA-PSS,secp256r1,ed25519 server certificate * RSA,RSA-PSS,secp256r1,ed25519 client certificate * X25519,SECP256R1 key share exchange * key share with HRR Relates #328 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 23 10:07:32 2018 +0200 doc: clarified re-handshake details under TLS1.2 server Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 23 09:09:41 2018 +0200 tls13/certificate_request: corrected check of duplicate signature algorithms Made the check local when parsing a certificate request, as we may receive multiple requests when post-handshake authentication is in place. Furthermore check whether this extension has been received as this is a mandatory one. In addition handle a memory leak when multiple peer certificates are set. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 23 08:41:22 2018 +0200 gnutls_reauth: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 20 21:35:52 2018 +0200 gnutls-cli: enhanced tool for TLS1.3 options This patch allows a client to enable post-handshake authentication, perform re-key and restrict the sent key shares. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 20 14:51:15 2018 +0200 tls13/certificate: send empty certificate instead of skipping According to TLS1.3 spec: The server's certificate_list MUST always be non-empty. A client will send an empty certificate_list if it does not have an appropriate certificate to send in response to the server's authentication request. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 20 13:47:57 2018 +0200 _gnutls_figure_common_ciphersuite: ignore certificate check if PSK is negotiated That is, if we are performing PSK under TLS1.3, don't bother checking whether the certificate is compatible with the ciphersuite; there isn't any. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 20 10:53:51 2018 +0200 tls13/certificate_verify: corrected context in signatures in client side Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 20 10:47:59 2018 +0200 _gnutls13_handshake_sign_data: avoid unnecessary copy Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 20 09:01:28 2018 +0200 handshake: cleanup in TLS1.3 initial secret calculation That eliminates duplicate code in server hello parsing. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 20 08:06:14 2018 +0200 psk: compute binder which is compatible with draft-ietf-tls-tls13 Previously the computed binder values was not compatible with any TLS1.3 draft, and was not interoperating with openssl or tlslite. Resolves #427 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 4 08:06:35 2018 +0200 CONTRIBUTING.md: added text on CI [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 3 14:19:34 2018 +0200 tests: fallback scsv: check proper fallback under TLS 1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 3 15:13:13 2018 +0200 encrypt_packet_tls13: made size check safer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 28 11:14:34 2018 +0200 pkcs11: mark private key objects as sensitive by default That is, to prevent accidentally creating objects which can be exported. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 23 15:02:53 2018 +0200 tests: check the behavior of TLS1.2 key exchange methods under TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 23 15:11:28 2018 +0200 psk: mark psk_ke_modes as invalid when ignored TLS1.3 handles the receiving of pre-shared keys extension as invalid when the psk_ke_modes extension is not received as well. As such, when we ignore the psk_ke_modes for some reason (e.g., no credentials) we need to indicate that it was received. We use the invalid mode flag for that reason, allowing the handshake to fail later for the right reason (e.g., no credentials error rather than illegal extension). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 23 15:01:48 2018 +0200 priority: handle RSA-PSK ciphersuites similar to SRP That is, when specified disable TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sat Apr 28 14:14:30 2018 +0200 Add another sni related test As --sni-hostname does not imply --verify-hostname a hostname mismatch still triggers an error. Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Mon Apr 23 14:00:15 2018 +0200 tests: sni-hostname was updated to support TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 29 13:44:04 2018 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sat Apr 28 14:11:27 2018 +0200 doc: Add crossreference/warning Add pointer to --verify-hostname to --sni-hostname description. Signed-off-by: Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Mon Apr 23 13:58:22 2018 +0200 gnutls-cli: added option to specify the verification hostname This enables testing various scenarios, by allowing to specify the hostname to be used for certificate validation when connecting to a remote host (e.g., localhost but with a certificate for example.com). Resolves #344 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 26 09:06:00 2018 +0200 doc: fixes for better latex pdf generation [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 24 08:36:06 2018 +0200 retrieve_pin: refuse to retrieve PIN from URI more than one time That is, prevent re-using a static PIN if it has already been known to be wrong. Introduced tests of that behavior. Resolves #425 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 24 16:42:10 2018 +0200 doc: updated OCSP documentation [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 22 16:02:08 2018 +0200 gnutls.h.in: corrected typo [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 20 08:42:27 2018 +0200 fuzz: corrected TLS1.3 enablement [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 17 10:59:25 2018 +0200 _gnutls_epoch_new: allow re-allocation epoch next epoch On certain cases when re-handshake is interrupted by application data, _gnutls_epoch_new() will be called twice. Make sure that this does not lead to an error. We also rename the function to clarify its purpose _gnutls_epoch_setup_next(). Resolves #426 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 17 09:52:01 2018 +0200 tests: added reproducers for receiving app data when rehandshake is expected Relates: #426 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 17 09:31:12 2018 +0200 tests: eliminated exit_code variable used in few tests It was a legacy variable for error printing that was never used uniformly. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 17 09:24:29 2018 +0200 tests: eagain: moved to cmocka and enhanced for TLS1.3 That also makes macros from eagain-common.h functioning under cmocka. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 16 09:51:11 2018 +0200 tests: tls12-rehandshake-cert*: run multiple rehandshake tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 17 07:45:54 2018 +0200 tls13/finished: addressed memory leak in receiving finished packet Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7518 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 16 15:35:33 2018 +0200 priority: document the reasons for the order of supported groups [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 16 15:14:01 2018 +0200 handshake: described the epoch reference counting [ci skip] It is used only in DTLS where multiple handshake states may be active. Resolves #421 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 16 09:51:11 2018 +0200 tests: tls12-rehandshake-cert-3: run multiple rehandshake tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 11 14:35:26 2018 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 11 08:34:15 2018 +0200 ANON,SRP,NULL ciphersuites: when set do not negotiate TLS1.3 or later The reason is that these ciphersuites cannot be negotiated using TLS1.3. There is a different strategy followed for these. * NULL ciphersuites: they are not something normally enabled and used for debugging purposes mostly. When set both in client and server side only TLS1.2 can be used. * SRP ciphersuites: they are used on client side when the client is actually performing a username-password authentication with SRP. On server side we can have indeed a server support SRP and non-SRP. In that case we limit both on TLS1.2. That an unfortunate restriction, but is not a regression and IMHO these servers would most likely be phased out as very few would want to stick to TLS1.2 connections for SRP; or we may have an SRP update for TLS1.3 which could lift that limitation in the future. * ANON ciphersuites: they are used in certain client/server setups where very basic level of security is required, and in opportunistic encryption scenarios. There is a difference in the handling of these cases. In the case of Anon-only server/clients they provide the session with anonymous credentials structure; in the case of opportunistic encryption they provide both certificate and anonymous credentials. Thus we allow the protocol (TLS1.3) be in the priorities, but if we see no certificate or PSK credentials we disable TLS1.3 negotiation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 7 21:42:57 2018 +0200 ext/pre_shared_key: cleanups in error handling This addresses a memory leak found via oss-fuzz. It also sets the right index on the selected PSK, and returns the right server error code on incorrect key file. Addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7465 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 7 21:27:27 2018 +0200 ext/psk_ke_modes: corrected data access That also improves the if-checks. Issue and reproducer discovered via oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 7 21:06:53 2018 +0200 fuzz: added client and server traces for TLS 1.3 draft-26 [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 7 06:20:05 2018 +0200 doc: corrected space-tab issues in examples Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 6 20:51:39 2018 +0200 constate: fixed key generation for TLS1.3 This amends 62ea232f180b980a0d4b6462c468706db6cc4700, and removes invalid NULL checks, as well as corrects the key set for server side. This is verified against openssl master, but does not include automated test suite; it will be tested as part of #328 Resolves #419 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 4 14:51:08 2018 +0200 doc: re-organized and modernized examples Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 4 13:47:36 2018 +0200 doc: updated for TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 6 13:36:11 2018 +0200 fuzz: added PSK traces with TLS1.3 Relates: #359 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 4 15:28:37 2018 +0200 psk: save the username on auth info struct under TLS1.3 Add the necessary tests to verify that gnutls_psk_server_get_username() reports the right username under TLS1.2 and TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 22 10:02:36 2018 +0100 tests: enhanced test suite for TLS1.3 and PSK That includes tests with unknown usernames and connections with wrong key and updates to fastopen.sh to use certificate auth, making it applicable under TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 29 09:51:32 2018 +0200 priority: added GROUP-DH-ALL and GROUP-EC-ALL Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 3 13:10:30 2018 +0200 dumbfw: account for extension data padding Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 5 09:04:47 2018 +0200 Simplified the _gnutls13_psk_ext_parser interface and added unit tests Signed-off-by: Nikos Mavrogiannopoulos Author: Ander Juaristi Date: Thu Mar 22 08:59:56 2018 +0100 Added support for out-of-band Pre-shared keys under TLS1.3 That adds support for pre-shared keys with and without Diffie-Hellman key exchange. That's a modified version of initial Ander's patch. Resolves #414 Resolves #125 Signed-off-by: Ander Juaristi Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 6 10:36:18 2018 +0200 certtool: key-type desc was moved along the privkey functionality [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 4 13:47:25 2018 +0200 gnutls_record_can_use_length_hiding: corrected return type Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 4 16:54:15 2018 +0200 encrypt_packet_tls13: reverted to original API That allows more uniformity across encrypt/decrypt, and across different protocol handling. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 25 20:08:26 2018 +0200 nettle: corrected typo in version check for compatibility mode with 3.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 13 11:11:52 2018 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 13 09:45:44 2018 +0100 protocols: bumped TLS1.3 protocol to draft -26 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 13 09:23:05 2018 +0100 record: added AAD data when encrypting or decrypting This is a requirement of draft-ietf-tls-tls13-25 Resolves #409 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 12 17:10:42 2018 +0100 priorities: disable any key exchange methods if there is no TLS1.2 or earlier That is, because TLS1.2 has specific requirements in the ordering of curves/groups if certain ciphersuites (ECDHE/DHE) are present, and by being able to eliminate them early we simplify the negotiation for TLS1.3-only clients/servers. Relates #378 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 9 12:12:56 2018 +0100 _gnutls_supported_ecc_recv_params: take into account precedence That is, when %SERVER_PRECEDENCE is given in the priority string make sure that the negotiated curve of DH group respects the server's priorities. That's very relevant under TLS1.3 as ciphersuite negotiation itself, where %SERVER_PRECEDENCE applied, does contain only the cipher algorithm and MAC unlike TLS1.2 which included key exchange as well. Resolves #378 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 12 10:37:00 2018 +0100 supported_versions: cannot be used to negotiate pre-TLS1.3 This is a requirement of draft-ietf-tls-tls13-26 Resolves #410 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 23 20:45:40 2018 +0100 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 23 07:04:37 2018 +0100 doc: mention gnutls_privkey_import_ext4 in upgrade from 3.5.x Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 23 07:02:23 2018 +0100 doc: added since field in gnutls_record_send2() description Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 23 06:47:55 2018 +0100 Makefile.am: reduce automake warnings and corrected version That is, avoid using the := syntax, set the right version variable and use a hidden file for abi-check cache stamp. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 18 15:46:36 2018 +0100 The abi-check target was updated to check against the last tag As abi-dumper and abi-compliance-checker tools are not reliable when run across different systems, we now compare the previous tag ABI with the current compiled library. That is in contrast with the previous behavior of storing the output files of abi-dumper, which can become obsolete on a CI update. That also moves the ABI check only on the CI, and not in the 'make dist' rule as it takes significant time to run. This relates to an issue reported against libidn2's use of abi-compliance-checker but it affects gnutls as they share similar code: https://gitlab.com/libidn/libidn2/issues/42 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 20 07:15:13 2018 +0100 nettle/pk: include nettle/version.h That enables the nettle version macros to operate. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 19 14:42:38 2018 +0100 tests: avoid duplicate runs of tests when not necessary Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 19 18:31:40 2018 +0100 tests: moved invalid-cert reproducer into fuzz/ reproducers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 19 18:29:23 2018 +0100 tests: testpkcs11.sh was moved to the main tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 19 18:24:10 2018 +0100 tests: long-crl.sh was moved to main suite Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 19 15:22:14 2018 +0100 tests: suite: dropped ocsp-coverage and cert-coverage These tests are duplicates of fuzz/gnutls_ocsp_resp/req_parser_fuzzer and gnutls_x509_parser_fuzzer. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 19 15:11:38 2018 +0100 tests: testsrn.sh was removed as duplicate of safe-renegotation/ tests Also safe-renegotiation tests were made TLS1.2-only as they do not apply to TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 19 15:07:14 2018 +0100 tests: pkcs7-cat: moved to main suite Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 13 15:46:16 2018 +0100 tests: updated for TLS1.3 inclusion This moves the test to use a specific version or test multiple TLS versions if applicable. Resolves #413 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 19 09:00:23 2018 +0100 tests: mini-record-retvals was split into return vals checking and alerts checking Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 13 13:47:46 2018 +0100 tests: client-fast-open: updated for TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 13 13:43:47 2018 +0100 tests: removed unused test Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 13 13:41:19 2018 +0100 tests: auto-verify: update for TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 10 19:08:08 2018 +0100 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 8 16:21:20 2018 +0100 tlsfuzzer: updated to the latest version Also enabled the RSA-PSS tests. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 8 16:00:34 2018 +0100 alert: send the appropriate alert on GNUTLS_E_ERROR_IN_FINISHED_PACKET Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 8 14:54:55 2018 +0100 Bumped TLS1.3 draft version to -23 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 8 13:57:05 2018 +0100 Hello retry request matches server hello That also distinguishes between them by using the special random value, and implements the version check as in draft-ietf-tls-tls13-24. Resolves #391 #390 #392 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 7 12:52:46 2018 +0100 tests: added negative tests for RSA-PSS key exchange Relates #400 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 6 15:09:50 2018 +0100 signatures: distinguish RSA-PSS signatures with RSA PKCS#1 1.5 certificates from "pure" This change enhances signature algorithms to have a private key algorithm parameter. That is, to allow signature algorithms operating with a private key of type X while the public key is of type Y. That is useful for the RSA-PSS signatures which are of two types; one which is seen from servers having PKCS#1 1.5 certificates, the other with RSA-PSS certificates, while both utilize RSA-PSS private keys. This is a draft-ietf-tls-tls13-23 change. Resolves #400 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 28 12:41:40 2018 +0100 Server hello format follows TLS1.2 format Also version negotiation was moved to supported_versions extension, and session ID is set by client following appendix D.4. This is a draft-ietf-tls-tls13-22 change. Resolves #393, #389, #397 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 28 11:38:53 2018 +0100 Renumbered the key share extension to 51 This is a draft-ietf-tls-tls13-23 change. Resolves #398 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 22 16:12:55 2018 +0100 record: ignore any ChangeCipherSpec messages under TLS1.3 handshake Also send ChangeCipherSpec messages under TLS1.3 handshake. This is a draft-ietf-tls-tls13-22 change. Resolves #395 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 22 14:42:43 2018 +0100 record: send 0x0303 under TLS1.3 This is a draft-ietf-tls-tls13-22 change. Resolves #396 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 8 12:03:39 2018 +0100 cryptodev: fix prototype of cryptodev_mac_fast [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 7 16:14:51 2018 +0100 cryptodev: added missing macro [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 5 15:42:14 2018 +0100 tests: added unit tests of gnutls_x509_crt_export Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 2 23:21:34 2018 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 2 23:09:11 2018 +0100 gnutls_x509_crt_export2: avoid re-encoding That prevents possible re-encoding issues in libtasn1 or ambiguously formatted DER data, from affecting verbatim usage of certificates. Relates #403 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 2 17:48:01 2018 +0100 tests: added reproducer with DER re-encoding error on client side Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 4 19:07:29 2018 +0100 cfg.mk: update-po rule uses commit -s This makes it produce a commit message which can be sent to the repo (Signed-off-by is mandatory). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 4 19:01:41 2018 +0100 Sync with TP. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 4 19:01:23 2018 +0100 CONTRIBUTING.md: added more info about gnulib Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Sat Mar 3 18:42:20 2018 +0100 Improve fuzzer coverage report creation Author: Nikos Mavrogiannopoulos Date: Fri Mar 2 23:40:43 2018 +0100 pkcs11: set the modulus bits on RSA keys That value is necessary when using RSA-PSS keys. Relates #402 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 2 14:51:31 2018 +0100 gnutls_privkey_import_ext4: enhanced with GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag That flag is utilized by the information function to obtain the value of the parameters (e.g., modulus). That information is necessary to safely handle RSA-PSS keys. For RSA-PSS keys this is a regression since 3.6.0 where this API was introduced, but as this change is necessary and 3.6.x is not yet marked as stable, it should be acceptable. Relates #402 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 2 11:18:12 2018 +0100 _gnutls_find_rsa_pss_salt_size: add a validity check for salt size That is, in order to reject invalid parameters. Resolves #402 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 2 09:38:55 2018 +0100 tests: eliminated destructive tests That adds a dependency to p11-kit 0.23.10 for the test suite. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 1 16:38:29 2018 +0100 configure: simplified nettle version check Relates #401 Signed-off-by: Nikos Mavrogiannopoulos Author: Łukasz Stelmach Date: Tue Feb 27 15:44:55 2018 +0100 gnutls-cli: do not ask any questions with --strict-tofu Signed-off-by: Łukasz Stelmach Author: Tim Rühsen Date: Tue Feb 27 22:04:10 2018 +0100 Update oss-fuzz corpora Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Thu Feb 22 11:43:53 2018 +0100 drbg-aes: use the new nettle APIs for AES Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 22 11:29:08 2018 +0100 accelerated: padlock: use the new nettle APIs Also remove any ifdefs for nettle (it is not conditionally compiled in), and do not register accelerators for AES-192-CBC. That cipher is widely ignored to bother. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 26 11:46:09 2018 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 26 11:44:56 2018 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 23 09:55:50 2018 +0100 gnutls_ext_raw_parse: introduced function That function can be combined with callbacks like gnutls_handshake_set_hook_function() for applications to be able to process messages when necessary. Resolves #382 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 21 11:46:08 2018 +0100 fuzz: added TLS1.3 client and server traces [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 21 11:21:36 2018 +0100 fuzz: enable fuzzer target in afl examples and add missing script [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 21 11:20:31 2018 +0100 fuzz: fixes in README file [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 19 20:11:57 2018 +0100 updated Since version in new function entries as well as map file versions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 19 17:17:45 2018 +0100 fuzz: enable TLS1.3 in server and client fuzzers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 19 15:10:00 2018 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 19 15:02:36 2018 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Tue Jan 23 16:39:36 2018 +0100 record: new gnutls_record_send2 function This adds a new function gnutls_record_send2() which takes an extra argument to specify the padding size of the record. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Feb 8 13:24:46 2018 +0100 _gnutls_record_overhead: count content type octet in plaintext In TLS 1.3, TLSInnerPlaintext has the 'type' field followed by the padding. Exclude it from the overhead calculation. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 3 14:14:56 2018 +0100 tests: check extended record padding work with TLS 1.3 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Dec 21 17:02:22 2017 +0100 range: make length hiding always usable under TLS 1.3 This patch reintroduce the extended record padding mode removed in commit 7df219f0. Under TLS 1.3, the padding mode can be implemented in the record protocol. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Wed Jan 3 14:10:22 2018 +0100 tests: re-enable mini-record-range test This test was previously disabled as part of NEW_PADDING extension removal (commit 7df219f0). Even though the extension is not usable, gnutls_record_send_range() should work with the standard TLS block cipher padding. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Thu Dec 21 15:53:30 2017 +0100 doc: fix mention of gnutls_record_send_range() Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sat Jan 27 16:38:14 2018 +0100 po: lib/x509/ocsp.c added to translatable files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 4 17:32:58 2018 +0100 tests: corrected various typos Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 4 17:26:54 2018 +0100 doc: use 3.6.xx to be consistent with other version references Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 2 12:44:15 2018 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 13 10:11:57 2017 +0100 doc: getfuncs.pl: distinguish between different typedef types That allows to properly distinguish a struct from a one liner typedef. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 13 08:00:38 2017 +0100 check_ocsp_response: print OCSP response actual error on debug log Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Dec 12 14:55:29 2017 +0100 x509/cert: reorganized Split functionality related to certificate credentials and session certificate handling in cert-cred.c and cert-session.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 29 16:19:56 2017 +0100 tests: added unit test for gnutls_ocsp_resp_list_import2 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 18 10:35:53 2017 +0200 doc: updated * document the new behavior of gnutls_certificate_set_ocsp_status_request_file * updated text on OCSP stapled responses Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 16:31:02 2017 +0100 tests: added ocsptool sanity check program This checks its functionality in loading and exporting PEM and DER structures. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 16 16:05:15 2017 +0200 tests: enhanced OCSP tests * Run tests under TLS1.2 and TLS1.3 * Verify whether multiple OCSP responses are received in client side, under TLS1.3. * Verify that OCSP status responses can be sent by client under TLS1.3 * Verify operation of gnutls_certificate_retrieve_function3 * Verify operation when multiple OCSP responses by file are set Resolves #307 Resolves #291 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Dec 12 08:47:00 2017 +0100 cert auth: use a single callback to call for OCSP That is, when selecting the certificate to use, point to the callback to use as well (whether it being the global or a specific) one, for OCSP. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 22 10:32:04 2017 +0100 ocsp: introduced gnutls_certificate_get_ocsp_expiration() This is a function to allow obtaining the validity of the OCSP responses already set in the credential structures. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Dec 8 13:45:24 2017 +0100 ocsp: enhanced the OCSP response loading APIs Introduced gnutls_certificate_set_ocsp_status_request_file2() and gnutls_certificate_set_ocsp_status_request_mem(). These functions behave as the equivalent certificate loading functions and pre-load the OCSP response provided as a file, either in DER or in PEM form. In addition, ensure that if the server is provided a problematic OCSP response, or the OCSP response is not renewed before it is invalid, we will not provide it to the clients. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 18 11:26:55 2017 +0200 gnutls-serv: allow loading multiple OCSP responses That is, allow specifying multiple 'ocsp-response' options on command line. In addition introduce the option 'ignore-ocsp-response-errors' which will set the GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK flag prior to importing the response. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 18 10:32:20 2017 +0200 cert: introduced flag GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK This allows reverting the new semantics of checking the loaded OCSP response against the certificates present and return to the 3.5.x semantics. That option is also useful for debugging as it allows setting an arbitrary response and checking gnutls' client behavior with that. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Dec 7 16:16:55 2017 +0100 gnutls_certificate_set_ocsp_status_request_file: match input response to certificates That is, iterate through the certificate chain to figure to which certificate the response corresponds to, and assign it to it. That allows for applications to re-use this function to set multiple responses when available. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 6 13:51:52 2017 +0100 ocsp: moved non-extension related functions to ocsp-api.c That keeps ext/status_response.c clear of items that are not related with the extension handling. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 17 09:59:53 2017 +0200 gnutls_ocsp_status_request_get2: allow operation under TLS1.3 for server side Under TLS1.3 it is possible for both client and server to send the status request extension in certificate message. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 17 08:32:09 2017 +0200 select_sign_algorithm: check KX type only on pre-TLS1.3 That, when selecting a certificate under TLS1.3, considers the negotiated signature algorithms for compatibility with the certificate to be selected. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 6 13:45:21 2017 +0100 rename _gnutls_selected_certs_set -> selected_certs_set Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 6 13:32:28 2017 +0100 ocsp: send all the OCSP responses under TLS1.3 That is, any responses set by the caller application (directly or via a callback), will be sent to the peer. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 6 13:18:16 2017 +0100 introduced gnutls_certificate_retrieve_function3 That allows a certificate callback to provide OCSP responses in addition to certificates. That also introduces a flags option which currently accepts GNUTLS_CERT_RETR_DEINIT_ALL which allows the callback to specify whether the provided data should be deinitialized. To simplify the certificate callback code, all previous (now legacy) callbacks are implemented as wrappers over the new callback function. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 29 14:27:44 2017 +0100 gnutls_ocsp_resp_list_import2: introduced That is, introduced function to to import multiple OCSP PEM responses into a list. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 16:20:48 2017 +0100 ocsptool: import and export OCSP responses in PEM format That also modifies the 'request-info' and 'response-info' commands to check the 'outfile' parameter and if set, to store the corresponding structure into that file. Currently for OCSP requests there is no printing of PEM data. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 14:59:31 2017 +0100 ocsp: introduced gnutls_ocsp_resp_import2 and gnutls_ocsp_resp_export2 These allow importing and exporting an OCSP response to PEM format, in addition to DER. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 13 09:36:38 2017 +0200 _gnutls_x509_cert_verify_peers: verify all received OCSP responses That is, when verifying the server's certificate, take into account all present OCSP responses. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 13 09:31:58 2017 +0200 gnutls_ocsp_status_request_get2: added function The function extends gnutls_ocsp_status_request_get() to retrieve more than a single responses. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 10 10:21:19 2017 +0200 tls13/certificate: parse OCSP status response and save responses in auth info struct That provides support of OCSP status response under TLS 1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 10 11:14:19 2017 +0200 ext/status_request: allow more than a single OCSP response to be received That change allows for arbitrary number of OCSP responses which is required in TLS1.3. The received list is now stored in auth structure, and thus packed with it on resumption data. The status response extension data, are now only used on server side, when temporarily storing the OCSP response to send. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 10 09:59:17 2017 +0200 _gnutls_copy_certificate_auth_info: simplified and avoid multiple allocations Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Dec 19 16:16:29 2017 +0100 tests: updated to account for HMAC-SHA384 and CAMELLIA removal Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Dec 19 16:00:45 2017 +0100 priorities: provide a more consistent "story" for default cipher settings Current settings in NORMAL priorities which were affected: * Enabled ciphers: - AES-GCM - CHACHA20-POLY1305 - AES-CCM - AES-CBC * Enabled signature algorithms: - RSA-SHA256 - RSA-PSS-SHA256 - ECDSA-SHA256 / ECDSA-SECP256R1-SHA256 - EDDSA-ED25519 - RSA-SHA384 - RSA-PSS-SHA384 - ECDSA-SHA384 / ECDSA-SECP384R1-SHA384 - RSA-SHA512 - RSA-PSS-SHA512 - ECDSA-SHA512 / ECDSA-SECP521R1-SHA512 - RSA-SHA1 - ECDSA-SHA1 Removed: * Ciphersuites utilizing HMAC-SHA384. That MAC is only used on "legacy" type of ciphersuites, and doesn't provide any advantage over HMAC-SHA256. * Ciphersuites utilizing CAMELLIA were removed. TLS1.3 doesn't define any CAMELLIA ciphersuites, and thus provide consistent defaults across protocols. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 17 09:27:36 2017 +0200 certificate request: corrected parsing of signature algorithms That fixes an issue in TLS 1.3 certificate request message parsing. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Dec 4 18:22:54 2017 +0100 tlsfuzzer: updated to latest master Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 9 11:23:24 2017 +0100 doc: documented hsk_flags "lifetime" and its reset Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 13:13:31 2017 +0100 session state: TLS1.2 and TLS1.3 state is stored as union That is, to reduce memory usage as these protocol cannot be used in parallel. Relates: #281 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 13:08:02 2017 +0100 session state: organized key exchange keys into structures That is, with the view of separating the data needed for TLS1.2 and earlier and TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 7 16:52:21 2017 +0100 record state: avoid memory allocations for stored keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 7 16:25:31 2017 +0100 handshake: ffdhe flags merged with handshake flags Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 7 16:09:12 2017 +0100 handshake: false start flag merged with hsk_flags Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 7 15:36:01 2017 +0100 handshake: use hsk_flags in TLS1.2 and TLS1.3 The flags provide a more transparent view of the received and expected messages. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Dec 5 09:01:56 2017 +0100 doc: added text on TLS1.3 rekey and reauthentication Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Dec 4 17:45:11 2017 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 2 15:30:43 2017 +0100 tests: re-enabled post-handshake auth tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 2 15:19:10 2017 +0100 handshake: added support for post-handshake authentication That is: * introduced a gnutls_init() flag for clients to enable post-handshake authentication * introduced gnutls_reauth() function, to be called by servers to request authentication, and by clients to perform authentication Resolves #562 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 11:12:14 2017 +0100 gnutls_record_set_state: use const for seq_number Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 16:56:12 2017 +0100 tests: added test suite on key limits This checks whether key update occurs for the expected ciphersuites. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 16:52:58 2017 +0100 gnutls_record_get_state: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 16:01:29 2017 +0100 Introduce key usage limits under TLS1.3 That introduces a transparent key update for sending key after the safety limit is reached. Resolves #130 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 13:08:18 2017 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 30 08:59:17 2017 +0100 tests: removed unused variables and introduced temporal vars in macros Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 30 08:51:06 2017 +0100 tests: check gnutls_rehandshake() and gnutls_handshake() under TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 28 12:38:52 2017 +0200 gnutls_*handshake: wrap gnutls_session_key_update under TLS 1.3 The semantics of the gnutls_handshake() and gnutls_rehandshake() functions were tied to TLS 1.2 and earlier behavior. This patch attempts to merge the two different semantics as follows: TLS1.2: * gnutls_rehandshake: sends a hello request message (asks the peer for a re-handshake) in server side; invalid to be called in client side. * gnutls_handshake: performs a re-handshake in either client or server side; in server side it is expected to be called after gnutls_rehandshake(). TLS1.3: * gnutls_rehandshake: in server side sends a key update and asks the peer to re-key as well; remains invalid to be called in client side. * gnutls_handshake: sends a key update and asks the peer to re-key as well; in client side; is a no-op when called in server side. Relates #131 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Oct 19 16:45:18 2017 +0200 tests: added unit tests with TLS1.3 key update Relates #131 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Oct 19 16:27:30 2017 +0200 handshake: introduced gnutls_session_key_update() This function allows updating keys of the session and notifying the peer. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Oct 19 14:52:03 2017 +0200 handshake: added TLS1.3 passive key update Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Wed Nov 29 11:18:40 2017 +0100 keylogfile: write TLS 1.3 secrets Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Nov 28 18:28:19 2017 +0100 _gnutls_nss_keylog_write: define new internal API This patch turns the write_nss_key_log function to an internal API (with a different name) so that it can be called from other places implementing TLS 1.3 key scheduling. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Mon Nov 27 11:27:12 2017 +0100 tls-fuzzer: enabled the large hello checks These were previously not working because tls-fuzzer was not TLS1.3-ready. This is addressed at the current update, and as such we enable them. That commit also enables the SNI resumption tests. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 29 16:21:45 2017 +0100 hkdf: refer to nettle's hkdf.h when available Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 29 14:04:30 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 27 11:07:40 2017 +0100 gnutls_prf_rfc5705: apply the context limits only under TLS1.2 or earlier These limits do not exist under TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 27 11:04:59 2017 +0100 gnutls_prf_raw: fail under TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 27 09:10:24 2017 +0100 tests: included behavioral test of gnutls_prf under TLS1.3 Resolves #330 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 27 09:03:31 2017 +0100 gnutls_prf: prevent usage under TLS1.3 Only allow its use when it is documented to have the same output as gnutls_rfc5705() and in that case make it a wrapper to it. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Fri Nov 24 11:07:20 2017 +0100 gnutls_prf_rfc5705: calculate exporter using HKDF if TLS 1.3 Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Nov 24 10:55:43 2017 +0100 handshake-tls13: derive and store exporter_master_secret Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Fri Nov 24 10:34:26 2017 +0100 _tls13_derive_secret: define secret argument TLS 1.3 exporters need to derive a secret from exporter_master_secret or early_exporter_master_secret, not the handshake or application secret stored in temp_secret. Add a new argument @secret to _tls13_derive_secret to specify any secret. Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 11:45:25 2017 +0100 session state: combined srp and dh prime bits variables They were being used for the same purpose, and SRP as well as DH, do not overlap to require two different variables. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 11:41:59 2017 +0100 session state: mark mod_auth_st_int as constant Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 11:39:53 2017 +0100 dtls: cookie is stored dynamically when needed rather than in pre-allocated size That reduces the number of bytes used in cases where DTLS is not in use or we are in server-side. Relates #281 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 10 09:54:13 2017 +0200 removed legacy/unused rsa-related structures/functions Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Sat Sep 23 21:43:45 2017 +0300 lib: simplify adding groups according to prioritites There is little point, remembering if EC or DHE came first and then adding necessary groups checking that flag. Instead just add groups at the time first EC or DHE ciphersuite is met. Signed-off-by: Dmitry Eremin-Solenikov Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 4 09:21:06 2017 +0200 tests: added unit test for RDNs in cert callback This verifies whether the RDNs received at the callbacks under TLS1.2 and TLS1.3 have the expected values (corresponding to the certificates used). Resolves #297 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 15:59:14 2017 +0200 gnutls_auth*_get_type: use gnutls_kx_get to retrieve key exchange That allows the functions to operate under TLS 1.3 which have no key exchange as part of the ciphersuite. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 15:28:07 2017 +0200 tests: check certificate callbacks under TLS 1.2 and 1.3 Resolves #278 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 14:56:15 2017 +0200 tests: added unit tests for client certificate under TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 14:21:33 2017 +0200 handshake: handle the certificate authorities extension That is, when sending or receiving the certificate request message. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 13:59:39 2017 +0200 handshake: added support for client certificates That is, receive and parse a certificate request, certificate verify, as well as certificate in server side. That way, client certificates Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 11:48:28 2017 +0200 handshake: return GNUTLS_E_NO_CERTIFICATE_FOUND when no certificate is found in TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 11:43:45 2017 +0200 handshake: send certificate request when requested Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 6 11:00:16 2017 +0200 tests: added check for client hello random value after HRR That way we ensure that we follow the tls1.3 draft which requires the second client hello to be identical to the initial one. Resolves #299 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 6 11:16:17 2017 +0200 handshake: treat reply to HRR as a reply to hello verify request That is, re-use the client random value on the client hello which is a reply to a hello retry request. Relates #299 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 6 10:18:33 2017 +0200 tests: added key share behavioral test This verifies whether the gnutls_init() flags GNUTLS_KEY_SHARE_TOP, GNUTLS_KEY_SHARE_TOP2, GNUTLS_KEY_SHARE_TOP3 behave as advertized. Resolves #284 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Oct 6 09:05:20 2017 +0200 key share: added flags to gnutls_init() to modify its default behavior That way the application can adjust the range of keys generated during client hello attempting to guess the server's algorithm. Applications are intentionally not given the option to select the algorithm in the key share, but rather chose from the prioritized list of groups, to avoid a disconnect between the prioritized groups, and the key share sent. Relates #284 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 2 15:40:24 2017 +0100 handshake: initialize buffer prior to use Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 4 10:55:48 2017 +0200 tests: added tests for TLS1.2- rollback detection That is, tests which check * whether the server's generated values under TLS1.2- match the expected * whether the client would fail on negotiation if the rollback values are detected Resolves #293 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 4 10:33:11 2017 +0200 _gnutls_set_server_random: corrected TLS1.2 and TLS1.1 rollback detection Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 11:08:04 2017 +0200 extensions: renamed _gnutls_hello_ext_*sdata to _gnutls_hello_ext_*priv Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 09:35:52 2017 +0200 server_name: use the new API for ext data setting Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 08:58:59 2017 +0200 extensions: enhanced extension lib with pack and unpack functions That allows the functionality to be used for the majority of extensions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 08:41:51 2017 +0200 tests: check the correct handling of cookie extension in client side Resolves #218 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 3 08:39:58 2017 +0200 extensions: allow receiving and sending extensions which were not advertised by client side That is needed due to the special treatment of the cookie extension, which is sent by the server in HRR even if it was not advertised by the client. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 16:41:09 2017 +0200 extensions: optimized gid_to_ext_entry() map on known extensions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 16:23:10 2017 +0200 extensions: avoid double loop when parsing received extensions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 15:40:36 2017 +0200 extensions: avoid looping to discover location of saved data Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 15:16:04 2017 +0200 handshake: added support for reading and sending cookie extension That introduces an internal API to associate data to an extension. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 13 08:45:09 2017 +0100 doc: document the GNUTLS_E_NO_COMMON_KEY_SHARE usage Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 11:58:25 2017 +0200 tests: added unit test for hello retry request support Resolves #285 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 14:24:54 2017 +0200 tests: rehandshake tests were restricted to TLS1.2 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 14:11:34 2017 +0200 handshake: reduce assert printouts in common cases Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 10:10:48 2017 +0200 handshake: accept hello retry request in client side Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 09:08:59 2017 +0200 buf: _gnutls_buffer_pop_data made easier to use Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 09:01:41 2017 +0200 handshake: simplified version parsing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 21 16:40:43 2017 +0200 handshake: send hello retry request when no key share matches Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 12:54:38 2017 +0200 ext: do not advertize post handshake authentication Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 29 08:21:54 2017 +0200 tests: check TLS1.3 record layer packet modification Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 28 07:50:42 2017 +0200 handshake: split set_client_random to gen and set This aligns with set_server_random() and gen_server_random(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 28 07:47:40 2017 +0200 handshake: only attempt to detect downgrade attacks if TLS1.3 is supported Otherwise, connections under TLS 1.2 may fail, even if client never enabled TLS 1.3 support. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 27 15:10:07 2017 +0200 nettle/pk: explicitly mark intentional fallthrough in switch cases Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 22 16:59:31 2017 +0200 key share: removed duplicate message Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 27 08:20:10 2017 +0200 tests: fix warning in rng-sigint.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 27 08:58:26 2017 +0200 tests: improved tls-session-supplemental Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 26 16:44:39 2017 +0200 kx: moved to new buffer API Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 26 15:38:58 2017 +0200 handshake: moved to the new mbuffer API Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 26 12:54:18 2017 +0200 handshake: use the new buffer type in TLS 1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 26 11:57:18 2017 +0200 handshake: new helper functions to use gnutls_buffer_st to generate mbuffers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 26 10:29:15 2017 +0200 tlsfuzzer: disable non TLS1.3-ready tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 16:28:38 2017 +0200 tests: added tests for TLS1.3 record generation / parsing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 09:47:52 2017 +0200 tests: introduced basic TLS1.3 key exchange test suite Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 16:26:45 2017 +0200 record: adjusted overhead calculation for TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 14:49:23 2017 +0200 priority: include groups into priority when having a TLS1.3-only session Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 09:46:32 2017 +0200 priority: do include all the version's signature semantics This resolves issue, which prevented handling certain types of TLS1.3-only signatures, depending on the order of enabled protocols. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 09:32:25 2017 +0200 ext/key_share: corrected release of MPI parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 09:28:45 2017 +0200 ext/signature: explicitly prevent RSA/DSA and SHA1 signatures on TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 22 16:55:36 2017 +0200 hello ext: reduce verbosity Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 22 11:10:56 2017 +0200 constate.h: removed non-existing function Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 22 10:55:43 2017 +0200 record: any alert is fatal under TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 18 14:49:24 2017 +0200 extensions: introduced functions to obtain currently parsed message This allows the extension handling code to operate differently on different messages. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 21 09:30:39 2017 +0200 supported_versions: print the received versions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 21 12:58:51 2017 +0200 handshake: introduced server side handshake [2/2] That is, send server certificate verify and receive certificate and certificate verify messages. In addition introduced flags to mark the expected, or sent messages. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 21 10:21:26 2017 +0200 cs: select certificate under TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 21 09:53:47 2017 +0200 handshake: introduced server side handshake [1/2] That is, send certificate request and certificate in server side Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 21 09:50:10 2017 +0200 ciphersuites: introduce a maximum supported TLS/DTLS version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 21 09:41:37 2017 +0200 handshake: properly set the default record version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 16:07:39 2017 +0200 handshake: send encrypted extensions handshake message Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 13:54:25 2017 +0200 handshake: parse new session ticket message That does not include extension handling. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 15:33:16 2017 +0200 str: added _gnutls_buffer_pop_prefix24 and _gnutls_buffer_pop_prefix8 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 27 15:07:04 2017 +0200 str: use assert to mark impossible cases Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 15:21:16 2017 +0200 str: allow creating a read-only buffer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 13:43:14 2017 +0200 gnutls_session_get_desc: more descriptive name for TLS1.3 ciphersuites Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 09:11:37 2017 +0200 handshake: generate application keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 08:30:52 2017 +0200 constate: added _gnutls_epoch_dup Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 07:59:21 2017 +0200 constate: indentation fixes Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 14 10:22:36 2017 +0200 handshake: added basic support for TLS 1.3 handshake in client side That does not include support for client certificates as it requires extension handling improvements in order for extensions to be context sensitive (now they cannot distinguish whether the parsing routine is called during client hello or certificate request reading) This does not include proper parsing of extensions present in the certificate message. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 13 14:19:12 2017 +0200 handshake: added parsing of encrypted extensions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 10:44:43 2017 +0200 crypto-api: introduce internal version of AEAD API This allows to initialize the TLS 1.3 connection state without additional allocations as required by the external API. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 11 15:16:51 2017 +0200 record: added TLS 1.3 record parsing and key derivation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 13:48:13 2017 +0200 handshake: introduced TLS 1.3 handshake client state machine outline Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 11:56:28 2017 +0200 extensions: separate the hello extensions from others Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 11:51:10 2017 +0200 hello_ext.h: removed non-existant function definition Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 11:48:30 2017 +0200 extensions: files renamed to hello_ext Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 11:46:55 2017 +0200 extensions: renamed hello extension handling functions appropriately Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 11:40:54 2017 +0200 extensions: simplified semantics of store and check functions That is, _gnutls_extension_list_check was made a boolean function, and both were renamed to more appropriate names such as, _gnutls_hello_ext_is_present, _gnutls_hello_ext_save. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 11:30:12 2017 +0200 extension: renamed functions to reflect purpose Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 10:05:53 2017 +0200 extensions: use the low-level extension parsing code for hello parsing That's a step towards unification of TLS-type extension handling for TLS 1.3. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 20 09:46:34 2017 +0200 extv: introduced a low-level extension parsing code This will simplify the parsing and handling of extensions throughout the TLS 1.3 message contents. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 19 12:58:56 2017 +0200 extensions: simplified the extension tracking Instead of keep a list of the received TLS extension IDs, use the bits in a variable to mark the received extensions. That reduces the overall memory usage due to extension tracking. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 19 12:48:14 2017 +0200 extensions: use an internal extension ID independent of the TLS id Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 14:46:13 2017 +0200 str: rename _gnutls_buffer_pop_prefix to _gnutls_buffer_pop_prefix32 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 14:45:20 2017 +0200 str: rename _gnutls_buffer_pop_datum_prefix to _gnutls_buffer_pop_datum_prefix32 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 14 14:10:14 2017 +0200 security params: store PRF when packing session Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 14 14:03:43 2017 +0200 handshake: simplify by storing a pointer to PRF mac entry That way, we avoid multiple function calls to obtain information such as hash size, and other MAC properties. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 14 12:13:09 2017 +0200 ext/signature: improved TLS 1.3 signature algorithm negotiation That is, we introduce a simpler way to handle multiple versions of a single signature algorithm. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 14 11:21:51 2017 +0200 str: added helper functions to read prefixed data with 8 or 16-bit headers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 14 09:44:58 2017 +0200 ecc: do not warn on receiving extension on client side This extension can be received used under TLS 1.3 on the client side. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 14 14:30:07 2017 +0200 Added TLS 1.3 HKDF key derivation functionality Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 12 10:30:59 2017 +0200 extensions: include extension number in debugging message Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 12 10:12:41 2017 +0200 tests: check behavior on the extension hello flags That is, verify whether the various combinations of GNUTLS_EXT_FLAG_CLIENT_HELLO, GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO, GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO work as expected with regards to sending and receiving extensions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 11 10:26:44 2017 +0200 extensions: apply extension msg type restrictions That is, on the extension parsing functions ensure that no extension which are not valid for the currently received message are parsed. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 11 10:13:07 2017 +0200 extensions: mark the message validity of each supported extension Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 11 09:50:58 2017 +0200 extensions: type renamed to id for clarity We were previously using the variable named 'type' to indicate the extension ID. With TLS 1.3, extensions are also given an applicability type (which message the extension applies to), and thus renamed the variable for clarity. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 12 08:03:59 2017 +0200 tests: guile: don't use VERS-TLS-ALL That is, avoid enabling experimental protocols. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 12 08:00:00 2017 +0200 .gitlab-ci.yml: abi-coverage: include guile logs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 14 09:20:25 2017 +0200 nettle: added HKDF functions They are being included conditionally depending on the RSA-PSS feature (RSA-PSS and HKDF are expected to be introduced at the same version). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 11 15:54:40 2017 +0200 gnutls-cli-debug: use explicit TLS versions rather than TLS-ALL Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 15:37:04 2017 +0200 _gnutls_server_select_suite: don't set auth callbacks for TLS 1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 11:00:27 2017 +0200 supported_versions: print negotiated protocol Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 15:35:21 2017 +0200 Negotiate draft-TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 14:14:58 2017 +0200 handshake: added the TLS 1.3 ciphersuites Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 11 11:45:39 2017 +0200 handshake: print negotiated version after its negotiation (for TLS1.3) Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Sep 11 11:33:31 2017 +0200 tests: fix TLS version to 1.2 for tests which used VERS-TLS-ALL This allows the test suite to run, even when TLS1.3 is still experimental. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 14 09:34:05 2017 +0200 Added support for key share extension This enables TLS 1.3 key exchange based on the key share extension. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 09:23:53 2017 +0200 handshake: always accept TLS 1.2 in client hello if we have later protocols enabled That is because after TLS 1.3 there is no negotiation of the version using the Client Hello field, but with an extension. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 08:23:01 2017 +0200 require nettle 3.3 or later This will simplify handling of the x25519 key exchange. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 14 09:10:11 2017 +0200 str: added function to append fixed-size MPI This is used in TLS 1.3 which introduces a new MPI over-the-wire format. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 11:57:26 2017 +0200 tests: resumption tests were restricted to TLS 1.2 TLS 1.3 implements resumption is a different way, so we should introduce new resumption tests once that support is in place. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 11:52:07 2017 +0200 ext/post_handshake: restrict the use of this extension to TLS 1.3 or later Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 11:46:29 2017 +0200 handshake: optimizations and enhancements in session version handling This introduces the following new functions: const version_entry_st *_gnutls_legacy_version_max(gnutls_session_t session); const version_entry_st *_gnutls_version_max(gnutls_session_t session); which replace their previous counterparts. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 11:21:24 2017 +0200 tests: check for post-handshake extension in TLS 1.2-only sessions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 11:14:56 2017 +0200 tests: added unit tests for post-handshake-auth extension These test whether this extension is seen under TLS 1.3 in client hello, and whether it is not present in server hello. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 10:33:18 2017 +0200 handshake: send client and server hellos according to TLS 1.3 That is, when TLS 1.3 is negotiated the compression algorithms and session ID fields are no longer sent. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 09:44:28 2017 +0200 Added support for post handshake auth extension Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 13:40:19 2017 +0200 tests: updated for new behavior of disabling protocols on missing signature algorithms Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 13:38:39 2017 +0200 tests: verify that no signature algorithms with (D)TLS 1.2 will cause an error Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 13:33:46 2017 +0200 priorities: when no signature algorithms eliminate (D)TLS 1.2 or later If an application intentionally disables all signature algorithms, ensure that we can operate by eliminating protocol options which require these signature algorithms to be set. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 13:16:10 2017 +0200 tests: safer use of gnutls_bye in _test_cli_serv() In addition make sure we check gnutls_priority_set() for errors. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 09:40:46 2017 +0200 tests: added checks for special signature algorithms This tests the behavior when signature algorithms only available under TLS1.3 are present in a TLS 1.2 session. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 09:38:26 2017 +0200 tests: verify that +SIGN-ECDSA-SECP256R1-SHA256 has no effect when combined with TLS1.2 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 08:56:18 2017 +0200 tests: added signature tests for ECDSA-SECP256R1-SHA256 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 09:19:16 2017 +0200 priority: do not include signature algorithms that apply to different TLS version That is, when a signature algorithm that is only applicable to specific TLS protocol semantics (e.g., ECDSA-SECP256R1-SHA256) is enabled, under TLS 1.2, it will result to no code points being added. That prevents connection errors due to "wrong" code points being added that do not correspond to a usable signature algorithm under the protocol. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 14:07:43 2017 +0200 tests: updated for the new behavior of handshake Previously at handshake we would negotiate a ciphersuite and certificate and later figure out a signature algorithm. Now we negotiate all at once, so we no longer reach situations where mid-way of handshake we figure we have no signature algorithm to use. Update the test cases relying on that behavior to account the new one. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 11:09:51 2017 +0200 pubkey: enforce TLS 1.3 signature restrictions on verification Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 10 16:43:51 2017 +0200 ext/signature: added TLS 1.3 signature algorithm negotiation That patch adds the signature algorithms: - GNUTLS_SIGN_ECDSA_SECP256R1_SHA256 - GNUTLS_SIGN_ECDSA_SECP384R1_SHA384 - GNUTLS_SIGN_ECDSA_SECP521R1_SHA512 and enables them for the default TLS priority strings. In addition it allows negotiating signature algorithms sharing the same TLS IDs, but which have different semantics between TLS versions (e.g., 6,4 maps to GNUTLS_SIGN_ECDSA_SHA512 under TLS 1.2 but to GNUTLS_SIGN_ECDSA_SECP521R1_SHA512 under TLS 1.3). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 15:20:00 2017 +0200 tests: added unit test for TLS 1.3 version negotiation This checks whether the Client Hello and Server Hello packets contain the expected values. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 14:17:40 2017 +0200 handshake: added support for negotiating version using extension That is, introduced the TLS 1.3 supported_versions extension. It is currently only being used if negotiating TLS 1.3 or later. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 13:30:46 2017 +0200 handshake: legacy version negotiation is not used for TLS 1.3 That is, ensure that the functions used for TLS 1.2 and earlier negotiation cannot be used with TLS 1.3. That is because TLS 1.3 is negotiated using a TLS extension. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 11:57:22 2017 +0200 Added TLS 1.3 Hello message random generation That is, added check for TLS 1.3 random value requirements in client side, and generation according to TLS 1.3 requirements for server and client side. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 19 14:57:55 2018 +0100 Revert "priority: disable the enabled by default RSA-PSS signature algorithms" This reverts commit ef44477127952c13e93d7ea88f7b549bf36602f5. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 10 11:13:57 2018 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 22 11:52:19 2018 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 30 07:41:26 2018 +0100 tests: check gnutls_fips140_set_mode operation per thread Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 21 15:49:42 2018 +0100 tests: added unit test of gnutls_fips140_set_mode Also ensure that 512-bit keys cannot be generated in FIPS140-2 mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 22 11:40:42 2018 +0100 tests: gnutls_hmac_fast: explicitly enable MD5 use under FIPS140-2 mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Dec 21 12:38:29 2017 +0100 tests: gc.c -> gnutls_hmac_fast.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 22 09:15:03 2018 +0100 doc: documented gnutls_fips140_set_mode and gnutls_fips_mode_t Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 21 15:07:00 2018 +0100 fips140: added function for applications to switch the FIPS140-2 mode That would allow FIPS140-2 compliant applications to use forbidden algorithms by switching to a lax FIPS140-2 mode. Resolves #352 Resolves #353 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 21 14:01:17 2018 +0100 fips140: enforcement of allowed ciphers moved to crypto-api.c and cipher_int.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 20 15:36:59 2017 +0100 fips140: enforcement of hash and MACs use moved to crypto-api.c and hash_int.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 19 08:38:35 2018 +0100 tests: srp: increased timeout to 40secs [ci skip] Since we increased the maximum parameters to 8k, ensure that slower systems have enough time to complete the handshake. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 18 20:58:07 2018 +0100 doc: updates NEWS entry for 3.6.2 adding ABI changes [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 16 08:54:26 2018 +0100 latex: introduced functionWarning macro Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 16 08:27:56 2018 +0100 bumped version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 13 16:34:09 2018 +0100 tests: check whether gnutls_credentials_set() can be set in an hsk hook This is useful when these are set during the handshake process on the handshake hook before client hello is parsed. Relates #382 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 13 16:47:16 2018 +0100 doc: documented how to set the credentials late in certain vhost scenarios Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 13 16:21:52 2018 +0100 doc: updated text on gnutls_handshake_set_hook_function Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 13 11:12:09 2018 +0100 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 12 11:18:06 2018 +0100 priority: disable the enabled by default RSA-PSS signature algorithms They have been modified in the latest (yet unsupported) TLS 1.3 drafts, so prevent causes interoperability failures by keeping them on. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 12 09:20:17 2018 +0100 tests: cipher-openssl-compat: extend to include CCM tests Signed-off-by: Nikos Mavrogiannopoulos Author: Michael Catanzaro Date: Fri Feb 9 10:22:24 2018 -0600 Improve documentation of gnutls_x509_trust_list_iter_get_ca [ci skip] The documentation is confusing because it implies that gnutls_x509_trust_list_iter_deinit() should be called after using this function, but in fact it is generally not necessary. Also, there was a typo here ("usin"). Signed-off-by: Michael Catanzaro Author: Nikos Mavrogiannopoulos Date: Wed Feb 7 18:59:39 2018 +0100 .gitlab-ci.yml: run the fuzz testsuite under various CPU capabilities Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 7 09:24:18 2018 +0100 accelerated: make explicit key size check to all accelerated ciphers That is, do not rely on checks done on asm level, as they vary and may change over updates. Also handle consistently invalid key sizes by returning an error, and eliminate calls to abort(). Signed-off-by: Nikos Mavrogiannopoulos Author: Vitezslav Cizek Date: Tue Feb 6 16:46:31 2018 +0100 accelerated: check keysize in SSSE3 cipher setkey aes_ssse3_cipher_setkey() accepted any key size, which could lead to invalid memory access. Such as with the oss-fuzz corpora file fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5 Signed-off-by: Vitezslav Cizek Author: Nikos Mavrogiannopoulos Date: Thu Feb 8 14:32:42 2018 +0100 p11tool: updated documentation [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 7 11:34:36 2018 +0100 nettle: use the nettle_get_secp API when available Resolves #380 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 6 09:46:41 2017 +0100 nettle base64_encode_raw: use cast to avoid warnings Nettle switched prototypes for base64_encode_raw() as follows: -base64_encode_raw(uint8_t *dst, size_t length, const uint8_t *src); +base64_encode_raw(char *dst, size_t length, const uint8_t *src); That means we need to cast fist param to void if we want to avoid warnings on different platforms. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 6 14:40:59 2018 +0100 accelerated: x86-common: do not use _xgetbv() with clang Resolves #372 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 6 14:37:42 2018 +0100 configure: treat solaris as ELF system Resolves #376 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 6 04:03:45 2018 +0100 tests: repeat cipher test with multiple keys and nonces In addition include chacha20-poly1305 into the tests. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 6 03:59:17 2018 +0100 accelerated: aarch64: fix GCM counter increment Ensure that we restrict the GCM counter to the 4 bytes assigned to it. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 6 04:39:39 2018 +0100 accelerated: fix use of SSSE3 vpaes_encrypt Previously we assumed that the nettle GCM internal functions will use the provided ECB function for single block encryption. Newer versions no longer operate that way. Ensure that we are compatible with them. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 5 20:25:23 2018 +0100 accelerated: fix use of aesni_ecb_encrypt() Previously we assumed that the nettle GCM internal functions will use the provided ECB function for single block encryption. Newer versions no longer operate that way. Ensure that we are compatible with them. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 2 15:49:48 2018 +0100 serv: increase cache size used for resumption That allows sessions with longer parameters to be able to be resumed. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 2 11:09:22 2018 +0100 CONTRIBUTING.md: check the issue closing as part of review [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 2 10:35:11 2018 +0100 gnutls-cli: no longer print certificate types or compression methods We don't support any other compression methods than the null compression, nor any other certificate types. Signed-off-by: Nikos Mavrogiannopoulos Author: Jay Foad Date: Sat Jan 27 09:13:17 2018 +0100 Inline version macros into its users. This fixes a problem in _gnutls_version_is_supported() where we want to use preprocessing directives in the loop body. Doing this within a macro argument is undefined behaviour according to the C standard, and not supported by the system compiler on AIX. Signed-off-by: Jay Foad Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 26 15:49:53 2018 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 26 15:48:52 2018 +0100 certtool: deprecated the --certificate-pubkey option That option is duplicate since --pubkey-info can provide the same information. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 26 15:44:21 2018 +0100 certtool: avoid duplicate deinitialization on --certificate-pubkey Resolves #368 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 21 12:25:10 2018 +0100 dh: document why BER decoding rules are allows Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 21 12:19:12 2018 +0100 pubkey: use the strict DER decoder for SubjectPublicKeyInfo Although there is no explicit RFC mentioning the SubjectPublicKeyInfo encoding, this structure is a subset of the X.509 certificate's structure and as such it is expected to be in DER form. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 21 11:36:20 2018 +0100 pk: document need for the generic BER decoder Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 17 19:26:12 2018 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 17 19:25:36 2018 +0100 tests: check whether deletion of a certificate object works Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 17 19:15:46 2018 +0100 p11tool: corrected issue preventing the deletion of objects in batch mode Previously initialization of PIN callbacks would only happen during listing of objects, which happened only in non-batch mode. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 17 19:10:52 2018 +0100 p11tool: corrected type affecting use of --only-urls It would enable batch mode accidentally. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 19 11:42:02 2018 +0100 tests: pkcs11/tls-neg-pkcs11-key: updated for softhsm with PKCS#11 support Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 22 09:06:25 2018 +0100 added sub-section on selecting the right return value [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 17 17:35:54 2018 +0100 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 17 08:38:13 2018 +0100 examples: use gnutls_certificate_set_x509_system_trust Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 12 16:14:23 2018 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 12 13:23:03 2018 +0100 tests: privkey-verify-broken: addressed uninitialized var use Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 10 15:41:50 2018 +0100 tests: check whether get_mtu() functions relate to the set values That is, verify that gnutls_dtls_set_data_mtu() value would be reflected into gnutls_dtls_get_data_mtu(), as well as the gnutls_dtls_set_mtu() to gnutls_dtls_get_mtu(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 10 15:35:36 2018 +0100 tests: added unit test for _gnutls_record_overhead() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 12 09:01:54 2018 +0100 DTLS: improved data MTU calculation under CBC ciphersuites The data MTU calculation under CBC ciphersuites takes into account that the overhead of these ciphersuites is constant (IV + hash + 1 byte padding), though the capacity varies due to the padding block. That is, on 16-byte padding block, one padding byte is the overhead but the rest 15 bytes are accounted for data MTU. That also has the side effect that setting a data MTU using gnutls_dtls_set_data_mtu(), is not definite, and the actual MTU may be larger for these ciphersuites --i.e., the return value of gnutls_dtls_get_data_mtu(). Resolves #360 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 10 10:58:30 2018 +0100 fuzz: added reproducer for leak in gnutls_x509_crl_list_import That was detected by oss-fuzz in: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4930 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 10 10:56:28 2018 +0100 gnutls_x509_crt_list_import: eliminated memory leak That leak would be triggered if GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED flag was used and the input data would exceed the maximum limit. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 9 11:31:45 2018 +0100 libtasn1: updated to latest libtasn1 master branch Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 3 16:41:36 2018 +0100 gnutls_pkcs12_key_parser_fuzzer.in: added reproducer for oss-fuzz #4890 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 7 09:55:37 2018 +0100 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 3 16:27:03 2018 +0100 doc: updated copyright year for manual That eliminates the 'make syntax-check' error. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 30 20:12:36 2017 +0100 tests: added reproducer for self-signed verification error Relates #347 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 30 19:57:08 2017 +0100 x509/verify: when verifying against a self signed certificate ignore issuer That is, ignore issuer when checking the issuer's parameters strength. That resolves the issue of marking self-signed certificates as with insecure parameters during verification. Resolves #347 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 20 08:16:29 2017 +0100 gnutls_pk_self_test: include ECDSA tests on GNUTLS_PK_EC Previously when a request for a specific self check on GNUTLS_PK_EC was done, only ECDH tests would be run. This change includes the ECDSA tests as well (GNUTLS_PK_EC and GNUTLS_PK_ECDSA are an alias to each other). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Dec 19 16:40:59 2017 +0100 tests: hash-large: increase parallelism to allow fast run in CI Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Dec 8 11:14:58 2017 +0100 doc: reference gnutls_prf_rfc5705 instead of gnutls_prf Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Dec 3 11:34:32 2017 +0100 tests: utils.h: forbid compilation with NDEBUG This allows to rely on the assert() macro being functional on the test suite. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Dec 3 10:49:12 2017 +0100 tests: p11-kit-load.sh: verify that all modules are loaded after a private key operation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 30 15:08:22 2017 +0100 tests: enhanced pkcs11/list-tokens This not only creates a trust list with the system certificates, but also attempts to verify a certificate, increasing the number of calls to PKCS#11 verification API (and thus ensuring there are no calls which may trigger the load of other modules). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 30 14:31:07 2017 +0100 pkcs11 verification: always use the GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE That is, make sure that all our calls to PKCS#11 subsystem for verification will only trigger the trust module initialization, and not the generic PKCS#11 initialization. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 30 14:28:46 2017 +0100 pkcs11: simplify trusted module loading state That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE) to determine whether to initialize trusted modules only or proceed with general initialization. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 30 12:52:57 2017 +0100 _gnutls_pkcs11_check_init: improved transition between states The init_level_t for PKCS#11 modules, was incorrectly handled as a linear state transition, causing few cases in the transition to be incorrectly handled. Define precisely the state transitions and enforce them in _gnutls_pkcs11_check_init. That addresses a regression introduced by the previous state handling addition, which made impossible to switch from the trusted state to the all modules. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 30 11:44:14 2017 +0100 tests: corrected destructive/p11-kit-load.sh error checking Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Fri Dec 1 11:13:29 2017 +0100 gnutls-serv: fix double-free on inactivity timeout Previously, gnutls-serv --echo segfaulted when closing client connection after inactivity timeout. Here is the valgrind output: ==20246== Invalid free() / delete / delete[] / realloc() ==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530) ==20246== by 0x405310: listener_free (serv.c:154) ==20246== by 0x408B57: tcp_server (serv.c:1568) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Address 0x6ed4fe0 is 0 bytes inside a block of size 3 free'd ==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530) ==20246== by 0x408A1D: tcp_server (serv.c:1548) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Block was alloc'd at ==20246== at 0x4C2EB6B: malloc (vg_replace_malloc.c:299) ==20246== by 0x6A64489: strdup (in /usr/lib64/libc-2.25.so) ==20246== by 0x407310: get_response (serv.c:948) ==20246== by 0x408840: tcp_server (serv.c:1492) ==20246== by 0x407DA6: main (serv.c:1231) ==20246== Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Nov 28 15:45:59 2017 +0100 .dir-locals.el: new file This forces Emacs to use the Linux kernel coding style for all C code. Signed-off-by: Daiki Ueno Author: Daiki Ueno Date: Tue Nov 28 15:45:54 2017 +0100 build: remove m4 files pulled in by autopoint Having these files in the git repository causes unnecessary changes after "make bootstrap". Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Wed Nov 29 17:16:41 2017 +0100 gnutls_aead_cipher_init: corrected potential memory leak Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 28 14:28:46 2017 +0100 doc: provided basic documentation of the FIPS140-2 mode [ci skip] Resolves #332 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 27 09:42:26 2017 +0100 tests: verify whether group remains the same after resumption Resolves #331 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 27 09:31:52 2017 +0100 _gnutls_set_resumed_parameters: restore the group from resumed parameters That allows resumed sessions to have the original group information such as curve used for key exchange or FFDHE parameters. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 27 08:19:01 2017 +0200 tests: removed unnecessary assert Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 10 14:23:20 2017 +0200 tests: delete temporary files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 11:47:22 2017 +0100 session state: use the right type for send_cert_req variable Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 24 08:17:40 2017 +0100 tests: client-fastopen: introduce child signal handler and delay prior to starting This addresses a hang issue on freebsd builds. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 22 17:36:30 2017 +0100 psktool: allow up to 512-byte keys This aligns the psktool --help output with the psktool operation. Suggested by Jack Lloyd. Resolves #327 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 20:26:43 2017 +0100 getfuncs-map.pl: added gnutls_srp_8192_group* symbols to ignore list Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 19:24:29 2017 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 19:17:01 2017 +0100 srptool: --create-conf no longer includes 1024-bit parameters In addition it includes the 8192-bit parameters, and the default params used for a new user are the 2k ones. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 13:23:21 2017 +0100 tests: updated SRP checks Test 1024, 1536, 2048, 3072, 4096 and 8192 bit parameters. In addition, verify that parameters not in the SRP spec are rejected by a gnutls client. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Nov 21 13:05:12 2017 +0100 .gitlab-ci.yml: move destructive tests after trust store tests That is, to ensure they are only run after the trust store is complete and that it doesn't affect its output. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 14:43:21 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 14:34:20 2017 +0100 tests: include the 8192-bit SRP prime into param checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 14:33:33 2017 +0100 srp: added the 8192-bit prime As we now reject any primes not in the SRP spec, we include that parameter to ensure we can handle clients within the spec but with large parameters. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 14:10:02 2017 +0100 srp: reject any parameters not in the SRP draft This implements the SHOULD requirement from RFC5054, i.e., to only accept group parameters that come from a trusted source, such as those listed in Appendix A. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 14:07:12 2017 +0100 fuzz: srp-client: decreased acceptable prime bits to 1024 [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 9 09:47:10 2017 +0100 tests: combined key and cert tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 9 09:40:23 2017 +0100 tests: windows subdir is only included on windows builds Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 16:32:48 2017 +0100 tests: dtls subdir was merged into main tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 20 13:49:55 2017 +0100 fuzz: srp-client: restrict prime bits to 1537 [ci skip] That avoids timeouts in the oss-fuzz infrastructure: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3277 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Nov 19 16:39:16 2017 +0100 doc: corrected typo Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 16 16:57:29 2017 +0100 doc: better detect acronym keyword on latex output Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 16 16:53:46 2017 +0100 doc: latex: resolve all citation issues Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Nov 16 16:43:21 2017 +0100 doc: citations translate into references in texinfo That makes the citations to be links in the generated html manual. Resolves: #321 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Nov 13 11:03:35 2017 +0100 p11tool: renamed pkcs11_set_pin() to allow static linking Resolves #322 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 15 11:47:31 2017 +0100 cfg.mk: do not include reproducer files into syntax checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 15 10:31:00 2017 +0100 gnutls_x509_ext_import_proxy: corrected memory leak Also added reproducer for the memory leak found. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3159 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 13:56:56 2017 +0100 tools: do not access unused variables This avoids warnings by static analyzers. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Nov 8 10:51:51 2017 +0100 .gitlab-ci.yml: disabled gcc warnings on CI builds and use dash That should decrease the time spent in configure. Based on suggestions by Tim Ruehsen. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Nov 5 20:46:47 2017 +0100 .gitlab-ci.yml: use configure cache file and ccache That reduces the total time spent per build by caching configure checks, and compilation artifacts. Also that patch set no longer uploads coverage files as artifacts. These files are not generally useful, and removing that "feature" will reduce CI running time. Signed-off-by: Nikos Mavrogiannopoulos Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Sat Nov 4 17:18:23 2017 +0100 doc: corrected typo [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 3 15:10:03 2017 +0100 tests: list-tokens: not only list but also verify whether module is operational Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 3 15:03:35 2017 +0100 pkcs11: refuse to load modules with duplicate information That is, when ck_info matches, we soft fail loading the module. That is, because in several cases the pointers got by p11-kit may differ for the same modules. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 3 14:33:24 2017 +0100 tests: enhanced PKCS#11 loading test Test whether implicit initialization in trusted module (e.g., via verification), would result to proper initialization of additional modules once a PCKS#11 function is called. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 30 13:51:33 2017 +0100 tests: added PKCS#11 module loading test This checks: 1. Whether all modules are loaded from p11-kit when no explicit gnutls_pkcs11_init() is called and pkcs11 calls are accessed. 2. Whether only the trusted modules are loaded from p11-kit and no other PKCS#11 calls than PKCS#11 cert validation is performed. 3. Whether the trusted modules are loaded when gnutls_pkcs11_init() is called with manual flag. Resolves #315 Resolves #316 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 30 11:29:38 2017 +0100 pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init() is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11 trust store was not loaded, and thus prevent any certificate validation. This change allows initializing the trust modules only even if generic PKCS#11 support is disabled by the application. Relates #316 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 30 09:57:09 2017 +0100 pkcs11: introduce multiple levels of loading That allows to load the PKCS#11 trusted modules (on systems which use them) without loading all the potentially present PKCS#11 modules. Relates #315 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Oct 31 09:18:15 2017 +0100 CONTRIBUTING.md: added a short text on reviewing code [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Roberto Newmon Date: Sun Oct 29 08:30:02 2017 +0000 Fix non-null warning Help the compiler understand the control flow in the MATCH_FUNC and INVALID_MATCH_FUNC macros. Because we are using macros, the compiler is not able to correlate the replaced values of the macro variables to each other yielding non-null warnings. Introduce a C variable to mimic the macro variable helping the compiler understanding the control flow. Author: Nikos Mavrogiannopoulos Date: Sat Oct 21 15:17:22 2017 +0200 tests: test whether PKCS#11 generation works without login Resolves #147 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 21 15:10:03 2017 +0200 p11tool: attempt to auto-login when the token requires it In operations like generation or writing objects, run as if --login was given if the token is marked to require login. Relates #147 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 21 15:01:53 2017 +0200 p11tool: print PKCS#11 token flags in --list-tokens Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 21 14:53:37 2017 +0200 pkcs11: forward token flags to applications That is, gnutls_pkcs11_token_get_flags() will not return the most common/useful PKCS#11 token flags, in addition to trusted and HW flags. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 21 09:44:37 2017 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 21 02:18:07 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Oct 19 10:14:33 2017 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Thomas Klute Date: Wed Oct 18 19:50:57 2017 +0200 gnutls_server_name_set: Clarify meaning of the name_length parameter [ci skip] Signed-off-by: Thomas Klute Author: Nikos Mavrogiannopoulos Date: Wed Oct 18 15:57:53 2017 +0200 doc: mention SHA224 removal in upgrade guide Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 18 15:55:57 2017 +0200 bumped version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 18 10:18:33 2017 +0200 gnutls-serv: print the right error code on OCSP request setting Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Oct 18 13:42:21 2017 +0200 ocsptool: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Oct 16 11:41:36 2017 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 27 13:25:02 2017 +0200 cmp_hsk_types: fixed check for SSLv2 hello Previously, if SSLv2 hello support was disabled, the check for the expected TLS message was incorrect. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 7 10:06:09 2017 +0200 doc: improve documentation on provable private keys Resolves #301 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Oct 7 09:44:54 2017 +0200 doc: enhanced text on PKCS#7 and public keys Resolves #302 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Oct 1 12:20:18 2017 +0200 tests: check whether key IDs with SHA512 are corrected calculated Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Oct 1 12:18:54 2017 +0200 certtool: allow using SHA512 for key IDs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Oct 1 12:17:26 2017 +0200 _gnutls_get_key_id: introduce flag GNUTLS_KEYID_USE_SHA512 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Oct 1 12:14:11 2017 +0200 tests: check fingerprint generation with SHA512 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Oct 1 12:12:25 2017 +0200 certtool: allow using --fingerprint with sha384 or sha512 Resolves #295 Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Wed Sep 27 19:21:59 2017 +0200 Modernize gtk-doc support Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from gtk-doc git head (that is 1.26 + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. Signed-off-by: Andreas Metzler Author: Rowan Thorpe Date: Wed Sep 27 21:41:43 2017 +0300 Fix autoreconf invocation to actually run autopoint Signed-off-by: Rowan Thorpe Author: Nikos Mavrogiannopoulos Date: Mon Sep 25 16:57:31 2017 +0200 CONTRIBUTING.md: added some text on introducing new APIs [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Sep 24 10:52:08 2017 +0200 tests: re-purposed client_dsa_key test to match new behavior of the library Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Sep 24 10:47:05 2017 +0200 tests: update TLS 1.2 tests to account for RSA-PSS client signatures On commit de4f55b4dcf4bbe8f788e1f8f5bd59cd596f7d36: "signature: on client side, refuse to negotiate non-enabled signature schemes" the behavior of allowing a client to utilize disabled for the session signatures, and thus the negotiated signatures now match the ones in the session's priority string. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 08:37:50 2017 +0200 signature: on client side, refuse to negotiate non-enabled signature schemes That amends/reverts commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4: "On client side allow signing with the signature algorithm of our cert" Previously, when we initially disabled DSA, we allowed client certificates which can do DSA-SHA1 to be utilized to ease migration from these certificates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 09:53:01 2017 +0200 _gnutls_epoch_gc: ensure there are no stray epochs after gc Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 09:29:30 2017 +0200 constate: simplified allocation of epochs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 08:26:22 2017 +0200 _gnutls_epoch_get(): simplified use Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Sep 24 17:42:01 2017 +0200 gnutls_x509_crt/q_set_spki: always initialize the spki structure Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 11:17:21 2017 +0200 gnutls-cli: always initialize the inline commands struct Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 11:13:31 2017 +0200 gnutls-cli-debug: eliminated memory leaks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 11:11:27 2017 +0200 ocsptool: eliminate memory leaks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 11:09:00 2017 +0200 certtool: use assert to protect var access The code correctly uses the variables, but the assert ensures that static analyzers follow the intended paths too. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 11:06:53 2017 +0200 srptool: removed unused variables Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 11:06:24 2017 +0200 psktool: remove unused variables Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 11:05:18 2017 +0200 gnutls-cli: fix memory leak Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 11:04:21 2017 +0200 tools: eliminated dead assignments Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 10:59:58 2017 +0200 ocsptool: check chain size on verification Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Sep 19 11:08:19 2017 +0200 .gitlab-ci.yml: use static analyzer and Werror build in src Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 08:29:17 2017 +0200 tests: enhanced resumption checks with same and different SNI Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 08:19:21 2017 +0200 server name: refuse to resume a session which server name doesn't match That is, follow the RFC6066 requirement that server: "MUST NOT accept the request to resume the session if the server_name extension contains a different name." Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 23 10:47:15 2017 +0200 gnutls-cli: eliminate few memory leaks Signed-off-by: Nikos Mavrogiannopoulos Author: Thomas Klute Date: Thu Sep 21 11:00:33 2017 +0200 tests: New test for SNI parsing during cache-based session resumption Signed-off-by: Thomas Klute Signed-off-by: Nikos Mavrogiannopoulos Author: Thomas Klute Date: Thu Sep 21 10:45:05 2017 +0200 Ensure the SNI extension is parsed during cache-based resumption This patch changes the parse_type of the SNI extension to GNUTLS_EXT_MANDATORY to ensure it is parsed during every handshake. With SNI previously classified as GNUTLS_EXT_APPLICATION, GnuTLS servers ignored the SNI extension when resuming a TLS session from cache, because "application" level extensions are skipped during resumption. As a result, gnutls_server_name_get() always returned GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when called on the resumed session, breaking virtual server systems. According to RFC 6066, Section 3 the SNI extension must be parsed on session resumption if implemented at all: "A server that implements this extension MUST NOT accept the request to resume the session if the server_name extension contains a different name." This change allows applications using GnuTLS to match SNI data on resumed sessions. Signed-off-by: Thomas Klute Author: Dmitry Baryshkov Date: Mon Sep 18 17:06:15 2017 +0300 tests: explicitly check for gnutls.pc in pkgconfig.sh Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Sep 18 13:33:53 2017 +0300 test: use proper library name in pkgconfig.sh error message If there is a -R flag in p11-kit-1.pc file, pkgconfig.sh test will still reference libidn2.pc, rather than proper source of the message. Also move the test for library flags before updating PKG_CONFIG_PATH. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Sep 18 13:32:40 2017 +0300 tests: use libidn2 in pkgconfig.sh Since abe6a12b9766219163f99d7807a0b07fbe5f590c GnuTLS does not support libidn1. Switch pkgconfig.sh test to use libidn2. Signed-off-by: Dmitry Eremin-Solenikov Author: Tim Rühsen Date: Tue Sep 19 20:36:22 2017 +0200 parse-datetime: Fix buffer overflow Author: Nikos Mavrogiannopoulos Date: Mon Sep 18 15:35:32 2017 +0200 tlsfuzzer: document the reason of failure of few fragmentation tests It seems that gnutls does not accept records carrying handshake messages that contain less bytes than necessary to recover the handshake header. The TLS protocol allows that option, and other implementations seem to accept that fragmentation. Relates #272 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 16 18:21:36 2017 +0200 parse_handshake_header: removed duplicate check Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Sep 16 14:03:54 2017 +0200 ecdh: return more appropriate error code on empty packet This makes tlsfuzzer's test-x25519 detect the right error code on empty message. Previously this issue was masked by our refusal to accept 1-byte sized fragments. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 16:34:02 2017 +0200 parse_handshake_header: allow 1-byte sized fragments Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 15 16:21:02 2017 +0200 tests: added reproducer for DTLS infinite loop Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Mon Sep 18 20:55:25 2017 +0200 pkcs11/get_key_algo_type(): Always initialize bits variable Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Sep 18 20:53:23 2017 +0200 tests/base64-raw: Remove unused variable Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Sep 18 15:54:19 2017 +0200 gnutls.h: Remove redundant function declarations Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Thu Sep 14 11:56:27 2017 +0200 x509: removed debugging code [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 27 13:58:58 2017 +0200 tests: modified the MD5 signature algorithm negotiation tests Since GnuTLS can no longer negotiate MD5, we utilize a byte stream of a connection which advertises MD5, and we make sure we detect the right error code for the rejection of MD5 signature. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 27 08:42:10 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 27 08:36:01 2017 +0200 tlsfuzzer: no longer include tests involving SHA224 signatures We no longer support them. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 26 15:04:32 2017 +0200 algorithms/sign: removed TLS identifiers for legacy algorithms That is, for the MD5-using algorithms, as well as for the DSA2 signature algorithms that were never really used with TLS 1.2. Kept DSA-SHA1 in order to be used by TLS 1.2 and legacy applications. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 26 15:02:47 2017 +0200 algorithms/sign: legacy signature algorithms were moved toward the end of the list Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 26 14:58:17 2017 +0200 algorithms/sign: no longer enable SHA224 hash in signatures TLS 1.3 requires that SHA224 MUST NOT be used, and given the fact that SHA224 was never widespread used in TLS 1.2, there is no reason to keep these algorithms at all. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 8 16:19:38 2017 +0200 tlsfuzzer: added large client hello tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 8 15:16:55 2017 +0200 win32: removed no longer used subdir Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 8 14:01:09 2017 +0200 .gitlab-ci.yml: added warning cppcheck checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 16:54:24 2017 +0200 .gitlab-ci.yml: removed initialization step That is, combine syntax-check with the static analyzers run. That provides more parallelism per build and reduces the overall time spent on a successful run. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 16:20:01 2017 +0200 doc: added README on FreeBSD CI setup Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 16:21:44 2017 +0200 .gitlab-ci.yml: added FreeBSD build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 17:05:57 2017 +0200 tests: ip-utils: added include for FreeBSD compilation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 14:12:20 2017 +0200 .gitlab-ci.yml: enable more cppcheck tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 8 12:15:47 2017 +0200 tests: updated tlsfuzzer to reduce rsa-pss failures Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 15:51:57 2017 +0200 crq: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 09:31:30 2017 +0200 tests: added unit test for gnutls_x509_crq_sign Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 09:11:06 2017 +0200 tests: added verification checks into crl_apis Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 09:10:20 2017 +0200 gnutls_x509_crl_verify: check next update field for presence If not present do not attempt to utilize its value. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 08:33:24 2017 +0200 tests: added verification check into crt_apis Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 08:30:13 2017 +0200 tests: added unit test for gnutls_x509_crt_sign Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 08:24:41 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 09:23:28 2017 +0200 gnutls_x509_crq_sign: undeprecate After the updates of the function semantics, it is no longer needed to deprecate it. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 09:13:54 2017 +0200 gnutls_x509_crl_sign: undeprecate After the updates of the function semantics, it is no longer needed to deprecate it. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 09:21:16 2017 +0200 gnutls_x509_crq_sign: no longer sign with SHA1 Modify the behavior of the functions to sign with an appropriate to the public key hash algorithm. That although it modifies the semantics of the functions, it allows them to be useful even after SHA1 is considered insecure. In addition to that, the functions which accept a hash algorithm, will accept a null hash, which instructs the function to select a reasonable choice. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 08:21:47 2017 +0200 gnutls_x509_*_sign: no longer sign with SHA1 Modify the behavior of the functions to sign with an appropriate to the public key hash algorithm. That although it modifies the semantics of the functions, it allows them to be useful even after SHA1 is considered insecure. In addition to that, the functions which accept a hash algorithm, will accept a null hash, which instructs the function to select a reasonable choice. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 08:12:05 2017 +0200 doc: document the change of gnutls_x509_crt_sign Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Sep 8 08:31:42 2017 +0200 tests: tolerate leaks in opensc-pkcs11 when present Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Sep 7 08:08:12 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 6 14:51:59 2017 +0200 tests: added reproducer for safe renegotiation failure with openssl Relates #259 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 6 15:11:00 2017 +0200 handshake: check SCSVs prior to resuming a session This ensures that extensions which are also available as SCSVs are parsed prior to resuming a session. This resolves an issue with openssl sending SCSV instead of an extension for the safe renegotiation. Relates #259 Signed-off-by: Nikos Mavrogiannopoulos Author: Thomas Klausner Date: Wed Sep 6 19:16:30 2017 +0200 Use $(LIBDL) instead of hardcoding -ldl. Author: Nikos Mavrogiannopoulos Date: Wed Sep 6 14:34:20 2017 +0200 cmocka: require 1.0.1 This prevents failures in test suite due to insufficient cmocka library version. Resolves #268 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Sep 6 09:46:05 2017 +0200 tlslite-ng: updated to latest version This addresses issues with RSA-PSS signing. Signed-off-by: Nikos Mavrogiannopoulos Author: Avinash Sonawane Date: Thu Aug 31 18:05:04 2017 +0530 cli-debug-args.def: Fix typo Signed-off-by: Avinash Sonawane Author: Nikos Mavrogiannopoulos Date: Tue Aug 29 15:38:49 2017 +0200 latex: handle the deprecated function mark [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 29 13:56:58 2017 +0200 .gitlab-ci.yml: give more specific name to windows job artifacts [ci skip] This allows a more descriptive name to any downloaded artifacts. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 28 15:16:58 2017 +0200 tools: removed re-using PIN message when in non-verbose mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 28 12:57:38 2017 +0200 p11tool: print public or private key algorithm Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 28 14:20:36 2017 +0200 gnutls_pkcs11_privkey_generate3: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 26 17:27:09 2017 +0200 tests: check whether generated private keys are marked private Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 26 17:16:26 2017 +0200 tests: added unit test of p11tool with --set-pin Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 26 17:02:28 2017 +0200 tests: check whether generated or copied keys are marked as sensitive Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 15:58:14 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 15:56:49 2017 +0200 p11tool: allow obtaining PIN from command line on operations Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 14:49:33 2017 +0200 certtool: eliminate global use of default_dig Use instead the cinfo->hash field which is already used by p11tool. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 12:01:37 2017 +0200 tests: krb5-test: disable valgrind mem leak checks for negative checks Resolves #192 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 11:47:28 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 11:41:47 2017 +0200 tests: check whether p11tool signing with RSA-PSS works Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 10:53:51 2017 +0200 p11tool: allow signing with RSA-PSS and specifying an explicit hash Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 10:41:27 2017 +0200 sign_params_to_flags: moved to certtool-common.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 10:33:27 2017 +0200 certtool: hash_to_id moved to certtool-common.c Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sat Aug 26 17:49:28 2017 +0200 Fix some typos [ci skip] occurence -> occurrence sucessful -> successful Signed-off-by: Andreas Metzler Author: Tom Vrancken Date: Fri Aug 25 19:54:58 2017 +0200 Fixed segmentation faults caused by accessing NULL pointers during mutex operations. This bug was triggered while setting priorities. Signed-off-by: Tom Vrancken Author: Nikos Mavrogiannopoulos Date: Fri Aug 25 16:15:24 2017 +0200 p11tool: explicitly mark generated keys as sensitive Signed-off-by: Nikos Mavrogiannopoulos Author: Alon Bar-Lev Date: Sat Aug 26 00:16:03 2017 +0300 tests: windows: warning: function declaration isn't a prototype Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Fri Aug 25 23:45:44 2017 +0300 tests: warning: implicit declaration of function Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Thu Aug 24 17:03:17 2017 +0200 m4: updated ax_code_coverage.m4 [ci skip] This version fixes a bug which prevented including the branch coverage into output. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Mon Aug 21 15:19:25 2017 +0200 fuzzer: Enhance code coverage of gnutls_base64_encoder_fuzzer Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Aug 21 15:16:55 2017 +0200 fuzzer: Add script 'view-coverage' This helper script is for viewing the code coverage of single (or combined) fuzzers running with all his corpora. It helps optimizing the code coverage by hand-crafting corpora and/or dictionaries. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Aug 21 14:22:58 2017 +0200 fuzzer: Change CFLAGS -O0 to -O1 in fuzz/README.md Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Aug 21 14:20:54 2017 +0200 fuzzer: Update corpora from oss-fuzz Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Thu Aug 24 15:29:19 2017 +0200 tlslite: updated to latest version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 23 10:20:05 2017 +0200 certtool: do not ask about RSA encryption in non-RSA keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 22 16:17:54 2017 +0200 fuzz: work-around libtool file name fuzzers utilize argv[0] to discover the name the reproducers are stored in. However libtool creates a script which later runs the executable. Try to detect that situation and use the right paths. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 22 08:48:03 2017 +0200 dh params: document DH param setting functions as deprecated They are no longer useful after the RFC7919 DH parameter negotiation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 10:03:54 2017 +0200 tests: introduced unit test of gnutls_memset() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 22 07:27:03 2017 +0200 fuzz: removed -static ldflag completely It is not necessary for building the fuzzer, and was causing issues in MacOSX systems. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 21 09:47:59 2017 +0200 .gitlab-ci.yml: use the same flags in the tags and non-tags windows builds Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 21 09:46:07 2017 +0200 tests: p11-kit-trust is not compiled in windows Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 21 08:35:07 2017 +0200 fuzz: temporarily disable -static build of fuzz/ in MacOSX This allows running the MacOSX CI tests on travis. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 21 08:26:57 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 21 07:56:58 2017 +0200 tests: verify the output size of gnutls_x509_privkey_export That is, make sure that gnutls_x509_privkey_export() and gnutls_x509_privkey_export2() agrees with the strlen() value on the data. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 20 20:46:31 2017 +0200 .travis.yml: print failed log files in fuzz after failure Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 20 19:43:52 2017 +0200 hooks.m4: reduce the gap between minor soversion of 3.5.x and 3.6.0 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 20 09:24:19 2017 +0200 tests: make mini-record more friendly for OSes with limited buffers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 20 09:18:05 2017 +0200 pull/push backends: ECONNRESET is translated to GNUTLS_E_PREMATURE_TERMINATION This returns a more reasonable error code on platforms where this errno is set. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 20 09:05:02 2017 +0200 tests: gnutls_x509_privkey_import: address issue on error path Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 20 00:18:44 2017 +0200 sed: use it in a portable way in makefiles Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 19 23:33:46 2017 +0200 configure: disable hardware acceleration on aarch64/ilp32 mode Our included assembly code for aarch64 is not suitable for that data mode. Resolves #252 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 19 13:39:28 2017 +0200 create_tls_random: avoid warning in fuzzying mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 19 08:58:37 2017 +0200 configure.ac: removed conditional FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION Instead rely only on the definition, to make fuzzying mode to be enabled even if --enable-fuzzer-target is not specified, but defined b the compiler. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 19 08:56:28 2017 +0200 rnd-fuzzer: use ifdef instead of conditional compilation This allows compiling in fuzzying mode even when --enable-fuzzer-target is not specified on configure, but the definition is present. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Fri Aug 18 21:39:13 2017 +0200 fuzzer: Update base64 fuzzers + corpora Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Aug 18 21:32:28 2017 +0200 fuzzer: Fix include path in run-clang.sh [skip ci] Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 15:43:43 2017 +0200 gnutls_x509_privkey_export: use _gnutls_copy_string on PEM data Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 13:05:34 2017 +0200 Corrected argument names of functions to correspond to declaration Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 12:57:07 2017 +0200 lib: use casts and be explicit on intentional enumeration use Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 13:56:04 2017 +0200 gnutls-cli-debug: do not run non-FIPS cipher tests when in FIPS mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 12:52:20 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 12:47:12 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 11:51:53 2017 +0200 tests: added basic test for the operation of gnutls-cli-debug Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 11:44:55 2017 +0200 tests: verify the presence of GNUTLS_SFLAGS_RFC7919 flag in server and client mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 11:34:46 2017 +0200 gnutls-cli-debug: check whether RFC7919 is supported Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 11:31:52 2017 +0200 gnutls_session_get_flags: introduced GNUTLS_SFLAGS_RFC7919 This allows checking whether the DHE parameters used were negotiated using RFC7919. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 11:22:11 2017 +0200 gnutls_auth_*: check cs parameter for validity prior to use Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 11:16:50 2017 +0200 certtool: simplified certificate PEM printing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 11:14:16 2017 +0200 gnutls-cli: fixed bounds check on benchmark-tls Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 10:44:21 2017 +0200 lib: removed legacy debugging code That code was code from the initial versions of gnutls. It was neither used nor updated for long time. Relates #248 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 10:35:03 2017 +0200 fuzz: added missing files into dist [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 10:06:36 2017 +0200 tests: added missing files in dist [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 10:05:36 2017 +0200 tests: do not suppress stderr errors on servers startup Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 17 17:41:34 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 08:39:50 2017 +0200 abi-check: added check for 3.6.0 ABI compatibility Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 18 08:38:48 2017 +0200 gnutls_x509_crl_get_issuer_dn: removed unnecessary const Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 17 11:27:24 2017 +0200 certtool: fixed documentation of sign-params Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 17 10:50:56 2017 +0200 README.md: mention lockfile-progs dependency Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 17 10:02:47 2017 +0200 tests: tls-neg-ext4-key: explicitly restrict to TLS 1.2, 1.1 and 1.0 This allows testing all signature types used in the protocol. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 17 09:59:53 2017 +0200 sign APIs: introduce RSA-RAW signing algorithm This ensures that there is a signing algorithm for all the operations we support. Previously, we required GNUTLS_SIGN_UNKNOWN to be acceptable by signing functions to accomodate for raw RSA operations. Now we make that explicit and in the process clean-up the API. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 17 10:09:13 2017 +0200 removed devel/fuzz; functionality moved to fuzz/ [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Fri Aug 11 21:42:02 2017 +0200 fuzzer: Add 'make -C fuzz coverage' [ci skip] This reports how much code is covered by fuzzing. Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Mon Aug 14 08:46:03 2017 +0200 _gnutls_recv_server_certificate_status: use the same type in subtracted values This ensures that there are no issues with subtracting those values. Note that the second is read from an uint24_t and thus it is always positive regardless its type. Resolves #245 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 14 08:42:51 2017 +0200 _gnutls_proc_srp_client_kx: use same type in subtracted values This ensures that there are no issues with subtracting those values. Note that the second is read from an uint16_t and thus it is always positive regardless its type. Resolves #244 Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Tue Aug 15 12:34:25 2017 +0200 fuzzer: Move regression corpora from tests/ to fuzz/ See fuzz/README.md for the corresponding paths. Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Aug 14 12:34:00 2017 +0200 fuzzer: Suppress leak in libgmp <= 6.1.2 Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Fri Aug 11 18:31:35 2017 +0200 fuzzer: Suppress unsigned integer overflow in rnd-fuzzer.c Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Sat Aug 5 20:49:19 2017 +0200 fuzzer: Initial check in for improved fuzzing Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 08:24:59 2017 +0200 fuzzer: added a fuzzer target This allows to compile the library with flags which will add predictable random generation and eliminate some crypto checks, in order for the library to be used for testing (fuzzying). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 16:40:41 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 16:39:36 2017 +0200 gnutls_x509_privkey_export: made a wrapper over gnutls_x509_privkey_export2() In addition, improved function description. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 13:23:39 2017 +0200 gnutls-http-serv: use RSA-PSS key Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 13:11:03 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 12:58:02 2017 +0200 tests: use certtool to check RSA-PSS to RSA conversion Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 12:07:01 2017 +0200 certtool: introduced --to-rsa option This allows converting an RSA-PSS key to raw RSA. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 11 16:37:21 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 11 12:30:17 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 15:51:34 2017 +0200 tests: added unit tests for gnutls_privkey_import_ext4 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 15:00:46 2017 +0200 gnutls_privkey_import_ext4: introduced to allow signing with RSA-PSS or Ed25519 keys That function allows a signing callback which passes the signature algorithm, providing all the information to callback for signing. It also introduces GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO flag which allows the library to query the private key of the supported signature algorithms. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 10:47:11 2017 +0200 reduce common asserts to assist in debugging the library Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 10:29:42 2017 +0200 doc: algorithms.texi: include list of groups but skip compression methods Compression methods are no longer relevant or supported, and groups replace the elliptic curves. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 15 10:27:19 2017 +0200 doc: improved elliptic curve and group documentation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 14 19:02:45 2017 +0200 doc: mention the AES-DRBG random generator [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 11 12:40:14 2017 +0200 tests: improved detection of 64-bit systems We now use the ${ac_cv_sizeof_unsigned_long_int} variable which gives the numbers used in the host system, not the build one. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 10 10:51:26 2017 +0200 tests: updated for new x86 host Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 10 09:37:07 2017 +0200 .gitlab-ci.yml: replaced the f23 x86 build with a f26 x86 build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 11 11:09:39 2017 +0200 fuzz: explicitly initialize and deinitialize the library [ci skip] This enables the fuzzers to run even when statically linked. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 13:08:31 2017 +0200 handshake: eliminated unnecessary function wrappers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 10:35:13 2017 +0200 gnutls_int.h: reduce memory occupied by ext_data Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 10:25:10 2017 +0200 gnutls_int.h: reduced the maximum number of epoch states we keep There was no need to keep 16 epochs, as we typically we have only one or two active. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 10:14:11 2017 +0200 gnutls_int.h: removed unused variable from state Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 14 11:30:51 2017 +0200 extensions: simplified requirements from send callback The callback no longer needs to return the number of sent data; they are now calculated by the caller. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 27 11:42:25 2017 +0200 ext/ecc: renamed Supported curves extension Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 27 11:01:08 2017 +0200 gnutls-serv: --require-client-cert no longer implies --verify-client-cert That is, it is now possible to require a client certificate without verifying it. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 10 10:35:22 2017 +0200 CONTRIBUTING.md: corrected typo [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 16:59:15 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 10:30:04 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 09:40:03 2017 +0200 CONTRIBUTING.md: added section on symbol versioning Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 11:06:18 2017 +0200 libgnutls.map: separated symbols introduced in 3.6.0 This separation assists tools like rpm which can detect the right version of the library to use, by using the symbol version. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 10:21:06 2017 +0200 tests: added reproducer for private key import leak Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=561 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 13:18:33 2017 +0200 rnd: use time_t for prng_reseed_time This ensures that all time comparisons are done under the same type. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 10:20:36 2017 +0200 gnutls_x509_privkey_import_pkcs8: fixed memory leak on incorrect key import Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 09:58:17 2017 +0200 tests: added reproducer for memory leak in SRP server Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2859 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 09:57:49 2017 +0200 gnutls_srp_verifier: corrected memory leak Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 09:52:37 2017 +0200 tests: added reproducer for memory leak in RSA-PSK Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2863 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 09:52:21 2017 +0200 rsa-psk: corrected memory leak on invalid decrypt Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 10:44:56 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 9 10:41:58 2017 +0200 p11tool: --generate-xxx options were replaced by generate-privkey Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Mon Aug 7 23:04:36 2017 +0200 Fix memleaks in gnutls_x509_trust_list_add_crls() Signed-off-by: Tim Rühsen Author: Tim Rühsen Date: Mon Aug 7 23:04:05 2017 +0200 Fix memleak in gnutls_x509_crl_list_import() Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 15:03:53 2017 +0200 publickey: fixed incorrect assignment Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 15:03:11 2017 +0200 mac: simplified iteration functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 14:59:56 2017 +0200 corrected input to gnutls_sign_supports_pk_algorithm Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 14:59:44 2017 +0200 extensions: corrected flag check Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 15:50:44 2017 +0200 tests: updated for new rsa-pss key in doc/credentials Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 12:51:58 2017 +0200 cert selection: prioritize RSA-PSS certs over RSA RSA and RSA-PSS can both be used for RSA-PSS operations, and as such without prioritizing RSA-PSS certificates it is unknown which certificate will be used for an RSA-PSS operation. The reason we want to have only RSA-PSS keys used for RSA-PSS operations is to cover the use case where a server uses a legacy RSA certificate for clients that don't support RSA-PSS and an RSA-PSS certificate for the rest, thus separating the keys used for these client groups. That separation ensures that any issue on PKCS#1 1.5 (legacy RSA), would not affect sessions which use RSA-PSS. Resolves #243 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 11:35:26 2017 +0200 gnutls_certificate_credentials_t: combine privkey into cert_st structure This reduces the number of applications and allows for easier use of the structure information, as they are now self-contained for most uses. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 10:56:17 2017 +0200 tests: verify whether the RSA-PSS key is preferred on RSA-PSS sigs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 8 09:27:57 2017 +0200 certtool: eliminated unused variable Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 7 16:32:17 2017 +0200 tests: added negative tests in provable-privkey Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 7 16:23:29 2017 +0200 gnutls_pk_params_st: separate flags/qbits and curve Previously we were using the field flags to store the size of q in case of GNUTLS_PK_DH, some key generation flags in case of GNUTLS_PK_RSA, and the curve in case of elliptic curve key. Separate this into multiple fields to reduce confusion on the field. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 7 14:55:38 2017 +0200 tests: check whether validation parameters are lost on key re-import Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 5 20:08:31 2017 +0200 certtool: improved documentation on --provable option Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 5 19:52:40 2017 +0200 certtool: create mapping between --load-x and --info options That allows using: certtool --certificate-info --load-certificate FILE and certtool --certificate-info --infile FILE Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 5 19:35:53 2017 +0200 certtool: removed definitions of non-existing functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 5 17:08:16 2017 +0200 tests: updated for the new provable private key format Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 5 10:17:46 2017 +0200 gnutls_x509_privkey_verify_seed: improved error on missing validation parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 1 16:17:45 2017 +0200 certtool: silence warnings related to --pkcs8 There is no reason to bug the user with such details by default. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 1 15:18:34 2017 +0200 certtool: better print provable key validation parameters That is, include hash in the printable set, and keep spaces from next fields. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 1 15:11:12 2017 +0200 certtool: provable private keys are always exported in PKCS#8 form That allows the provable parameters to be included. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 1 14:43:04 2017 +0200 x509: no longer emit the previous custom format for provable parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 1 14:30:06 2017 +0200 x509: store and read provable seed in PKCS#8 form of key Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 2 10:28:07 2017 +0200 Added information on OID registry Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 1 14:23:31 2017 +0200 pkix.asn: removed unused DomainParameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 1 11:29:26 2017 +0200 x509: separated PKIX1 attributes parsing code for cert request handling This allows other code to utilize it. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Aug 7 09:36:20 2017 +0200 _gnutls_fbase64_decode will always return non-zero That is, document that fact and update its callers to remove checks for zero. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 6 17:23:52 2017 +0200 _gnutls_base64_decode: reject all zero-length string encodings on decoding Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 6 11:34:39 2017 +0200 wrap_nettle_pk_fixup: added sanity check in RSA-PSS param checking Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 6 11:34:10 2017 +0200 _decode_pkcs8_rsa_key: signal error in RSA privkey decoding Addresses oss-fuzz issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 6 11:28:15 2017 +0200 tests: added reproducer for private key crash Found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Aug 6 10:17:29 2017 +0200 tests: added unit test of gnutls_x509_crt_list_import Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Aug 5 09:35:14 2017 +0200 tests: added reproducer applications for psk and srp fuzzers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 19:47:00 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 02:57:03 2017 +0200 gnutls_server_fuzzer: added ed25519 key/cert Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 31 09:22:51 2017 +0200 removed references for "new" semantics of PEM base64 encode and decode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 31 09:19:22 2017 +0200 base64: reverted the raw semantics from the PEM encoding/decoding functions Keeping the complex semantics with NULL headers would most likely cause issues in the future. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 31 09:15:20 2017 +0200 base64: test the new base64 encoding and decoding functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 31 09:13:35 2017 +0200 base64: uniformly use GNUTLS_E_BASE64_DECODING_ERROR for decoding errors Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 31 09:08:24 2017 +0200 base64: introduced new functions for base64 encoding Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 19:05:23 2017 +0200 tests: gnutls_x509_privkey_import: enhanced to test DER key import It seems that this function was not tested for multiple cases of private keys in DER mode. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 03:43:42 2017 +0200 gnutls_x509_privkey_import: allow importing ed25519 PKCS#8 keys in DER form Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 14:00:27 2017 +0200 sign/digest: separate "brokenness" of signatures and hash algorithms That is, allow digital signatures to be marked as broken irrespective of their used hash, and restrict hash brokenness to preimage resistance. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 13:40:21 2017 +0200 sign: use C99 syntax for signature algorithm's table Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 13:22:51 2017 +0200 .gitlab-ci.yml: enable multiple undefined sub-sanitizers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 16:40:29 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 31 13:51:56 2017 +0200 p11tool: auto-generate the list of PKCS#11 mechanisms from p11-kit Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 12:11:06 2017 +0200 tests: added unit test for gnutls_x509_privkey_import Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 11:52:28 2017 +0200 tests: added TLS negotiation with various keys under PKCS#11 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 11:48:40 2017 +0200 x509_privkey: handle keys which can only have PKCS#8 form transparently Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 11:00:03 2017 +0200 tests: updated for errors returned due to early signature selection Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 10:30:25 2017 +0200 tests: added check for the negotiation of ext keys That is, check whether we can negotiate TLS with ext abstract key types, and whether the algorithms which cannot be used with that key type, gracefully fail. Relates #234 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 10:22:29 2017 +0200 privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or GNUTLS_PK_EDDSA_ED25519 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 10:09:54 2017 +0200 _gnutls_check_key_cert_match: use the new API for signing This ensures that the same signature algorithm is used for signing and verification. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 10:02:59 2017 +0200 privkey: return less specific but more appropriate error on invalid pks for ext keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 09:27:03 2017 +0200 prior to negotiating a signature check compatibility with private key That is, check if the private key can support the public key operation needed for the signature. That in particular includes, excluding the Ed25519 and RSA-PSS from being used with the 'EXT' keys as the current API cannot handle them, and RSA-PSS from being used by PKCS#11 RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism. Relates #234 Resolves #209 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 09:21:59 2017 +0200 pkcs11: mark RSA PKCS#11 key which can do RSA-PSS Also refuse to sign with RSA-PSS if the mechanism is not supported. Relates #208 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 11:55:52 2017 +0200 handshake: select a signature algorithm early That is, select the signature algorithm at the point the certificate and ciphersuites are decided. Also ensure that a compatible signature algorithm with the ciphersuite and the key is selected. That prevents situations where a ciphersuite and a certificate are negotiated, but later on the handshake we figure that there are no common signature algorithms. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 08:46:18 2017 +0200 tests: added basic unit test of gnutls_pkcs11_token_check_mechanism Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 18:07:54 2017 +0200 gnutls_pkcs11_token_check_mechanism: introduced function to check token for a particular mechanism Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 10:45:20 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 10:21:06 2017 +0200 x509/output: print error on invalid public key parameters on certificate Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 10:05:29 2017 +0200 gnutls_pk_get_oid: return early on unknown algorithm Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 09:48:42 2017 +0200 tests: check whether the gnutls_x509_*_set_spki will reject invalid values Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 09:34:23 2017 +0200 tests: updated for gnutls_x509_spki_get_rsa_pss_params Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 09:29:12 2017 +0200 tests: added unit test of generation of legal and illegal rsa-pss parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 09:25:31 2017 +0200 spki: combined all exported functions to a single set and get This simplifies setting parameters for a particular key type, as well as getting them. The advantage is that they are set atomically, preventing an inadverterly half-filled structure. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 09:13:15 2017 +0200 certtool: set RSA-PSS parameters using GNUTLS_KEYGEN_SPKI kdata type Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Aug 4 09:06:32 2017 +0200 introduced error code GNUTLS_E_PK_INVALID_PUBKEY_PARAMS This is being use to indicate errors in the public key parameters such as the RSA-PSS salt size or digest algorithm. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 16:46:32 2017 +0200 gnutls_x509_privkey_generate*: allow specifying the SPKI parameters for key generation This in turn removes the need for reading the flag GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE on the key generation process. The flag is now only used during key signing which is also its documented purpose. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 16:29:18 2017 +0200 gnutls_x509_privkey_set_spki: check validity of parameters set Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 16:21:26 2017 +0200 gnutls_x509_cr*_set_spki: check for validity of parameters set Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 16:16:49 2017 +0200 _gnutls_x509_check_pubkey_params: removed unnecessary parameter Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 16:06:06 2017 +0200 tests: added check for import of RSA-PSS key with invalid salt Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 15:37:18 2017 +0200 gnutls_pubkey_import_x509: propagate errors from gnutls_x509_crt_get_pk_algorithm Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 15:16:08 2017 +0200 _rsa_pss_verify_digest: verify the validity of the salt_size length on verification Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 15:08:43 2017 +0200 gnutls_x509_privkey_import: immediately exit on GNUTLS_E_PK_INVALID_PRIVKEY Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 15:00:00 2017 +0200 wrap_nettle_pk_fixup: check RSA PSS parameters for validity on import Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 11:03:44 2017 +0200 gnutls_x509_*_set_spki: removed arbitrary restrictions to setting parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 28 08:20:16 2017 +0200 tests: added unit test for the SPKI abstract functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 11:24:40 2017 +0200 tests: chainverify: included negative and positive tests with RSA-PSS signed chains Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 15:03:00 2017 +0200 pct_test: use local SPKI structure to override parameters if not set Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 08:44:05 2017 +0200 fixup_spki_params: use GNUTLS_E_CONSTRAINT_ERROR for RSA-PSS violations Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 08:28:54 2017 +0200 _gnutls_x509_read_pkalgo_params: initialize params structure That is the primary call on these parameters, thus it should initialize the structure with something reasonable. That is similar to behavior of _gnutls_x509_read_rsa_pss_params. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 08:14:37 2017 +0200 RSA-PSS parameter checking was moved to lower level functions That way all PKI callers get protected by the checks. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 07:55:24 2017 +0200 signature security level check were moved to lower level functions That way all callers (including PKI functions) get protected by the available checks. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 07:19:36 2017 +0200 _wrap_nettle_pk_encrypt: return GNUTLS_E_INVALID_REQUEST on unsupported algorithms That is a more specific error code than internal error. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 07:10:22 2017 +0200 certtool: print signature algorithm in cert verification output Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 17:51:00 2017 +0200 verify_crt: translate GNUTLS_E_CONSTRAINT_ERROR to verification status flag Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 17:50:33 2017 +0200 x509/sign: in debugging mode print the signature algorithm Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 17:34:14 2017 +0200 _gnutls_x509_validate_sign_params: use GNUTLS_E_CONSTRAINT_ERROR for mismatch of RSA-PSS parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 17:28:00 2017 +0200 _gnutls_x509_read_rsa_pss_params: fail early on unknown hash algorithms Also utilize GNUTLS_E_CONSTRAINT_ERROR for signaling differences between the hash functions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 16:55:02 2017 +0200 gnutls_pubkey_get_preferred_hash_algorithm: will take into account the RSA-PSS SPKI In addition it will offer a SHA hash depending on the key size for RSA public keys. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 16:45:00 2017 +0200 certtool: sign_params_to_flags: use strtok to parse input Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 15:41:51 2017 +0200 certtool: copy SPKI information from private key when available That also addresses a bug due to which SPKI information was not set. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 15:54:07 2017 +0200 x509/output: Subject Public Key parameters are printed just before actual key That allows to easier figure out algorithm and basic parameters, rather than having them at the end of long key output. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 15:35:15 2017 +0200 gnutls_x509_crt_set_spki: be more verbose in parameter restrictions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 15:07:42 2017 +0200 _gnutls_privkey_update_spki_params: use GNUTLS_E_CONSTRAINT_ERROR on mismatch of hash That is a more specific error code for hash mismatch between public key information and signature. In addition only override the salt size, if it is set to zero without the proper flags. That prevents the update function from setting an invalid (lower) than the expected size. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 15:00:17 2017 +0200 cert-tests: use .tmp suffix for all tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 14:43:15 2017 +0200 certtool: allow specifying RSA-PSS parameters for key generation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 14:56:36 2017 +0200 _gnutls_x509_write_rsa_pss_params: refuse to write RSA-PSS parameters we cannot use Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 14:30:03 2017 +0200 certtool: group together common options Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 13:41:46 2017 +0200 tests: modified to account new errors Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 17:58:06 2017 +0200 gnutls_x509_*_get_signature_algorithm: simplified error handling These functions were documented to return a negative error code on failure, as well as GNUTLS_SIGN_UNKNOWN on unknown algorithms. Simplify them by only returning GNUTLS_SIGN_UNKNOWN on all error conditions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 13:24:52 2017 +0200 _gnutls_x509_get_signature_algorithm: return negative error code on unknown algorithm This allows internal callers to quickly fail on errors. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 13:40:31 2017 +0200 compare_sig_algorithm: modify to work even for certs with unsupported signature algorithm Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 09:20:22 2017 +0200 pubkey_verify_hashed_data: simplified and made static That also removes its ability to operate with the 'unknown' signature algorithm, and forces the TLS 1.0 key exchange to supply the right algorithm or flags. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 26 09:16:03 2017 +0200 pubkey_verify_data: accept signature entry instead of PK and hash That aligns better with current callers which know the signature algorithm in use. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 17:00:00 2017 +0200 NEWS: documented the SPKI handling functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 13:42:12 2017 +0200 tests: added RSA and RSA PSS key unit tests That is test: 1. Whether RSA-PSS keys will refuse to sign with incompatible signature 2. Whether RSA-PSS public keys cannot be used for encryption 3. Whether RSA-PSS keys cannot be used for signing with PKCS#1 1.5 4. Whether an RSA key can be converted to an RSA-PSS one with the public APIs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 16:52:18 2017 +0200 certtool: do not print error on missing RSA-PSS parameters on key Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 27 16:53:57 2017 +0200 Added convention for missing SubjectPublicKeyInfo params field That is, when that field is missing, the spki_st structure field pk will be set to GNUTLS_PK_UNKNOWN. In that case other fields are undefined. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 14:01:48 2017 +0200 *set_spki(): return error on incompatible algorithms In addition update the public key algorithm field in the respective structure. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 16:33:26 2017 +0200 gnutls_x509_privkey_generate2: do not hardcode the RSA-PSS hash to SHA256 Instead use _gnutls_pk_bits_to_sha_hash() to set an appropriate hash for the number of bits of the key. This matches better the "intention" of RSA-PSS or tying the security parameter with the salt and hash. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 14:14:49 2017 +0200 _decode_pkcs8_rsa_pss_key: ensure we set the PSS PK identifier Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 13:38:34 2017 +0200 cleanup: removed duplicate parameter in gnutls_pubkey_st Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 13:28:44 2017 +0200 gnutls_x509_privkey_int: eliminated duplicate pk_algorithm field Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 13:34:50 2017 +0200 cleanup: removed unnecessary/duplicate parameters in _dsa_q_to_hash Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 13:18:05 2017 +0200 cleanup: removed unnecessary/duplicate parameters in functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 13:12:19 2017 +0200 cleanup: removed unnecessary/duplicate parameters in functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 12:01:52 2017 +0200 abstract.h: added functions to read and write SPKI information Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 11:48:58 2017 +0200 gnutls_x509_privkey_set_spki: introduced function to update SPKI on a key Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 24 16:35:50 2017 +0200 tests: added unit test for the SPKI related functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 11:37:04 2017 +0200 x509.h: Renamed SPKI related functions This better reflects their purpose as providers of information for subject public key. In addition use 'const' for fields that should be left intact. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 09:43:05 2017 +0200 tests: introduced RSA-PSS key exchange with a key fixed to rsa-pss with sha256 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 10:06:10 2017 +0200 _gnutls_pubkey_compatible_with_sig: enforce RSA-PSS requirements That is require that parameters in an RSA-PSS key which has them explicitly set, are respected with regards to signature algorithm negotiation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 09:39:32 2017 +0200 tests: eagain-common.h: remove superfluous information Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 08:49:30 2017 +0200 tests: renamed tests for uniformity Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 24 16:15:15 2017 +0200 tests: added unit test for RSA-PSS signing over PKCS#11 This requires a softhsm with support for RSA_PKCS_PSS mechanism. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 24 16:05:36 2017 +0200 gnutls_pubkey_verify*: use common function to set RSA-PSS parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 24 11:21:34 2017 +0200 pkcs11: added support for signatures with RSA-PSS Relates #209 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 25 10:16:40 2017 +0200 gnutls_pk_params_st: renamed sign field to spki The name "sign" was ambiguous with regard to its intented use, as it could refer to digital signature parameters which was not exactly the case. That field contains parameters present in the subject public key info (SPKI), which could be used in a digital signature, but not necessarily. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 24 10:12:54 2017 +0200 Clarified the purpose of the spki params related functions _gnutls_privkey_get_sign_params was renamed to _gnutls_privkey_get_spki_params, _gnutls_privkey_update_sign_params to _gnutls_privkey_update_spki_params, and the dig entry of gnutls_x509_spki_st was renamed to rsa_pss_dig. The reason is that there could be a confusion on the purpose of the 'dig' entry, as it could be assumed to be the signature's hash algorithm in the general case. That could not be because the SPKI parameters do not contain it for any other algorithm than RSA-PSS. As such, make a logical separation from SPKI reading functions with the signature reading functions and try to use the gnutls_sign_entry_st when signature information is required. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 23:56:20 2017 +0200 Pass the signature algorithm lower in the verification stack This will allow enhancing the back-ends (PKCS#11 and ext) for signing with the new signature algorithms like RSA-PSS and Ed25519. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 07:46:11 2017 +0200 fuzz: introduced mem.h with common callbacks for mem access Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Aug 3 07:38:13 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 31 10:50:52 2017 +0200 fuzz: added SRP server and client fuzzers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 03:01:08 2017 +0200 fuzz: introduced psk.h common header Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 02:48:11 2017 +0200 fuzz: added PSK server fuzzer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 02:30:43 2017 +0200 fuzz: added PSK client fuzzer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 02:12:19 2017 +0200 gnutls-cli: introduced options to save client and server traces This allows to easier obtain traces for use in fuzzers. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 01:45:22 2017 +0200 fuzz: ported libidn2's main.c taking advantage of afl-clang-fast Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jul 30 01:55:43 2017 +0200 gnutls_system_recv_timeout: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 2 20:52:57 2017 +0200 tlsfuzzer: enabled EC tests for x25519 That includes tests for default curve. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 15:18:38 2017 +0200 tlsfuzzer: enabled test for ECDHE without the supported groups/EC extension Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 2 17:25:17 2017 +0200 Set a default supported curve RFC4492 and draft-ietf-tls-rfc4492bis-17 mention: "A client that proposes ECC cipher suites may choose not to include these extensions. In this case, the server is free to choose any one of the elliptic curves or point formats listed in Section 5." As such, we set a default curve to be used in the case the server encounters a handshake with no supported groups/curves extension. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 2 12:58:48 2017 +0200 tlsfuzzer: removed duplicate tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 2 12:55:24 2017 +0200 tlsfuzzer: fixed comment fields Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 08:02:56 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 24 08:39:00 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 08:13:00 2017 +0200 gnutls-cli: use FFDHE3072 parameters for benchmarking Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Aug 1 10:21:37 2017 +0200 _gnutls_figure_dh_params: do not use have_ffdhe flag This flag is intended to indicate whether the peer has advertized at least one FFDHE group, and not whether we have negotiated FFDHE. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 10 12:23:55 2017 +0200 tests: added unit test for group listings in priority structure Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 10 12:05:01 2017 +0200 tests: updated cipher-listings.sh for the new groups listing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 10 11:46:03 2017 +0200 doc: documented the use of RFC7919 and groups Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 3 10:44:14 2017 +0200 tlsfuzzer: enabled RFC7919 FFDHE tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 3 09:09:27 2017 +0200 tests: enhanced server key exchange tests with explicit DH param setting That is, not only check the DH parameter setting using the known_dh_params() functions, but also with the explicit setting --set_server_dh_params(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 30 16:17:12 2017 +0200 tests: updated for post-RFC7919 behavior of library That is, it is no longer necessary to set DH parameters on a credentials structure, and thus previously expected to fail connections may succeed even without DH parameters. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 30 15:54:27 2017 +0200 tests: added RFC7919 FFDHE unit tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 30 15:37:00 2017 +0200 cli,serv: do not print any information on compression Compression is always NULL. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 30 15:32:58 2017 +0200 cli,serv: no longer print parameters when FFDHE groups are used The negotiated RFC7919 group is now printed as part of the Description string, and there is no reason to print more information on parameters defined by the protocol. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 10 11:57:51 2017 +0200 gnutls-cli: print the supported groups instead of curves Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 10 12:02:13 2017 +0200 gnutls_priority_ecc_curve_list: avoid including groups into elliptic curves list This provides a mostly-compatible behavior of gnutls_priority_ecc_curve_list() in order to avoid keeping additional information for elliptic curves in the priority cache. This approach will always return the supported curves, if the set groups are prioritized with the elliptic curve variants set first. This is the default in the built-in priorities, and to most common setups. Items which are non-valid curves will not be returned. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Aug 2 08:42:37 2017 +0200 handshake: moved group negotiation after ciphersuite selection This allows to cope with situations where the peer prioritizes a supported group which doesn't map to a supported ciphersuite. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 14 10:35:58 2017 +0200 security_parameters: ease access to group information by keeping pointer to it Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 14 10:15:23 2017 +0200 security_parameters: simplified contents by keeping pointer to cipher_suite_entry_st That, in addition to simplifying the contents, it allows faster access to ciphersuite's properties. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 27 15:36:04 2017 +0200 TLS: introduced support for RFC7919 groups That replaces the EC curve extension negotiation with the negotiated groups extensions, introduces handling for groups as priority strings, as well as using and checking of RFC7919 DH parameters once negotiated. Resolves: #37 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 16:03:35 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 14:21:32 2017 +0200 gnutls-cli: use gnutls_priority_set Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 14:20:26 2017 +0200 tests: modified gnutls_priority_set2() tests for gnutls_priority_set() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 12:09:49 2017 +0200 gnutls_priority_set: use reference counting That eliminates the need for gnutls_priority_set2() which is now removed. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 11:43:27 2017 +0200 Introduced atomic.h to simplify handling of atomic integers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 11:22:31 2017 +0200 Revert "Documented use gnutls_priority_set2()." This reverts commit b4aed16ee30f76211c13b075149bb87c012f9bf6. Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 10:54:13 2017 +0200 tlsfuzzer: enabled test-ecdsa-sig-flexibility.py Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 21 10:05:44 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 14:48:33 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 14:43:20 2017 +0200 algorithms/mac: marked RIPEMD160 as insecure for certificates This is an algorithm which is not really used in Internet PKI and due to that has seen no public cryptanalysis. As such we disable it for certificate verification to prevent it from being used as an attack vector. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 13:26:46 2017 +0200 tests: partially reverted SHA1 broken tests SHA1 is now considered broken only for certificates, hence OCSP or raw signing tests no longer need to use GNUTLS_VERIFY_ALLOW_BROKEN in the cases where certificate verification is not performed. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 13:18:10 2017 +0200 x509/verify: reject SHA1 in signature algorithms for certificate verification That is, we now use gnutls_sign_is_secure2() with GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS flag for checking the validity of the signature algorithm, when verifying signatures in certificates. Resolves #229 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 13:16:07 2017 +0200 tests: added unit tests for gnutls_sign_is_secure2() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 12:41:47 2017 +0200 gnutls_sign_is_secure2: introduced This function exports the ability to check the validity of a signature algorithm for signing certificates. That also introduces the flag GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS which when specified will cause the function to return whether the algorithm is secure for signing certificates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 12:40:34 2017 +0200 _gnutls_digest_is_secure_for_certs: introduced This is a macro to allow checking the security of a hash algorithm with respect to signing certificates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 12:17:40 2017 +0200 mac: re-organized the hash algorithms table Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 16:28:15 2017 +0200 tests: added reproducer with ed25519 private key Found with oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 16:43:18 2017 +0200 Ensure that public key parameters are initialized on import Previously we depended on initialization during the _init() call, however, there can be cases where this re-initialization is needed (e.g., on multiple tries to load a key). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 16:49:11 2017 +0200 _decode_pkcs8_eddsa_key: ensure that the key size read matches the curve size That is, in the newly introduced ed25519 keys we didn't check whether the input size in the PKCS#8 file matched the curve size. Found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 16:40:11 2017 +0200 tlsfuzzer: enabled SNI and other tests from master Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 20 08:22:10 2017 +0200 tests: updated to reflect the fact that invalid dns names are rejected Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 16:32:07 2017 +0200 server_name: several simplifications of the code base The existing code was written with the intention of supporting multiple server names, however that was never happened, and this extension is currently only used for DNS server names. Remove unneeded extensibility. In addition, removed conversion of client provided server name (DNS) to IDNA. Clients not providing valid names are violating the spec and that conversion step not only wastes resources, but increases the attack surface of a server. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 16:11:05 2017 +0200 server_name: be strict in decoding errors That is, return error when a malformed extension is seen. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 11:23:11 2017 +0200 tlsfuzzer: enabled RSA-PSS checks on certificate verify Relates: #208 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 11:16:09 2017 +0200 tlsfuzzer: enabled test-extended-master-secret-extension.py That allows testing the extended master secret behavior. Resolves: #231 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 10:59:23 2017 +0200 ext_master_secret: return proper error code on decoding error Proper meaning that it maps to the alert 'decode error' rather than illegal parameter. According to tlsfuzzer the former is more suitable. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 18 08:07:24 2017 +0200 gnutls-cli: re-use priorities for both client and server on benchmarks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 19:14:33 2017 +0200 gnutls-cli: re-use priorities when measuring performance This avoids measuring cache misses due to priority processing time. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 14:06:50 2017 +0200 tests: enhanced SSL3.0 openssl detection in testcompat-openssl That disables SSL 3.0 testing in openssl versions which cannot negotiated it (see https://bugzilla.redhat.com/show_bug.cgi?id=1471783 for rationale) and corrects a typo in the variable name and printed message. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 11:57:41 2017 +0200 .gitlab-ci.yml: document that the x86 build is our openssl 1.0.x compat testing as well Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 11:08:07 2017 +0200 tests: disable ARCFOUR interop tests if openssl doesn't support the cipher Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 08:32:08 2017 +0200 tests: testcompat-openssl: 3DES is explicitly enabled for SSL 3.0 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 15 18:06:01 2017 +0200 Use gcc's attribute to mark fallthrough statements gcc7 is more verbose on fallthrough warnings, and this patch set cleans up the current state by making use of the attribute when necessary. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 15 18:09:18 2017 +0200 configure: do not utilize the -Wno-format-truncation gcc warning The warnings it produces have little value in our use of string functions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 15 17:43:09 2017 +0200 .gitlab-ci.yml: switched to fedora 26 for CI builds Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 15:17:08 2017 +0200 tests: introduced tests on public key import-export Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 09:31:10 2017 +0200 tests: added sign/verification test using rfc8080 keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 10:20:41 2017 +0200 tests: verify that a server with an ed25519 key will fail when client does not advertise it Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 09:11:59 2017 +0200 tests: privkey-keygen: added unit test for Ed25519 keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 17 09:06:52 2017 +0200 privkey_sign_and_hash_data: in pre-hashed schemes, allow empty hash algorithm In these schemes the hash algorithm is fixed in the signature algorithm and thus the empty (unknown) value will act as a wildcard. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 15 20:10:24 2017 +0200 tests: added private key parameter verification in key-import-export checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 15 20:03:21 2017 +0200 nettle: wrap_nettle_pk_verify_priv_params: verify whether public key matches private This enables gnutls_privkey_verify_params() for Ed25519 keys. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 14 20:52:49 2017 +0200 CONTRIBUTING.md: specified rules on boolean functions Based on suggestion by Hubert Kario. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 14 14:08:20 2017 +0200 priority: enabled Ed25519 signature by default As our implementation interoperates with boringssl's implementation of Ed25519, we can now enable it. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 10:45:49 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 7 09:50:29 2017 +0200 handshake: return better error code on unwanted algorithm That is, when a signature algorithm is available which was not asked by the peer, then return GNUTLS_E_UNWANTED_ALGORITHM instead of the UNKNOWN_ALGORITHM. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 7 10:05:50 2017 +0200 tests: added check on Ed25519 chain verification This chain was generated using certtool, and passed verification with OpenSSL's implementation (commit: db0f35dda18403accabe98e7780f3dfc516f49de) Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 11:34:49 2017 +0200 gnutls-cli: added RSA-PSS signatures in benchmark Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 11:47:48 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 11:47:09 2017 +0200 privkey_sign_and_hash_data: added sanity check on param validity Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 10:42:58 2017 +0200 gnutls-cli: added benchmark on X25519-Ed25519 key exchange Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 09:42:22 2017 +0200 tests: pkcs7: added ed25519 basic signing and verification checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 09:23:53 2017 +0200 privkey_sign_and_hash_data: handle prehashed signatures This allows this function to handle ed25519, i.e., allows it to operate for PKCS#7 signatures. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 09:21:48 2017 +0200 pkcs7: improved syntax in if-clause Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 10:14:43 2017 +0200 tests: enhanced OID tests for Ed25519 OIDs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 2 11:27:34 2017 +0200 tests: key-import-export: added Ed25519 key import/export checks Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 2 09:52:51 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 2 09:44:52 2017 +0200 tests: replaced rsa-pss/eddsa certtool options with --key-type Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 2 09:41:56 2017 +0200 certtool: introduced the --key-type option This replaces the --rsa-pss and --eddsa options. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 13:02:06 2017 +0200 Renamed GNUTLS_PK_ECDHX to GNUTLS_PK_ECDH_X25519 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 12:53:40 2017 +0200 tests: parse and interpret an EdDSA public key Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 16:23:10 2017 +0200 tests: added TLS handshake test with EdDSA25519 certificates Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 16:22:27 2017 +0200 Allowed Ed25519 signing in TLS handshakes This follows draft-ietf-tls-rfc4492bis-17 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 15:23:21 2017 +0200 tests: added tests on EdDSA signature validation using the sign/verify_data APIs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 17:26:34 2017 +0200 tests: Added unit test on EdDSA key parsing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 12:52:12 2017 +0200 tests: added Ed25519 key and certificate generation tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 15:20:38 2017 +0200 Added support for EdDSA (Ed25519) curve keys This adds support for draft-ietf-curdle-pkix-04. Resolves #25 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 15 18:52:33 2017 +0200 parse_pem_cert_mem: fixed issue resulting to accessing past the input data Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 15 17:54:01 2017 +0200 supported_exts.h: make sure that the generated function is static That avoids compiler warnings due to missing prototype. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 14 15:12:11 2017 +0200 tlsfuzzer: enabled chacha20 tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 14:50:55 2017 +0200 updated tlsfuzzer That fixes issue detecting connection termination from gnutls-serv in chacha20 test. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 15:54:38 2017 +0200 tests: csr-invalid.der: modify the SPKI OID to use SECP384R1 That avoids false positives in error detection in 'crq' test due to SECP224R1 not being supported in our CI platforms. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 16:04:49 2017 +0200 x509/output: do not attempt to print the key ID on unknown SPKI algorithms On unknown algorithms, it is not always possible to parse the SPKI field. Instead avoid printing errors. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 15:24:23 2017 +0200 .gitlab-ci.yml: corrected location of artifacts in aarch64 build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 12 13:44:24 2017 +0200 tests: certtool-rsa-pss: use unique temp files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 10:28:16 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 15:18:20 2017 +0200 _gnutls_buffer_append_data_prefix: cleanup This eliminates a misleading code that assumed that the called functions will return the appended size. Always return zero on success which is what the existing callers assume. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 10:30:56 2017 +0200 .gitlab-ci.yml: removed unnecessary options from minimal build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 3 09:52:21 2017 +0200 pubkey: print the failed signature algorithm when verification fails Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 3 09:58:35 2017 +0200 gnutls-cli: added option to allow verification with broken algorithms Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 3 10:06:22 2017 +0200 tls sessions will not fail of insecure algorithms which are explicitly enabled That is, if DSA-SHA1 is allowed, do not propagate errors from gnutls_pubkey_verify_data2() due to SHA1 considered insecure, but rather ignore such errors. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 14:37:00 2017 +0200 tests: mini-record-2: made more robust It will no longer close the session prior to peer processing all messages. This prevents the peer stopping processing prior to all messages being received. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 14:22:33 2017 +0200 tests: mini-record: made more robust It will no longer use a stream socket as this can does not work well with damaged records (they may end up merged). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jul 13 13:21:29 2017 +0200 record: reject 0-byte long ciphertext Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 10:18:56 2017 +0200 record: added sanity checking in the record layer version copy Previously we assumed that an active session had always a version set, however there have been reports of evolution crashing in that particular point. Although, this could have been due to memory corruption, be careful and check for invalid input. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 3 11:51:20 2017 +0200 record: more precise calculation of max recv size Previously we were using a rough calculation of the max recv size based on maximum values. Now we calculate the exact maximum value once the epoch is initialized and enforce it throughout the session. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 14 15:33:01 2017 +0200 decryption: use the same error code on all cases This eases testing using tlsfuzzer. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 3 11:08:49 2017 +0200 gnutls-serv: allow receiving requests up to 16kb This makes gnutls-serv useful for few tlsfuzzer test cases. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 3 11:19:44 2017 +0200 max_record_recv_size: removed call to gnutls_compression_get() We no longer support compression. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 09:10:39 2017 +0200 Print the requested CA names when in debug mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 27 11:00:20 2017 +0200 gnutls-http-serv: do not set the obsolete PGP options Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 11 08:51:07 2017 +0200 doc: updated documentation on client authentication [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jul 10 09:53:55 2017 +0200 doc: explicitly state intended usage of priorities on server-side Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 4 09:26:57 2017 +0200 doc: use the default priorities in server example Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 26 14:04:37 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 26 10:26:03 2017 +0200 tests: added unit tests for gnutls_priority_set*() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 26 10:18:33 2017 +0200 Documented use gnutls_priority_set2(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 26 10:02:22 2017 +0200 priorities: share priority structures across sessions As the contents of the priority cache grows, it makes sense to shared these structures across many sessions (in server side) rather than copying them to a session. All overrides of the priority contents were moved to session->internals. On client side where gnutls_priority_set_direct() is more commonly used, ensure that the set priority is deinitialized. That also introduces gnutls_priority_set2() which does not copy the priority contents by default. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 27 11:19:37 2017 +0200 set_client_ciphersuite: use the new internal APIs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 25 16:06:49 2017 +0200 .gitignore: ignore new tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 25 15:32:52 2017 +0200 tests: added unit testing for server/client cipher negotiation This verifies that the expected algorithm (cipher) is negotiated. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 25 12:03:46 2017 +0200 tests: added unit testing for server ciphersuite/KX negotiation This verifies whether the ciphersuite negotiation will detect and reject incompatible data present in credentials. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 23 14:00:52 2017 +0200 doc: corrected typo Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 23 13:32:09 2017 +0200 Renamed fields of sign_algorithm_st The new names better reflect the reality with signature algorithms in TLS 1.3, and correct the initial naming error. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 23 13:24:48 2017 +0200 handshake: simplified signature algorithm list generation Similarly to ciphersuites, that also utilizes a cache of signature algorithms on the priority structure which is used to quickly generate the signature algorithm list. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 23 11:55:23 2017 +0200 Eliminated access to obsolete priority cache fields Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 23 10:34:11 2017 +0200 handshake: simplified the client-side ciphersuite negotiation This takes advantage of the ciphersuite cache in priorities structure while keeping the same ciphersuite selection checks in place. The previous ciphersuite selection checks kept: * Removing SRP ciphersuites when no SRP credentials are set * Removing ciphersuites when no corresponding to KX credentials were set * SCSV addition in SSL 3.0 and fallback SCSV Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 21 11:54:39 2017 +0200 handshake: simplified the server-side ciphersuite negotiation This eliminates all the back and forth loops in the previous code while keeping the same ciphersuite selection checks in place. The ciphersuite selection tests that were kept: * Check if key exchange supports the server public key and key usage flags * Check if DH or other parameters required for the ciphersuite are present * Find appropriate certificate for the credentials and ciphersuite * Check whether a curve is negotiated for the ECDH ciphersuites Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 21 10:25:32 2017 +0200 priority: include a cache of supported ciphersuites Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 21 09:31:31 2017 +0200 removed unused cipher-suite and KX related functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 21 09:17:57 2017 +0200 algorithm/kx: sorted key exchange algorithms based on current trends That optimizes linear search for the common options. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 23 11:07:11 2017 +0200 Removed unused functions These were identified using callcatcher. http://www.skynet.ie/~caolan/Packages/callcatcher.html Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 7 15:43:25 2017 +0200 fuzz: added make update command [ci skip] This allows updating the fuzzer corpus from openssl using a single command. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 7 15:11:13 2017 +0200 fuzz: added corpora from openssl [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 7 14:59:52 2017 +0200 fuzz: undid changes related to boringssl server/client corpus format [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 7 14:58:34 2017 +0200 fuzz: included verbatim corpus from boringssl Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 7 12:22:23 2017 +0200 fuzz: gnutls-client-fuzzer: read directly from memory [ci skip] Also updated to read the prefixed boringssl corpus files. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jul 7 11:45:05 2017 +0200 fuzz: gnutls-server-fuzzer: read directly from memory [ci skip] Also updated to read the prefixed boring ssl corpus files. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 5 20:14:54 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 1 18:00:45 2017 +0200 priority_options.gperf: modified for gperf 3.1 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 4 16:12:26 2017 +0200 tlsfuzzer: enabled ALPN tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jul 5 21:44:19 2017 +0200 updated tlsfuzzer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 4 16:15:08 2017 +0200 ext/alpn: added stricter checks on field lengths That is, no longer tolerate empty fields, and error on invalid lengths. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 4 15:35:25 2017 +0200 gnutls-serv: added the --alpn and --alpn-fatal options This allows specifying ALPN protocols supported by server, allowing to test the ALPN negotiation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jul 4 11:42:59 2017 +0200 fuzz: updated server with multiple keys (ECDSA, RSA) and DH parameters [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jul 1 10:50:57 2017 +0200 OCSP: find_signercert: improved DER length calculation Previously we were assuming a fixed amount of length bytes which is not correct for all possible lengths. Use libtasn1 to decode the length field. Resolves: #223 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 30 10:04:01 2017 +0200 OCSP: check the subject public key identifier field to figure issuer Normally when attempting to match the 'Responder Key ID' in an OCSP response against the issuer certificate we check (according to RFC6960) against the hash of the SPKI field. However, in few certificates (see commit: "added ECDSA OCSP response verification"), that may not be the case. In that certificate, that value matches the Subject Public Key identifier field but not the hash. To account for these certificates, we enhance the matching to also consider the Subject Public Key identifier field. Relates: #223 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 30 09:33:08 2017 +0200 OCSP: added more verbose debug logging on verification Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 29 21:17:34 2017 +0200 tests: added ECDSA OCSP response verification Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 30 10:43:20 2017 +0200 .travis.yml: do not fail on brew install failures brew install seems to fail on several occasions when a newer package is available than the installed. Ignore those errors rather than failing build. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 29 14:34:20 2017 +0200 tests: added check on saving certs and OCSP responses Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 29 14:28:29 2017 +0200 gnutls-cli: save OCSP response at the time certificate is saved That ensures that we always save the OCSP response, even when certificate verification fails. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 14:26:07 2017 +0200 moved compression-related APIs to compat.h Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 08:56:09 2017 +0200 doc: removed any references to compression and documented change Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 16:20:25 2017 +0200 tests: removed tests related to zlib support Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 15:58:35 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 15:36:18 2017 +0200 Removed support for compression mechanisms They are not required for TLS 1.3, and are deprecated for TLS 1.2. We eliminate them in order to reduce the complexity in the record packet handling. Resolves #212 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 20 13:59:54 2017 +0200 gnutls-cli: be less verbose in OCSP error messages Previously we were reporting "No issuer found" if any certificate in a chain could not be verified. That was confusing information and not strictly necessary. No longer print that. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 20 13:57:15 2017 +0200 gnutls-cli: improved error message of OCSP failure Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 20 09:12:39 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 20:50:22 2017 +0200 tests: ocsptool: added test of --verify-response with --load-chain This utilizes the provided chain to find the signer of the OCSP response. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 20 09:09:41 2017 +0200 ocsp: print response's signature algorithm in compact listing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 20 09:06:01 2017 +0200 ocsptool: verify_response will print information on the response Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 20 08:59:45 2017 +0200 ocsptool: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 20 08:31:41 2017 +0200 ocsptool: allow combining --load-trust with --verify-response Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 20:58:21 2017 +0200 ocsptool: --load-chain will sort the input chain Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 20:50:22 2017 +0200 ocsptool: introduced --verify-allow-broken option This allows verification to succeed even when broken algorithms are involved. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 20:47:10 2017 +0200 ocsptool: the --verify-response can be combined with --load-chain Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 20:27:24 2017 +0200 gnutls_certificate_verification_status_print: mention OCSP in error messages Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 14:36:43 2017 +0200 ocsptool: added --load-chain option This option allows to directly verify all the members of a certificate chain. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 19 08:20:47 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 18 17:35:06 2017 +0200 tests: enabled X25519 interop tests with openssl 1.1.0 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 18 14:35:57 2017 +0200 NORMAL priority: no longer enable the smaller curves by default They are not widely enabled by web servers, and they provide no advantage over X25519. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 18 14:35:33 2017 +0200 NORMAL priority: enable X25519 curve Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 17 14:22:02 2017 +0200 pkcs11: cleanups in pkcs11_login() Use pkcs11_rv_to_err() to return the right error code map after PKCS#11 calls; separate checks for already log in status for SO and user login. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jun 17 14:07:50 2017 +0200 tests: pkcs11-mock: reset state when requesting reauth That is, for the MOCK_FLAG_SAFENET_ALWAYS_AUTH flag we ensure that GetSessionInfo() will return the right state when authentication is required for the first time. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 22:04:49 2017 +0200 pkcs11: improved handling of HSMs without CKU_CONTEXT_SPECIFIC support That is, when the HSM returns CKR_USER_NOT_LOGGED_IN, switch to CKU_USER, instead of relying to a fallback within pkcs11_login(). That simplifies login logic. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun May 28 11:07:50 2017 +0200 tests: added unit test for safenet protectserver HSM's PKCS#11 support That is, detect whether the absence of C_Login will fallback to CKU_USER after CKU_CONTEXT_SPECIFIC is tried. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 11:26:19 2017 +0200 pkcs11: simplified pkcs11_login() By cleanups, as well as including the reauth flag in the flags option. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 11:11:24 2017 +0200 pkcs11: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag a login will be forced. This allows operation on the safenet HSMs which do not set that flag. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 27 07:24:36 2017 +0200 Handle specially safenet HSMs which cannot handle CKU_CONTEXT_SPECIFIC These HSMs do not support CKA_ALWAYS_AUTHENTICATE, nor understand CKU_CONTEXT_SPECIFIC, but rather return CKR_USER_NOT_LOGGED_IN on the first private key operation. Try to discover that state by calling C_Login when CKR_USER_NOT_LOGGED_IN is seen, and retrying with CKU_USER after CKU_CONTEXT_SPECIFIC login fails. See discussion in https://github.com/OpenSC/libp11/issues/160 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 12:06:36 2017 +0200 Added documentation to legacy openpgp functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 10:58:23 2017 +0200 Removed unnecessary certificate type functionality Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 10:23:19 2017 +0200 NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 10:21:52 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 10:21:10 2017 +0200 doc: removed references to openpgp Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 10:14:58 2017 +0200 po: removed openpgp/output.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 09:55:44 2017 +0200 guile: removed openpgp related tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 09:30:41 2017 +0200 fuzz: removed the openpgp certificate fuzzer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 09:03:05 2017 +0200 tools: removed options for openpgp support Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 08:50:32 2017 +0200 Removed support for openpgp certificates and keys Resolves #178 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 16 08:38:42 2017 +0200 tests: removed openpgp related tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 7 11:58:25 2017 +0200 tests: added reproducer for assertion trigger This relates to handshakes with support for RSA-PSS. Found with oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132 Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu Jun 8 15:42:30 2017 +0200 nettle: ported fix for assertion failure in pss_verify_mgf1 Backport the upstream fix from: https://git.lysator.liu.se/nettle/nettle/commit/b1252fedf6ee1dbb8468d1d3f177711a16e83e52 Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Thu Jun 8 17:33:21 2017 +0200 .gitlab-ci.yml: keep logs of tests in abi build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 15 13:41:36 2017 +0200 doc: simplified the default client example Removed optional paths. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 15 13:20:51 2017 +0200 tests: added reproducer for OCSP response found test cases Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 15 13:14:23 2017 +0200 fuzz: documented location for OCSP-related reproducers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 15 12:43:48 2017 +0200 ocsp: added sanity check in returned length This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1492 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 15 10:37:53 2017 +0200 doc: added/modernized text on AEAD ciphers [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 15 09:09:20 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 15 09:06:49 2017 +0200 tests: improved duplicate extension test Instead of sending two duplicate extensions of which one is invalid, send two valid ones instead. That way, we avoid the possibility of false positives due to the validation code of the extension contents. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 14 14:15:08 2017 +0200 tests: verify that duplicate extensions are rejected Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 14 13:09:44 2017 +0200 TLS extensions: added duplicate extension check on server side Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 14 11:15:54 2017 +0200 gnutls_init: better naming for internal function Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 13 08:08:56 2017 +0200 tests: added unit test for overriding TLS extensions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 14 11:11:34 2017 +0200 TLS extensions: mark each extension which cannot be overriden Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 14 11:02:49 2017 +0200 TLS extensions: combined the extension data and resumed data structures Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 12 17:31:19 2017 +0200 removed type extension_priv_data_t Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 13 08:02:04 2017 +0200 gnutls_int.h: groupped extension structures together Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 12 14:19:23 2017 +0200 TLS extensions: several simplifications This allows extensions set by the application to override some of the internal ones. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 14 15:53:13 2017 +0200 .gitlab-ci.yml: FreeBSD system is no longer available; disabling for CI [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 12 10:26:13 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 9 18:53:48 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 9 16:37:48 2017 +0200 doc: added reference to privkey export functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 9 18:29:18 2017 +0200 tests: added basic unit tests for the export_*_raw2() functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 9 18:17:34 2017 +0200 corrected typo in x962 functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 9 16:21:31 2017 +0200 pkcs11: do not set leading zeros on integers PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. Resolves: #215 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 9 16:20:05 2017 +0200 Introduced functions to export integers with no leading zero That is introduced the flag GNUTLS_EXPORT_FLAG_NO_LZ and: * gnutls_pubkey_export_rsa_raw2 * gnutls_pubkey_export_dsa_raw2 * gnutls_pubkey_export_ecc_raw2 * gnutls_privkey_export_rsa_raw2 * gnutls_privkey_export_dsa_raw2 * gnutls_privkey_export_ecc_raw2 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 8 15:03:17 2017 +0200 nettle: use older GMP macros for mpz_mod_2exp and mpz_div_2exp These ensure that compilation will succeed even when building with gmp-mini. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 8 13:15:00 2017 +0200 _gnutls_ucs2_to_utf8: use void* as pointer type to avoid compiler assumptions on alignment [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 8 13:06:19 2017 +0200 ciphersuites: removed unused function Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 8 13:00:25 2017 +0200 nettle/cipher: document that ctx_ptr is 16-byte aligned, and use void* to avoid compiler assumptions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 8 12:53:44 2017 +0200 certtool: corrected typo in strcmp() use Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 8 11:15:02 2017 +0200 _gnutls_x509_privkey_reinit: ensure fields will not be re-used Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jun 8 09:25:32 2017 +0200 certtool: improved error message when public key cannot be figured [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 16:05:37 2017 +0200 updated auto-generated files for new signing API Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 16:00:41 2017 +0200 handshake: simplify handshake by using the new signing API Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 13:38:05 2017 +0200 tests: introduced unit tests of the new signing API Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 15:39:52 2017 +0200 abstract API: introduced new signing functions That is, the gnutls_privkey_sign_data2() and gnutls_privkey_sign_hash2(). The new functions perform signing with input the signature algorithm instead of the hash algorithm; that allows to use algorithms where the hash algorithm is not used, or the public key algorithm may be different than the key's. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jun 7 11:18:07 2017 +0200 pkix: removed unused definition Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 16:04:53 2017 +0200 gnutls_privkey_st: removed unused element Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 10:34:33 2017 +0200 gnutls_session_get_desc: improved ciphersuite description That is, separated the key exchange from the signature algorithm used by the server, and list them in different fields. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 2 11:16:45 2017 +0200 tests: key-import-export: use cert-common.h Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jun 2 17:04:45 2017 +0200 tests: simplified CPPFLAGS of tests using internal gnutls funcs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 12:54:24 2017 +0200 tests: key-exchange: added error checking in gnutls_certificate_set_x509_key_mem Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 10:58:33 2017 +0200 _gnutls_check_key_cert_match: account for RSA and RSA-PSS mismatches Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jun 6 09:49:09 2017 +0200 certtool: fix DER export with --p7-info Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 13:21:38 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 10:01:07 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 09:59:49 2017 +0200 psktool: minor documentation updates Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 09:52:53 2017 +0200 tests: added basic functionality check for psktool Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 09:50:07 2017 +0200 psktool: increased default key size to 256-bits Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 09:39:49 2017 +0200 psktool: do not assume any default key file Signed-off-by: Nikos Mavrogiannopoulos Author: Daniel Kahn Gillmor Date: Wed May 31 12:58:58 2017 -0400 clarify documentation and arguments for psktool * psktool's -p argument should really be short for --pskfile, not --passwd. there is no passwd involved. * the example documentation switches names halfway through, which is confusing. * there is no prompt for a password. do not mention it in the example. Author: Nikos Mavrogiannopoulos Date: Mon May 29 09:22:44 2017 +0200 tests: added unit test to verify that certificates with non-DER strict time fields are accepted Also removed the old strict compliance DER test. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 09:15:27 2017 +0200 Tolerate DER time encoding errors It seems that openssl generated certificates may contain invalid formatted times, and gnutls will no longer parse them. Ignore such formatting errors when DER decoding. We should reconsider this in the future (#207) Resolves #196 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 10:24:04 2017 +0200 tests: enhanced OID tests with OIDs for SHA3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jun 5 10:21:54 2017 +0200 tests: enhanced OID tests with OIDs for RSA-PSS Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jun 4 13:56:04 2017 +0200 .gitlab-ci.yml: added aarch64 build based on Debian Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 31 14:55:19 2017 +0200 _gnutls_PRF: was made inline function Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 31 14:29:10 2017 +0200 tests: added low-level unit tests on TLS 1.0 and 1.2 PRFs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 31 13:52:03 2017 +0200 prf: implement the TLS 1.0 and 1.2 PRFs using nettle That simplifies the existing PRF code and moves it in the crypto-backend component. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 31 12:00:26 2017 +0200 doc: refer to the site for commercial support options Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 31 11:29:08 2017 +0200 tests: mini-record-retvals: include AES-CBC tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 31 11:36:30 2017 +0200 tests: eliminated build warnings Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 31 08:55:54 2017 +0200 tests: combined tables of sign-verify tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 19:54:48 2017 +0200 Only accept known public key algorithms in the GNUTLS_PRIVKEY_EXT private keys The reason is that this API, assumes very low level primitives which are not available for the newer RSA-PSS private keys. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 19:42:36 2017 +0200 _gnutls_privkey_*_sign_params: added support for GNUTLS_PRIVKEY_EXT keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 19:25:11 2017 +0200 tests: added basic test on "external" keys with gnutls_privkey_import_ext2() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 16:53:14 2017 +0200 gnutls_x509_privkey_sign_data: wrap over gnutls_privkey_sign_data() That will allow this function to operate with the new key types. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 16:43:28 2017 +0200 tests: added unit tests for the gnutls_x509_* sign/verify APIs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 15:23:21 2017 +0200 tests: added tests signature validation using the sign/verify_data APIs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 16:24:05 2017 +0200 Separated use of GNUTLS_PRIVKEY_FLAG_PROVABLE and GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE For simplicity, rename GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE to GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 16:19:25 2017 +0200 _gnutls_privkey_find_sign_params: renamed and simplified Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 15:40:40 2017 +0200 gnutls_privkey_sign_hash: removed duplicate code The same code was available in _gnutls_privkey_find_sign_params(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 10:47:12 2017 +0200 GNUTLS_E_INSUFFICIENT_SECURITY: moved to fatal errors Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 16:22:27 2017 +0200 tls-sig: re-organize and simplify the TLS signature generation and verification That makes sure that the high level APIs are used when possible, and separate the TLS 1.2 from other code paths. This will allow supporting signature schemes like EdDSA and others. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 10:59:53 2017 +0200 tests: modify tests to allow signatures with SHA1 There were several tests that were utilizing SHA1 signatures but were not failing due to the bug in gnutls_pubkey_verify_hash2(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 31 10:12:31 2017 +0200 gnutls_pubkey_verify_hash2: do not allow GNUTLS_VERIFY_USE_TLS1_RSA with non-RSA keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 10:42:27 2017 +0200 gnutls_pubkey_verify_hash2: check for broken signature algorithms Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 10:13:16 2017 +0200 gnutls_pubkey_verify_data2: do not utilize GNUTLS_VERIFY_USE_RSA_PSS This flag is not required for verification since the signature algorithm is sufficient to detect RSA-PSS without requiring any flags. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 30 10:36:59 2017 +0200 tests: do not utilize GNUTLS_VERIFY_USE_RSA_PSS Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 08:55:47 2017 +0200 certtool: do not ask for password when exporting to PKCS#8 implicitly Previously --generate-privkey wouldn't ask for password unless --pkcs8 was explicitly given. Keep that behavior, and do not ask for any password even if we need to export to PKCS#8 for some key types. Always require the --pkcs8 option to encrypt with password. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 08:43:14 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 08:37:03 2017 +0200 doc: mention RSA-PSS-SHA* signature algorithms Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 08:33:44 2017 +0200 certtool: replaced rsa-pss-sign with sign-params option This option could accomodate future enhancements/additions in certificate signining. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 29 08:26:41 2017 +0200 certtool: better documentation on rsa-pss-sign Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 13:30:18 2017 +0200 replaced MAX_SIGNATURE_ALGORITHMS macro with MAX_ALGOS Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 13:19:08 2017 +0200 tests: added unit test for gnutls_sign_supports_pk_algorithm() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 10:44:41 2017 +0200 tls-fuzzer: ignore the incomplete RSA-PSS tests These tests fail because tls-fuzzer currently does not properly implement RSA-PSS. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 10:06:34 2017 +0200 tests: verify that generated RSA-PSS keys can be read with certtool -k Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 10:01:04 2017 +0200 certtool: use PKCS#8 format for generated RSA-PSS keys An RSA-PSS key has additional parameters which cannot be stored in the "standard" PKCS#1 format. For that when asked to generate an RSA-PSS key, we export to the PKCS#8 form. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 09:52:33 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 08:57:11 2017 +0200 tests: x509sign-verify: include ECDSA and RSA-PSS key tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 08:22:07 2017 +0200 tlsfuzzer: the test-certificate-verify-malformed check now passes Previously it was expecting a different alert code than gnutls returned. Now gnutls returns the expected alert code (GNUTLS_A_DECRYPT_ERROR) on malformed signatures. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 16:35:18 2017 +0200 alert: map GNUTLS_E_PK_SIG_VERIFY_FAILED to GNUTLS_A_DECRYPT_ERROR This makes server respond with GNUTLS_A_DECRYPT_ERROR on malformed signatures, which is the expected behavior. Hinted by Hubert Kario. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 16:18:25 2017 +0200 Increased the maximum number of signature algorithms That allows including all the existing signatures including DSA. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 14:30:17 2017 +0200 x509sign-verify: corrected test to perform RSA tests on RSA keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 14:01:53 2017 +0200 tests: added tests for RSA-PSS key exchange under TLS 1.2 That includes tests with RSA and RSA-PSS server and client certificates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 14:53:43 2017 +0200 publickey: map RSA ciphersuites to GNUTLS_PK_RSA_PSS That is in addition to GNUTLS_PK_RSA Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Wed Nov 30 06:40:39 2016 +0300 Rework KX -> PK mappings GOST VKO and PSS keys would support several public keys, so change the previous 1:1 kx->pk mapping into 1:many. Signed-off-by: Dmitry Eremin-Solenikov Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 12:45:08 2017 +0200 tests: added TLS 1.2 tests with RSA-PSS signatures on RSA certificates Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 11:50:38 2017 +0200 gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag That is, the privkey_sign_hash() function was made static (no users other than the same file), and gnutls_privkey_sign_hash will take into account the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, if specified. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 11:33:49 2017 +0200 tls-sig: sign with RSA-PSS when requested by negotiated signature algorithm That is, when signing a TLS message, take into account the negotiated signature algorithm, in addition to the hash algorithm to decide which flags to pass to gnutls_privkey_sign_hash(). This allows signing the handshake messages with RSA-PSS even when an RSA key is present. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 11:19:12 2017 +0200 priority: enabled RSA-PSS signatures by default They are prioritized low on the list to reduce compatibility issues in case they are wrongly implemented in gnutls or in the peer implementation. To be revised when more elaborate compatibility tests are made. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 11:13:23 2017 +0200 ext/signature: accept compatible algorithms with PK That is instead of using a 1-1 mapping of signature algorithms to public key algorithms, use gnutls_sign_supports_pk_algorithm() to determine whether algorithms match. That way we can allow GNUTLS_SIGN_RSA_PSS_SHA256 under GNUTLS_PK_RSA and GNUTLS_PK_RSA_PSS keys. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 11:12:33 2017 +0200 gnutls_pubkey_verify_hash2: corrected operation with RSA-PSS keys That is, do not check the flag GNUTLS_VERIFY_USE_RSA_PSS, as we already have enough information to determine whether an RSA-PSS signature is used (the sign algorithm). Also return the code GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY when a signature algorithm incompatible with the public key is encountered. In addition, fixed few misplacements of GNUTLS_PK_RSA_PSS in switch cases. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 10:48:30 2017 +0200 Introduced gnutls_sign_supports_pk_algorithm() This function allows to test whether a combination of public key algorithm and signature algorithm are supported. This is introduced for RSA-PSS signatures which can be generated by a GNUTLS_PK_RSA key or by a GNUTLS_PK_RSA_PSS key. Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Thu Mar 16 11:38:58 2017 +0100 x509: implement RSA-PSS signature scheme This patch enables RSA-PSS signature scheme in the X.509 functions and certtool. When creating RSA-PSS signature, there are 3 different scenarios: a. both a private key and a certificate are RSA-PSS b. the private key is RSA, while the certificate is RSA-PSS c. both the private key and the certificate are RSA For (a) and (b), the RSA-PSS parameters are read from the certificate. Any conflicts in parameters between the private key and the certificate are reported as an error. For (c), the sign functions, such as gnutls_x509_crt_privkey_sign() or gnutls_privkey_sign_data(), shall be instructed to generate an RSA-PSS signature. This can be done with the new flag GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS. Verification is similar to signing, except for the case (c), use the flag GNUTLS_VERIFY_USE_RSA_PSS instead of GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS. From the command line, certtool has a couple of new options: --rsa-pss and --rsa-pss-sign. The --rsa-pss option indicates that the generated private key or certificate is restricted to RSA-PSS, while the --rsa-pss-sign option indicates that the generated certificate is signed with RSA-PSS. For simplicity, there is no means of choosing arbitrary salt length. When it is not given by a private key or a certificate, it is automatically calculated from the underlying hash algorithm and the RSA modulus bits. [minor naming changes by nmav] Signed-off-by: Daiki Ueno Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 10:19:22 2017 +0200 fuzz: added RSA-PSS certificate Signed-off-by: Nikos Mavrogiannopoulos Author: Daiki Ueno Date: Fri Mar 31 14:36:46 2017 +0200 build: import files from Nettle for RSA-PSS Signed-off-by: Daiki Ueno Author: Nikos Mavrogiannopoulos Date: Sat May 27 07:29:44 2017 +0200 libtasn1: updated to 4.11 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 15:10:17 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 09:39:10 2017 +0200 tests: added unit tests for gnutls_de/encode_rs_value Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 25 08:38:43 2017 +0200 pk: exported gnutls_decode_rs_value() and gnutls_encode_rs_value() These functions allow encoding to and from a Dss-Sig-Value. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 12:43:21 2017 +0200 tests: skip x86-specific tests when not in x86 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 10:56:30 2017 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Fri May 26 10:18:09 2017 +0200 tests: tls-fuzzer: corrected unlocking at tls-fuzzer-cert.sh Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 10:42:28 2017 +0200 examples: made a comment that getpass() output needs to be sanitized Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 26 10:13:05 2017 +0200 certtool: avoid printing legacy options in --help Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 24 17:34:31 2017 +0200 Makefile: improved code coverage extraction from lcov output Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 24 15:48:31 2017 +0200 configure: warn when building as static library [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 24 14:01:56 2017 +0200 gnutls_ocsp_status_request_enable_client: removed support for problematic parameters Removed support for responder_id and extensions parameters. These had very difficult semantics to use and the underlying implementation had encoding errors, meaning there was no interoperation with other clients. Given that issue it means there are no applications depending on these parameters; ignore these parameters completely and no longer send either responder_id or extensions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 24 11:48:24 2017 +0200 gnutls_ocsp_status_request_enable_client: documented requirements for parameters That is, the fact that extensions and responder_id parameters must be allocated, and are assigned to the session. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 24 11:38:16 2017 +0200 ext/status_request: Removed the parsing of responder IDs from client extension These values were never used by gnutls, nor were accessible to applications, and as such there is not reason to parse them. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 24 10:46:03 2017 +0200 ext/status_request: ensure response IDs are properly deinitialized That is, do not attempt to loop through the array if there is no array allocated. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 24 10:28:28 2017 +0200 tlsfuzzer: enabled ocsp stapling test Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 24 10:17:09 2017 +0200 tlsfuzzer: updated to latest version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 23 09:26:10 2017 +0200 self-tests: limit compatibility API checks to vectors with plaintext Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 22 16:43:38 2017 +0200 tests: on cipher override do not run the compatibility checks That is, because we introduce a cipher using the new AEAD API which does not provide compatibility hooks. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 22 16:41:48 2017 +0200 self-tests: introduced flag GNUTLS_SELF_TEST_FLAG_NO_COMPAT This allows skipping the compatibility APIs when running self tests. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 22 16:39:14 2017 +0200 self-tests: all parameter was replaced by flags This allows to introduce more options than just check all ciphers. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 22 14:41:56 2017 +0200 aarch64: fix AES-GCM in-place encryption and decryption Resolves #204 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 22 11:54:25 2017 +0200 crypto: self-tests: enhance to include compatibility APIs That is, run the compatibility gnutls_cipher_* APIs on self tests for AEAD ciphers in addition to the AEAD API. Relates #204 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 22 14:23:14 2017 +0200 crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes That is, there are AEAD modes like CCM that can only be used through the AEAD API. Always refuse calls to gnutls_cipher_init() in these modes. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 22 09:19:53 2017 +0200 doc: corrected error in gnutls_x509_privkey_sign_data parameters [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 20 20:41:30 2017 +0200 sysrng-linux: improved detection of getrandom() The getrandom() call is defined in sys/random.h. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 20 20:34:40 2017 +0200 gnutls-cli: use 16k buffers in --benchmark-tls-ciphers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 20 20:31:33 2017 +0200 gnutls-cli: cleaned up --benchmark-ciphers output Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 20 20:20:34 2017 +0200 gnutls-cli: no longer include arcfour in benchmarks This cipher is considered broken and no longer included in the default set of ciphers. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 20 08:51:55 2017 +0200 documented the make files-update make option Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 20 08:48:26 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 20 08:26:47 2017 +0200 tests: added TLS server test for multi-key usage That is, a server which utilizes both RSA and ECDSA keys. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 20 08:14:59 2017 +0200 p11tool: mark provider opts as deprecated That is, to avoid listing that option in p11tool --help, as it is only useful for debugging very low level interfaces with PKCS#11 parameter passing. Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Sat May 20 02:19:17 2017 +0300 gnutls-serv: allow user to specify multiple x509certile/x509keyfile Instead of adding more and more variants like x509dsakeyfile or x509ecckeyfile (counting eddsa and gost in future), allow user to specify x509certfile/x509keyfile multiple times. Keep the old options as compatibility options. Signed-off-by: Dmitry Eremin-Solenikov Signed-off-by: Nikos Mavrogiannopoulos Author: Dmitry Baryshkov Date: Thu May 18 23:55:57 2017 +0300 Fix two memory leaks in debug output of gnutls tools Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Nov 30 07:13:09 2016 +0300 Don't let GnuTLS headers in NETTLE_CFLAGS override local headers Change order of CFLAGS so that local headers always come before ones in $(NETTLE_CFLAGS). Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Fri May 12 17:58:55 2017 +0200 find_signer: eliminate memory leak Signed-off-by: Nikos Mavrogiannopoulos Author: Karl Tarbe Date: Mon May 8 15:06:33 2017 +0300 tests: add test for signing with certificate list Signing with one certificate, but includes the other certificates inside the PKCS#7 structure. Signed-off-by: Karl Tarbe Author: Karl Tarbe Date: Thu May 4 16:46:14 2017 +0300 certtool: allow multiple certificates in --p7-sign Signed-off-by: Karl Tarbe Author: Andreas Metzler Date: Sun May 14 11:21:07 2017 +0200 Fix autoconf progress message concerning heartbeat [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu May 11 22:03:08 2017 +0200 doc: corrected typo [ci skip] Reported by Andreas Metzler. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu May 11 22:01:10 2017 +0200 test: corrected typo preventing the run of openpgp test [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 10 17:43:32 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 10 17:23:54 2017 +0200 pkcs11_override_cert_exts: do not use CKA_X_DISTRUSTED flag when retrieving This flag was introduced in order for reducing the number of duplicate stapled extensions returned by p11-kit. Unfortunately that fix was bogus and in fact it resulted to p11-kit not returning any stapled extensions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 10 17:08:11 2017 +0200 tests: added unit test for p11-kit trust store This verifies whether an Example Root CA can be read together with its stapled extensions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 10 16:40:10 2017 +0200 p11tool: added the --provider-opts option This option allows passing parameters to the PKCS#11 module loading process, i.e., passed to gnutls_pkcs11_add_provider(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 10 16:34:25 2017 +0200 pkcs11_add_provider: allow passing parameters to p11-kit trust module When the @params argument of gnutls_pkcs11_add_provider() starts with 'p11-kit:' the specified provider is loaded as an unmanaged module and the rest of parameters are being passed opaque to the module. This allows loading for example the p11-kit trust module with a custom path for the trust database. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 9 22:03:45 2017 +0200 tests: introduced checks in alternative chain discovery These cope with alternative chain discovery in the case of insecure algorithm found in the chain. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 9 21:24:36 2017 +0200 tests: modified pkcs1-pad to account for alt path search Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 8 06:43:28 2017 +0200 gnutls_x509_trust_list_verify_crt2: treat signers with insecure algorithms as unknown The reason is that many servers utilize a legacy chain to improve compatibility with old clients and that chain often contains insecure algorithm. In that case try to construct alternative paths. To maintain compatibility with previous versions, we ensure that the same error code (verification status) is returned in these cases as before by sending the cached error if the alternative path fails too. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 9 20:57:40 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 9 20:57:00 2017 +0200 Makefile: files-update directive will update the auto-generated files in src/ This simplifies the update of files generated by autogen. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 8 07:02:16 2017 +0200 tests: added check for gnutls-cli's sni-hostname option Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 8 06:13:59 2017 +0200 gnutls-cli: introduced --sni-hostname option This allows overriding the value set on the TLS server name indication extension. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed May 10 10:39:22 2017 +0200 Makefile: added phony targets to .PHONY [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 9 14:51:44 2017 +0200 fuzz: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 8 06:27:21 2017 +0200 errors.h: _gnutls_cert_log will only print on non-null certificates Signed-off-by: Nikos Mavrogiannopoulos Author: Nicolas Dufresne Date: Fri Apr 28 17:17:32 2017 -0400 rsa-psk: Use the correct username datum In rsa-psk we properly request username for the case the application uses a callback, but later we use the username cached in the credentials structure. This will lead to empty username issues. Signed-off-by: Nicolas Dufresne Author: Nikos Mavrogiannopoulos Date: Sat May 6 23:06:45 2017 +0200 tests: added check for PSK client callback in RSA-PSK This check verifies whether gnutls_psk_client_credentials_function is operational, and the parameters sent are taken into account by the server. Relates !364 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat May 6 22:47:32 2017 +0200 tests: simplified name of mini-rsa-psk check In addition modernize the used APIs and added explicit check on the received by the server username value. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 5 14:31:30 2017 +0200 tests: utilize the email_protection_key template option This ensures that generated certificates and requests will include that key purpose when the option is present. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri May 5 14:21:13 2017 +0200 certtool: introduced the email_protection_key option This option was introduced in documentation for certtool without an implementation of it. It is a shortcut for option key_purpose_oid = 1.3.6.1.5.5.7.3.4 Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Mon May 1 19:20:38 2017 +0200 gnutls-cli: Use CRLF with --starttls-proto=smtp. Closes https://gitlab.com/gnutls/gnutls/issues/200 Author: Nikos Mavrogiannopoulos Date: Mon May 1 01:43:40 2017 +0200 doc: remove libidn from instructions and add libidn2 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 1 00:59:12 2017 +0200 doc: update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 1 00:26:47 2017 +0200 added newline in debug messages [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 20:13:11 2017 +0200 Removed support for libidn1 Currently we support both IDNA2003 and IDNA2008. However, IDNA2003 is already obsolete by registrars and NICs, thus there is no reason to continue supporting it. We switch to IDNA2008 exclusively using libidn2. Resolves #194 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 1 12:44:46 2017 +0200 updated minitasn1 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon May 1 12:42:57 2017 +0200 gnutls.h: introduced GNUTLS_E_ASN1_TIME_ERROR This corresponds to libtasn1 ASN1_TIME_ENCODING_ERROR and indicates an error in the DER or BER encoding of time field. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 30 13:25:16 2017 +0200 gnutls_pkcs12_simple_parse: set to null vars after deinitialization This avoids having the variables being deinitialized twice during cleanup. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 30 12:52:51 2017 +0200 tests: enhance with checks to verify that textual IPs are not matched That verifies that the hostname check verification function will not succeed if given textual IPs, and the certificate contains textual IPs in DNSname or in the CN fields. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 29 13:30:50 2017 +0200 gnutls_x509_crt_check_hostname2: no match dns fields against IPs Previously we were checking textual IP address matching against the DNS fields. This match was non-standard and was intended to work around few broken servers. However that also led to not evaluating and IP constraints for that IP. No longer follow that broken behavior. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 30 12:45:19 2017 +0200 tests: check against symbols present only in IDNA2003 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 29 14:00:24 2017 +0200 gnutls_idna_map: fallback to IDNA2008 transitional encoding on failure This aligns with the behavior of firefox, which maps to IDNA2008, and fallbacks to IDNA2003 if that fails (e.g., mapping doesn't exist). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 28 23:12:19 2017 +0200 fuzz: fix leaks in PKCS#12 fuzzer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 28 22:46:48 2017 +0200 pkcs12: release CRL data on error path This addresses issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1295 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 12:01:25 2017 +0200 doc: added gnutls_ext_flags_t enumeration Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 11:55:10 2017 +0200 _gnutls_base64_decode: corrected leak on decoding error Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 11:08:47 2017 +0200 tests: fixed expected error code in base64 check Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 15:15:27 2017 +0200 certtool: ensure no leaks on pkcs12_info() error paths Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 11:02:01 2017 +0200 tests: added reproducer for mem leak in PKCS#12 decoding This relates to: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 10:59:58 2017 +0200 pkcs12: eliminate mem leaks in _pkcs12_decode_safe_contents This makes sure we deinitialize previously available elements. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 10:48:46 2017 +0200 cleanups in _pkcs12_decode_safe_contents Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 10:36:22 2017 +0200 pkcs12: clean ups in PKCS#12 parsing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 24 14:16:24 2017 +0200 Added explicit check for the bounds of the generated 'd'. This is according to FIPS186-4 sec. B.3.1. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 24 13:06:45 2017 +0200 fips140-2: enhanced check of generated parameters That is, replaced all assert() calls with if statements to allow gracefull fail. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 24 13:11:04 2017 +0200 dsa-fips.h: include nettle/bignum.h to allow compilation under nettle-mini Relates #197 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 25 09:50:08 2017 +0200 tests: added base64 reproducer of mem leak Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 24 13:28:39 2017 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 23 11:54:38 2017 +0200 gnutls.h: introduced flag GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL [ci skip] This flag is expected to be used by applications which handle custom extensions that are not currently supported in gnutls, but support for them may be added in the future. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 21 09:28:47 2017 +0200 _gnutls_base64_decode: addressed memory leak in decoding Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 21 09:19:56 2017 +0200 gnutls_pem_base64_decode: allow decoding raw base64 data Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 21 09:14:18 2017 +0200 tests: check whether gnutls_pem_base64_decode2 decodes with null argument Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 21 09:12:51 2017 +0200 Revert "gnutls_pem_base64_decode: allow decoding raw base64 data" This reverts commit fa86fc6892d6551340f24da6a6af4f484a62b884. Author: Nikos Mavrogiannopoulos Date: Thu Apr 20 16:34:56 2017 +0200 doc: clarifications on custom thread override [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 20 14:03:39 2017 +0200 fuzz: added PEM base64 decoder and encoder fuzzers [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 19 20:04:59 2017 +0200 fuzz: openpgp fuzzer always succeeds when no support is present [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 14 01:18:56 2017 +0300 lib/system/fastopen: simplified TCP fast open for OSX Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Mon Apr 10 12:39:46 2017 +0200 lib/system/fastopen: Add TCP Fast Open for OSX Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 16:37:28 2017 +0200 doc: removed incorrect comment Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 17:02:35 2017 +0200 gnutls_dh_get_pubkey: fixed operation under PSK authentication Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 16:15:36 2017 +0200 tests: test gnutls_dh_get_pubkey in PSK auth Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 16:33:09 2017 +0200 tests: combined and enhanced DH params tests Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 16:25:49 2017 +0200 tests: added DH parameter check in X.509 auth Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 16:18:26 2017 +0200 tests: added basic test on gnutls_dh_params_cpy Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 16:14:06 2017 +0200 tests: test gnutls_dh_get_pubkey in anonymous auth Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 16:15:46 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 8 15:50:16 2017 +0200 tests: added basic unit test on gnutls_random_art() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 22:51:09 2017 +0200 doc: fixed documentation for various function parameters Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 22:37:54 2017 +0200 .gitlab-ci.yml: removed the coverage run under pkcs11 trust store It was causing inaccurate total coverage numbers. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 16:56:06 2017 +0200 .gitlab-ci.yml: added runs under the PKCS#11 trust store in fedora Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 16:51:46 2017 +0200 tests: use gnutls_global_init instead of global_init The reason is to force initialization of the PKCS#11 backend, and thus support for any PKCS#11 trust store when setup. This fixes running the test suite in Fedora. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 14:42:10 2017 +0200 tests: added checks with certificates that contain invalid time field Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 14:33:29 2017 +0200 x509/time: reject invalid dates in local mktime() Resolves #135 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 14:25:34 2017 +0200 certtool: added newline in error message Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 14:09:31 2017 +0200 tests: added basic check for systemkey tool Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 14:05:45 2017 +0200 systemkey: improved error message on unsupported systems Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 14:00:41 2017 +0200 tests: enhanced tofu trustdb checks Include checks which store and load commitments from the user's home directory. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 10:35:33 2017 +0200 tests: do not run pkgconfig test in systems with invalid libidn flags This prevents our test from failing, due to invalid flags found in a dependency of ours. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 13:30:16 2017 +0200 doc: fixed tpmtool and psktool documentation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 09:39:50 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 09:38:45 2017 +0200 tests: added unit tests for the base64 raw decoding functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 09:37:10 2017 +0200 gnutls_pem_base64_decode: allow decoding raw base64 data Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 09:26:01 2017 +0200 x509/output: do not print usage entry when there is none Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 09:21:19 2017 +0200 certtool: improved printing of the key PIN and key ID That is, on private keys use the same format when printing the public Key ID and public key PIN, as when printing it in certificates. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 6 18:34:56 2017 +0200 .gitlab-ci.yml: fixed freebsd build project restriction Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 6 18:18:02 2017 +0200 certtool: print the key PIN on private and public keys Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 6 18:09:14 2017 +0200 gnutls_pem_base64_encode2: do raw base64 when msg is NULL Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Apr 7 08:33:54 2017 +0200 .gitlab-ci.yml: simplified CI setup This makes builds independent by reducing interactions between artifacts of builds. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 6 11:53:33 2017 +0200 fuzz: do not enable the openpgp fuzzer when openpgp is disabled Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 14:50:43 2017 +0200 serv: fixed carriage return stripping in strip() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 14:47:30 2017 +0200 Mark with (void) the remove() function and other unchecked functions This allows static analysers to properly warn on unchecked return values. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 14:29:16 2017 +0200 gnutls-cli: fixed minor coverity identified issues Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 14:26:52 2017 +0200 certtool: fixed newline skip code in smime-to-p7 code Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 14:12:03 2017 +0200 tests: added unit test for the certtool smime conversion functionality Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 13:41:36 2017 +0200 certtool: fixed minor issues pointed out by coverity Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 13:38:06 2017 +0200 gnutls-cli: better resource management in benchmark cmd Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 13:30:22 2017 +0200 is_level_acceptable: ensure issuer is not dereferenced when null Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 13:25:08 2017 +0200 certtool: guard the value of tl before gnutls_pkcs7_verify This utilizes assert() as it cannot be triggered in practice. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 13:20:44 2017 +0200 Avoid using ASN1_MAX_NAME_SIZE directly Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1 tree, it is not suitable to hold the maximum combined name. Instead use a local definition of MAX_NAME_SIZE, which is a multiple of the ASN1_MAX_NAME_SIZE. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 13:15:38 2017 +0200 gnutls_x509_crq_set_challenge_password: don't accept null password Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 13:13:26 2017 +0200 Mark with (void) the functions where the returned value is not checked intentionally This allows static analysers to properly warn on unchecked return values. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 13:08:11 2017 +0200 removed duplicate code Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 12:47:03 2017 +0200 handshake/record: mark with comments all expected fall-through switches This reduces warnings from static analysers like coverity and makes explicit the intention. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 12:42:18 2017 +0200 gnutlsxx.cpp: fixed misleading indentation issues Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 12:39:23 2017 +0200 doc: document intended fallthrough Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 12:36:52 2017 +0200 tests: fixed possible buffer overflow to avoid spurious complaints Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 12:34:56 2017 +0200 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 11:54:45 2017 +0200 x509.h: added macro for inhibit any policy Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 11:50:29 2017 +0200 NEWS: updated Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 10:24:17 2017 +0200 doc: documented the inhibit any policy extension Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 11:08:09 2017 +0200 tests: added PKCS#12 unit test with AES file Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 16:36:48 2017 +0200 tests: added unit test for inhibit anypolicy generation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 15:36:47 2017 +0200 supported_exts: inhibit anypolicy is listed as supported Since we don't support certificate verification based on policies, we make sure we do not reject any certificates based on the inhibit any policy extension being present. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 16:27:34 2017 +0200 certtool: added template option inhibit_anypolicy_skip_certs This option writes the inhibit anyPolicy option in a certificate. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 16:25:47 2017 +0200 x509: output the inhibit anyPolicy value Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 10:29:32 2017 +0200 documented the GNUTLS_X509_OID_POLICY_ANY macro Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 16:03:34 2017 +0200 x509: added function to set and retrieve inhibit anypolicy extension value That is, introduced: * gnutls_x509_crt_get_inhibit_anypolicy * gnutls_x509_crt_set_inhibit_anypolicy Resolves #180 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 15:53:05 2017 +0200 _gnutls_x509_write_uint32: ensure we prepend leading zero when writing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 15:46:45 2017 +0200 Added helper functions to parse the inhibit anyPolicy X.509 extension That introduces: * gnutls_x509_ext_export_inhibit_anypolicy * gnutls_x509_ext_import_inhibit_anypolicy Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 15:22:06 2017 +0200 tests: added unit test for PKCS#12 with file that uses PBES1 with no salt Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 6 05:14:25 2017 +0200 tests: added basic check for system trust store This checks whether the gnutls_certificate_set_x509_system_trust() and thus the trust list equivalent function operate as expected and return a positive number of certificates. The test is ignored in systems where these functions return GNUTLS_E_UNIMPLEMENTED_FEATURE. Signed-off-by: Nikos Mavrogiannopoulos Author: David Caldwell Date: Tue Apr 4 21:29:55 2017 -0700 gnutls_x509_trust_list_add_system_trust: Add macOS keychain support Also don't check for a default_trust_store_file in configure when building on macOS (unless explicitly asked to with --with-default-trust-store-file=xxx), because otherwise it finds /etc/ssl/cert.pem: This file is new (since 10.12.2?), which means libraries built on the newest OS version wouldn't work the same way on an older versions (and vice versa). "/etc/ssl/cert.pem" also doesn't seem to reflect additions and deletions from the user's or system's trusted roots keychain (in my limited testing). Signed-off-by: David Caldwell Author: David Caldwell Date: Wed Apr 5 11:15:45 2017 -0700 Rename uint64 to gnutls_uint64 to avoid conflict with macOS Signed-off-by: David Caldwell Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 10:11:01 2017 +0200 mpi: openpgp integer scanning was put into conditional That is, no longer include that code when compiling without openpgp support. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 29 12:38:34 2017 +0200 Moved all openpgp-related variables and definitions into ifdef blocks This allows compilation with -Werror even if openpgp is disabled. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 29 09:55:36 2017 +0200 OpenPGP authentication is disabled by default The flag --enable-openpgp-authenticationcan be used to revert this change. Resolves #178 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 08:50:53 2017 +0200 tools: remove outfile when exited on error Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 08:32:48 2017 +0200 certtool: added examples on verifying certificates Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Apr 5 08:12:17 2017 +0200 certtool: improved documentation Incorporated comments made in Lenka Horakova's thesis study. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 15:22:06 2017 +0200 tests: added unit test for PKCS#12 with file that uses PBES1 with no salt Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 11:28:27 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 12:52:14 2017 +0200 tests: add unit test for PKCS#12 with file that uses SHA512 for MAC Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 12:11:27 2017 +0200 pkcs12: increased the maximum salt size This accomodates for files which have salt sizes up to 256 bytes. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 12:01:15 2017 +0200 _gnutls_pkcs12_string_to_key: allow SHA384 and SHA512 The previous implementation of the function was restricted to SHA1 and SHA256. Extended to allow SHA384 and SHA512 as well. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 11:25:22 2017 +0200 PKCS#12: added support for files with zero salt length in MAC Resolves #191 Resolves #190 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 11:19:23 2017 +0200 tests: added unit test for PKCS#12 with file with no salt in MAC Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 3 09:44:43 2017 +0200 tests: verify that the encryption OID is printed That is, verify whether certtool --p12-info will print the actual encryption OID on unsupported files, rather than the generic PBES2 algorithm. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Apr 3 09:35:31 2017 +0200 gnutls_pkcs8_info: return the encryption algorithm OID on failure When failing to import a structure due to an unsupported encryption algorithm OID, return the unsupported OID instead of the generic PBES2 OID. Resolves: #193 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 4 10:26:43 2017 +0200 gnutls_transport_set_pull_timeout_function: doc update [ci skip] Clarified when this function should be set. Based on suggestion by Sean Greenslade. Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sun Apr 2 17:56:15 2017 +0200 Use NORMAL priority for SSLv23_*_method. Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for SSLv23_*_methods. http://bugs.debian.org/857436 Author: Nikos Mavrogiannopoulos Date: Sun Apr 2 15:14:41 2017 +0200 .gitlab-ci.yml: renamed dist build to doc-dist This better describes the name of the build. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 2 15:12:44 2017 +0200 .gitlab-ci.yml: combined minimal and no-tools builds Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 2 15:07:05 2017 +0200 .gitlab-ci.yml: combined static analyser runs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Apr 1 23:40:12 2017 +0200 .gitlab-ci.yml: reduced builds and stages That is an improvement to run the CI faster. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 30 20:56:01 2017 +0200 tests: added unit test for gnutls_priority_get_cipher_suite_index Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 31 20:33:49 2017 +0200 gnutls-cli: eliminate leak on --list option Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 29 18:52:48 2017 +0200 gnutls_priority_get_cipher_suite_index: fixed returned protocols That is no longer return indexes for ciphersuites which would not have been available due to TLS version mismatch in the priorities cache. Resolves #146 Signed-off-by: Nikos Mavrogiannopoulos Author: Matt Turner Date: Fri Mar 31 13:45:04 2017 -0700 tests: Copy template out of ${srcdir} Otherwise, out of tree builds will fail to copy the template. Signed-off-by: Matt Turner Author: Nikos Mavrogiannopoulos Date: Fri Mar 31 20:56:04 2017 +0200 gnutls_cipher_get_tag_size: document behavior on non-AEAD ciphers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 31 20:53:19 2017 +0200 doc: make a note that parts of the crypto API are in Core API Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 31 16:27:03 2017 +0200 tests: added checks with problematic PKCS#12 files These check whether parsing of unsupported files (e.g., with RC2-128), will succeed. This serves as functionality check for gnutls_pkcs8_info. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 31 16:17:07 2017 +0200 gnutls_pkcs8_info: do not free oid on GNUTLS_E_UNKNOWN_CIPHER_TYPE The documented behavior of the function was to return a valid OID in that case. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 30 19:58:22 2017 +0200 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 29 14:08:26 2017 +0200 Makefile.am: dropped .clcopying from dist files [ci skip] It is no longer being used. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 29 10:40:31 2017 +0200 Simplified the generation of ChangeLog [ci skip] Removed the dependency on git2cl and utilize git log directly. git2cl seems to provide incorrect output. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 28 09:05:38 2017 +0200 tests: added global locks on tls-fuzzer tests They both require access to the same port and thus cannot be run in parallel. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 28 09:01:25 2017 +0200 cert: ensure that there are no leftovers in certificate msg Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 28 08:58:29 2017 +0200 testsuite: added tlsfuzzer certificate requiring tests This enhances the testsuite by running all the tlsfuzzer fuzzer tests which require certificates from server. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 28 08:40:32 2017 +0200 alert: return GNUTLS_A_BAD_CERTIFICATE on GNUTLS_E_PK_SIG_VERIFY_FAILED Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 28 09:28:44 2017 +0200 fuzz: updated pkcs12 corpus Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 27 17:40:23 2017 +0200 fuzz: added PKCS#12 file parser fuzzer Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 27 17:28:08 2017 +0200 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 26 13:46:45 2017 +0200 ocsp-test: disable under windows This test was failing because datefudge couldn't run under win32. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 26 13:45:37 2017 +0200 Revert "ocsp-test: disable under windows" This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc. Author: Nikos Mavrogiannopoulos Date: Sun Mar 26 10:10:02 2017 +0200 .travis.yml: no longer install pkg-config Travis build seem to fail for some reason since pkg-config is already installed. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 26 10:07:13 2017 +0200 ocsp-test: disable under windows This test was failing because datefudge couldn't run under win32. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 25 21:48:46 2017 +0100 .gitlab-ci.yml: increase time of artifact expiration This allows to re-run failed builds on the depending stages during that time. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 25 21:44:53 2017 +0100 gnutls.pc: Removed P11_KIT_LIBS from Libs.private It was already being included in Requires.private. Reported by Andreas Metzler. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 23 08:03:52 2017 +0100 gnutls.pc: don't include zlib twice in private libs Author: Nikos Mavrogiannopoulos Date: Thu Mar 23 11:39:34 2017 +0100 tests: create-chain.sh: do not explicitly set serial We were previously exporting certificates with serial number being zero, which is not allowed by RFC5280. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 23 11:34:07 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 22 09:39:12 2017 +0100 tests: added mini-x509-ipaddr This is a unit test for GNUTLS_DT_IP_ADDRESS as used in gnutls_certificate_verify_peers(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 22 09:00:09 2017 +0100 Introduced GNUTLS_DT_IP_ADDRESS This allows verifying an IP address using gnutls_certificate_verify_peers() or gnutls_x509_trust_list_verify_crt2(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 12:19:35 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 17 15:04:50 2017 +0100 tests: check whether we fallback to CN unconditionally This is a unit test for: "gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally" Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 17 15:01:12 2017 +0100 gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally Do not fallback to checking the CN of a certificate for a hostname if supported names such as IP addresses were found in gnutls_x509_crt_check_hostname2(). This behavioral change is in order to satisfy the RFC6125 requirement of not falling back to CN in that case. Reported by Suphannee Sivakorn. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 17 14:50:10 2017 +0100 tests: added unit test of GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 17 14:43:36 2017 +0100 Introduced verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES This flag when provided to the gnutls_x509_crt_check_hostname2() function (and its callers), will prevent IP matching of the subject alternative name. This can be utilized by applications which directly check for IP addresses using gnutls_x509_crt_check_ip(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 17 14:37:21 2017 +0100 updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 16 11:38:19 2017 +0100 tests: added unit test for gnutls_x509_crt_check_ip Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 16 10:07:37 2017 +0100 Added gnutls_x509_crt_check_ip() This function allows to directly verify IP addresses on a certificate. That is a first step towards making gnutls_x509_crt_check_hostname2() not verify IP addresses. Based on discussion and suggestion by Suphannee Sivakorn. See https://lists.gnupg.org/pipermail/gnutls-devel/2017-March/008368.html Relates #185 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 14:07:22 2017 +0100 tests: added unit test of gnutls_pubkey_verify_data2 override flags Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 13:47:09 2017 +0100 tests: keygen -> privkey-keygen Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 13:20:02 2017 +0100 _gnutls_check_key_cert_match: allow broken sigs That ensures that when loading a certificate pair with SHA1, when SHA1 is disabled will not cause the server to fail to load. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 13:14:24 2017 +0100 .gitignore: more files to ignore Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 13:12:07 2017 +0100 Use a common function to decide acceptable signatures That is, ensure that results from all verification functions, including gnutls_pubkey_verify_data2(), will be consistent with SHA1 and other algorithms deprecation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 13:01:51 2017 +0100 check_ocsp_response: utilize the same flags as in certificate verification That ensures that overrides like using broken algorithms are considered in OCSP validation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 14:34:37 2017 +0100 extensions: print the name/type of any unexpected extension Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 18 18:12:55 2017 +0100 tests: added script to check pkg-config operation That is, whether the generated gnutls.pc will function for compiling and linking. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 18 17:56:42 2017 +0100 gnutls.pc: don't pass the libtool vars to Libs.private Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 10:11:54 2017 +0100 tests: improved tls-rehandshake tests Used common definitions from cert-common.h for certificates, and improved error detection in tls-rehandshake-cert-2. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 09:42:59 2017 +0100 tests: check whether a rehandshake without a cert works That is, check whether if on initial handshake the server requests a certificate, but on the following rehandshake he doesn't, whether the client behaves as expected. This tests: 1f685db853db6e48c77c6dbde0cdf716a7303baa Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 09:36:18 2017 +0100 handshake: reset cert request state on handshake init That addresses a bug which on client side on case of an initial handshake with a client certificate, we continue to send this certificate even if on rehandshake we were not requested with on. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 21 07:59:37 2017 +0100 Revert "nettle/rnd: use gettime() instead of gnutls_time()" This reverts commit c4842a21f65c7fc9a27932eb1792b1fc9e65f722. The time() syscall is also implemented as syscall() and is in fact performing better than gettime(). Author: Nikos Mavrogiannopoulos Date: Mon Mar 20 23:00:06 2017 +0100 README.md: corrected typo [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 20 16:31:42 2017 +0100 nettle/rnd: use gettime() instead of gnutls_time() The gnulib gettime() maps to gettimeofday() or clock_gettime() which are both implemented as fast system calls - see vdso(7)- and as such are available without a switch to kernel mode. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 20 13:29:42 2017 +0100 doc: updated RNG documentation to reflect the previous changes Author: Nikos Mavrogiannopoulos Date: Mon Mar 20 13:23:39 2017 +0100 nettle/rnd: re-seed both key and nonce levels based on time The time(0) is quite cheap on modern operating systems, and thus we can rely on it to provide improved assurance in the output randomness. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 20 13:13:11 2017 +0100 nettle/pk: use nonce level for RSA padding Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Mar 18 19:26:02 2017 +0100 README.md: corrected link for coverage in master [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Martin Storsjo Date: Fri Mar 17 23:33:01 2017 +0200 Avoid deprecation warnings when including gnutls/abstract.h Since ac3de8f5, when all openpgp functionality was deprecated, a library user including gnutls/abstract.h gets warnings about deprecated declarations, like this: gnutls/openpgp.h:328:10: warning: ‘gnutls_openpgp_recv_key_func’ is deprecated [-Wdeprecated-declarations] gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED; This warning is emitted since the gnutls_openpgp_set_recv_key_function prototype uses the deprecated typedef gnutls_openpgp_recv_key_func. By omitting the deprecation attribute from this individual typedef, we avoid the spurious warnings in calling code which just includes gnutls/abstract.h without actually using anything related to openpgp. Signed-off-by: Martin Storsjo Author: Nikos Mavrogiannopoulos Date: Fri Mar 17 10:47:33 2017 +0100 gnutls.h: added definitions to obtain the maximum element in several enumerations Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 16 14:29:10 2017 +0100 tests: added basic unit tests for several string functions of libs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 09:44:55 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 22:51:57 2017 +0100 tests: certtool-crl-decoding: ignore lines warning about SHA1 deprecation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 17:17:32 2017 +0100 tests: check the flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 In addition verify whether the GNUTLS_VERIFY_ALLOW_BROKEN flag works when MD5 is present. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 17:13:48 2017 +0100 Introduced flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 This allows performing a verification with only SHA1 allowed from the broken algorithms. This can be used to fine-tune verification in case default verification fails, to detect whether the failed algorithm was SHA1. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 17:06:47 2017 +0100 Introduced the %VERIFY_ALLOW_BROKEN priority string option This allows enabling broken signature algorithms in certificate verification. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 17:00:22 2017 +0100 Allow reverting the SHA1 ban as a signature algorithm This allows distributors to decide not to ban SHA1. This option may be removed in the future. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 12:36:46 2017 +0100 p11tool: test-sign operation using SHA256 instead of SHA1 This avoids the errors returned from the verification functions due to SHA1 usage. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 09:42:26 2017 +0100 tests: updated to account SHA1 move to broken set Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 08:35:34 2017 +0100 algorithms: tag SHA1 as insecure algorithm Although SHA1 was considered to be risky to use the past few years, there has been no demonstration of breakage. As of 2017-2-23 there has been a demonstrated collision in SHA1, and even though the attack was a costly one, it provided the incentive to should move SHA1 into the broken hashes list together with MD5 and MD2. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 16 14:02:05 2017 +0100 README.md: updated coverage links [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 16 08:25:52 2017 +0100 tests: removed unneeded ifdef in tlsext-decoding.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 16 09:04:24 2017 +0100 doc: updated RNG design Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 15 14:21:43 2017 +0100 nettle/rnd: introduced time limit for key generator That is, force re-key of the KEY and RANDOM PRNG after 2 hours of operation, irrespective of the amount of data having been output. At the same time, increase limits for key and nonce generators, to prevent a large amount of system calls in busy servers. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 15 15:11:14 2017 +0100 _gnutls_pk_generate_keys: separate between ephemeral and long-term keys That allows using the faster generator for ephemeral keys. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 15 14:46:54 2017 +0100 nettle/pk: use the nonce level for digital signatures That is, we do not really require high quality secret data for the generation of signatures. A better approach would be to switch to predictable signatures (RFC6979). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 15 22:06:59 2017 +0100 .gitlab-ci.yml: limit submodule update to avoid fetch This should reduce both the bandwidth and the time of the fetch. Signed-off-by: Nikos Mavrogiannopoulos Author: Martin Storsjo Date: Wed Mar 15 23:32:12 2017 +0200 Fix a typo in a variable name in an m4 script Signed-off-by: Martin Storsjo Author: Alon Bar-Lev Date: Tue Mar 14 19:27:49 2017 +0200 build: disable valgrind tests by default Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Wed Mar 15 05:17:37 2017 +0100 .gitlab-ci.yml: ubsan build utilizes -Werror for the library That brings back the -Werror for building, after its removal from clang-analyzer build. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 14 16:43:34 2017 +0100 .gitlab-ci.yml: remove -Werror compilation from scan-build When we pass '--status-bugs' to the command in combination with '-Werror' in CFLAGS it has the following side effects. In a failed due to Werror build, scan-build fails to find any issues, and marks the run as successfully completed. Hence, removes the -Werror from clang-analyzer. Signed-off-by: Nikos Mavrogiannopoulos Author: Alon Bar-Lev Date: Mon Mar 13 20:47:02 2017 +0200 build: tests: resolve as-needed issue with seccomp Incorrect ordering of -lseccomp: -Wl,--as-needed ../lib/.libs/libgnutls.so -lseccomp ./.libs/libutils.a ./.libs/libutils.a(seccomp.o): In function seccomp_init' seccomp.c:(.text+0x2b): undefined reference to `seccomp_init' Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 23:27:14 2017 +0100 fuzz: Corrected default options in fuzz scripts [ci skip] This change assumes that afl-fuzz (and not libfuzzer) will be used by default. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 20:13:49 2017 +0100 gnutls_pkcs11_privkey_init: document limitation on created object [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 15:21:40 2017 +0100 pkcs11: re-open privkey session handle on CKR_SESSION_HANDLE_INVALID When initializing a private key operation, attempt to re-open the key if CKR_SESSION_HANDLE_INVALID is received. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 15:15:31 2017 +0100 tests: pkcs11-mock lib: check object session sanity prior to using it This avoids crashes when the object is used after a fork but prior to the session being re-established. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 9 11:21:50 2017 +0100 tests: added an OCSP response parsing coverage test This inputs a large set of valid and invalid OCSP files in the OCSP parser with the intention to stress test its error checking, and prevent regressions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 9 08:14:32 2017 +0100 tests: added a certificate parsing coverage test This inputs a large set of valid and invalid certificates in the certificate parser with the intention to stress test its error checking, and prevent regressions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 09:39:03 2017 +0100 .gitignore: more files to ignore Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 09:33:29 2017 +0100 tests: added unit tests for gnutls_pkcs11_token_get_mechanism Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 09:28:25 2017 +0100 tests: included unit test for gnutls_pkcs11_obj_export Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 09:23:37 2017 +0100 tests: added unit test for gnutls_pkcs11_reinit() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 09:17:42 2017 +0100 tests: added unit tests for gnutls_pkcs11_obj_get_info Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 09:17:07 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 13 09:14:15 2017 +0100 gnutls_pkcs11_obj_get_info: don't include the terminator into output size Signed-off-by: Nikos Mavrogiannopoulos Author: Alon Bar-Lev Date: Mon Mar 13 11:32:07 2017 +0200 tests: cert-tests: openpgp-certs: align test redirection Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Mon Mar 13 10:45:08 2017 +0200 tests: suppressions.valgrind: supress fillin_rpath Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Mon Mar 13 11:30:41 2017 +0200 tests: remove unused suppressions.valgrind Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Sun Mar 12 14:48:19 2017 +0100 lib: unconditionally enable the self-check functions These functions were previously made available only in FIPS140-2 mode. Enabling them unconditionally allows applications to directly utilize that functionality for testing the gnutls library. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 12 14:43:00 2017 +0100 tests: added unit test for gnutls_pkcs11_get_pin_function Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 12 14:29:14 2017 +0100 tests: moved ocsp-tests to main directory Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 10 17:37:10 2017 +0100 pkcs11: re-open private key session inside a locked section This prevents clashes when the same operation is carried in other threads. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 10 17:12:50 2017 +0100 pkcs11: introduced locks to PKCS#11 private key structure This allows to run PKCS#11 private key operations such as signing and decryption in parallel. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 10 17:04:20 2017 +0100 tests: introduced check for parallel operation (signatures) in PKCS#11 mode That is, verify that parallel signatures using a single gnutls_pkcs11_privkey_t context work. Signed-off-by: Nikos Mavrogiannopoulos Author: Alon Bar-Lev Date: Sun Mar 12 15:05:41 2017 +0200 tests: scripts: suppress which errors Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Sat Mar 11 12:08:21 2017 +0100 pkcs11: during scan, leave the provider loop asap This optimizes access when multiple provider modules are available, by avoiding scanning irrelevant ones. Signed-off-by: Nikos Mavrogiannopoulos Author: Alex Gaynor Date: Sat Mar 11 10:28:50 2017 -0500 Do not attempt to parse a 32-bit integer if a packet is not 4 bytes. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824 Signed-off-by: Alex Gaynor Author: Nikos Mavrogiannopoulos Date: Thu Mar 9 15:50:24 2017 +0100 fuzz: document how to run AFL [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 9 10:57:28 2017 +0100 fuzz: added initial corpus for the OCSP request parser Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 17:09:59 2017 +0100 fuzz: added initial corpus for OCSP response parser Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 17:01:59 2017 +0100 fuzz: added OCSP structure parsers Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 16:51:39 2017 +0100 fuzz: increased minimized set of X.509 certificates Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 9 12:57:41 2017 +0100 PKCS8/PKCS12: enforce a maximum number of iterations This prevents denial of service through very large iteration counts. Issue found via oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434 Signed-off-by: Nikos Mavrogiannopoulos Author: Alex Gaynor Date: Wed Mar 8 14:52:38 2017 -0500 Do not attempt to parse a 32-bit integer if a packet is not 4 bytes. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737 Signed-off-by: Alex Gaynor Author: Nikos Mavrogiannopoulos Date: Thu Mar 9 11:25:54 2017 +0100 Revert ".gitlab-ci.yml: include coverage statistics of FIPS140-2 code" This reverts commit 603772688c4e37dae437b4cede12e25b9dd9f678. The commit introduced a long wait for the coverage build without and significant benefit (the extend of the FIPS140 code is limited to have any impact on the overall coverage). Author: Nikos Mavrogiannopoulos Date: Thu Mar 9 10:52:59 2017 +0100 sysrng-linux: define _rnd_get_system_entropy unconditionally This fixes compilation in systems without getrandom(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 16:00:02 2017 +0100 tests: dtls-stress: use X.509 certificates instead of openpgp This will allow the test tool to operate even after openpgp certificates are deprecated. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 22:52:31 2017 +0100 .gitlab-ci.yml: added build without openpgp support Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 11:32:31 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 22:36:16 2017 +0100 Added openpgp stub file That allows disabling openpgp authentication and at the same time retaining ABI compatibility with versions including openpgp. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 15:00:06 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 14:58:14 2017 +0100 tests: split PKCS#12 encoding from decoding tests Enhanced PKCS#12 encoding tests, with the encoding of a file which contains a cert, a key and a CRL. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 14:47:20 2017 +0100 tests: added PKCS#12 file decoding containing a CRL Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 14:40:15 2017 +0100 certtool: enhance to allow writing CRLs in PKCS#12 files In addition fallback to DER when --load-crl fails importing a PEM encoded CRL due to PEM issues. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 14:21:30 2017 +0100 tests: added CRL decoding unit tests using certtool Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 14:04:32 2017 +0100 tests: enhanced basic tests in CRL parsing That tests gnutls_x509_crl_get_crt_serial(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 13:50:55 2017 +0100 Rewritten gnutls_x509_rdn_get() and gnutls_x509_rdn_get2() The new code re-uses the gnutls_x509_dn APIs instead of re-implementing. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 13:43:36 2017 +0100 tests: added checks for the old DN decoding functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 22:39:20 2017 +0100 tests: do not run tests which require openpgp when it is disabled Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 22:47:55 2017 +0100 .gitlab-ci.yml: include coverage html output as artifact Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 13:22:59 2017 +0100 tests: x509-verify: print the keys on failure Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 13:17:15 2017 +0100 gnutls_privkey_export_x509: doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 13:07:08 2017 +0100 tests: split sign-verify test to RSA and ECDSA parts This allows parallelist and also helps identifying easier the culprit on an error. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 11:52:25 2017 +0100 tests: adjusted for the removal of HMAC-MD5 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 11:48:28 2017 +0100 priority: do not enable HMAC-MD5 by default While HMAC-MD5 is not yet broken, it is not used by any non-broken or non-NULL ciphersuites (is only used with NULL and RC4), and as there is not plan to introduce new ciphersuites with that MAC algorithm, there is no point to include it in the default set of allowed algorithms. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 23:10:43 2017 +0100 tests: converted FIPS140-2 mode checks in Makefiles to run-time in scripts Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 8 10:48:40 2017 +0100 gnutls.h: introduced GNUTLS_E_TLS_PACKET_DECODING_ERROR [ci skip] This is an alias to GNUTLS_E_UNEXPECTED_PACKET_LENGTH. That allows distinguishing the alert from GNUTLS_E_RECORD_OVERFLOW. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 21:53:51 2017 +0100 tests: crq: ignore lines for Security Level This allows running the test under FIPS140-2 mode. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 21:39:12 2017 +0100 ax_code_coverage.m4: updated Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 23:21:33 2017 +0100 .gitlab-ci.yml: initialize submodules where needed (for tlsfuzzer run) Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 15:28:01 2017 +0100 .gitlab-ci.yml: include subdirs of suite/ in artifacts Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 23:11:39 2017 +0100 ext/signature: error on invalid extension format That is, if an extension containing no signature algorithms is encountered, treat that as an error. This is an RFC5246 requirement, since the minimum "supported_signature_algorithms" length is 2. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 14:30:19 2017 +0100 _gnutls_proc_x509_server_crt: return GNUTLS_E_CERTIFICATE_ERROR on parsing error Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 14:21:45 2017 +0100 alert: GNUTLS_E_NO_CERTIFICATE_FOUND maps to GNUTLS_A_DECODE_ERROR This is the closest to use alert when no certificate is found; at least it is closer according to tlsfuzzer and rfc5246 text on insuficient_security alert. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 13:51:33 2017 +0100 read_client_hello: use integer for extensions size As we do not read the value directly, but rather assign to it the remaining data, we ensure that there are no overflows if we have additional data past the extensions field. The integer can hold more than 2^24 which is the maximum handshake packet size. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 16:33:57 2017 +0100 ext/signature: reject an extension with padded data Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 16:18:44 2017 +0100 ext/signature: reject an extension size of zero Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 15:58:19 2017 +0100 gnutls_record_recv: do not accept a client hello while handshake is in progress That is, do not return GNUTLS_E_REHANDSHAKE, while we are within a handshake process. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 15:16:59 2017 +0100 read_client_hello: fail early on illegally formatted message Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 2 17:57:57 2017 +0100 _gnutls_parse_extensions: do not fail on empty extensions field On the other hand, fail if an empty extensions field is seen, but the client hello contains data nevertheless, or if the extensions field is padded with additional unaccounted data. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 2 17:53:55 2017 +0100 alert: GNUTLS_E_PK_INVALID_PUBKEY maps to GNUTLS_A_ILLEGAL_PARAMETER Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 2 17:48:31 2017 +0100 alerts: separated record overflow from decode error alerts Introduced GNUTLS_E_RECORD_OVERFLOW. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Mar 2 17:42:51 2017 +0100 auth: failures of _gnutls_mpi_init_scan_nz map to GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER That ensures that the right alert is send when illegal parameters are received (e.g., zero length). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 11:49:45 2017 +0100 doc: updated tlsproxy to latest version Author: Nikos Mavrogiannopoulos Date: Mon Apr 18 14:17:18 2016 +0200 testsuite: added tlsfuzzer This enhances the testsuite by running all the tlsfuzzer fuzzer tests which require no certificates from server. https://github.com/tomato42/tlsfuzzer Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 07:55:10 2017 +0100 tests: converted compile-time checks for FIPS140 mode to run-time This allows running the complete test suite even when the library is compiled in FIPS140-2 mode, as long as the run-time is not at this mode. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 07:39:20 2017 +0100 .gitlab-ci.yml: include coverage statistics of FIPS140-2 code Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Mar 7 07:32:46 2017 +0100 .gitlab-ci.yml: include FIPS140-2 code into static analyzer runs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 22:35:41 2017 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 10:22:04 2017 +0100 nettle/rnd-fips: combined the FIPS-compliant generators to two This brings the FIPS generators in par with the non-FIPS chacha-based ones. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 10:18:14 2017 +0100 nettle/rnd: use two random generators instead of 3 That combines the levels GNUTLS_RND_RANDOM and GNUTLS_RND_KEY, while at the same time makes sure that backtracking is impossible on the GNUTLS_RND_KEY level, by reinitializing the RNG after a call requesting data for the GNUTLS_RND_KEY level. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 10:04:18 2017 +0100 doc: updated the PRNG documentation to utilize two PRNG instances Also move the random generator discussion to internals section. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 11:37:39 2017 +0100 doc: document the state of PRNG in GnuTLS 3.6.0 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 11:51:18 2017 +0100 nettle/pk: corrected call to gnutls_rnd() for rnd_nonce_func Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 26 20:07:41 2017 +0100 tests: decoupled the random generator operational tests from the forking ones That also corrects the fact that not all tests were run for all generators, and allows to run the tests in parallel. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 26 19:56:09 2017 +0100 nettle/rnd: specify different limits for rekey in PRNGs Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 26 19:20:16 2017 +0100 nettle/pk: use the GNUTLS_RND_RANDOM level for DH/DSA params This are not long term keys and do not require the key level. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 26 19:16:32 2017 +0100 tests: added check to verify that including crypto.h is sufficient That is, sufficient to use its functionality, and including additional headers isn't necessary. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 26 19:11:51 2017 +0100 crypto.h: include gnutls.h to obtain required types Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 10:44:43 2017 +0100 rnd: reduce calls to _rnd_get_system_entropy That is, no longer obtain the initial nonces for the RNG via _rnd_get_system_entropy() but instead use time-based ones which are typically faster kernel calls. This reduces the number of expensive system calls done during thread and process initialization. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 11:48:08 2017 +0100 rnd: when reseeding the generators use the next best generator That is, use the RANDOM level to obtain keys to reseed the NONCE level, and the KEY level to reseed the RANDOM. The KEY level is reseeded using the system random generator. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 11:11:31 2017 +0100 tests: verify whether crypto operations fail That is verify whether a signature operation will fail if the library is in error state. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 11:05:48 2017 +0100 Added _gnutls_lib_force_operational This allows recovering from _gnutls_lib_simulate_error() which in turn allows more advanced tests. Not documented, and intended to be an internal symbol only. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 10:56:44 2017 +0100 pk: always use _gnutls_switch_lib_state This avoids relying on abort() for RNG errors in PK wrappers. We use instead the library state originally added for FIPS140-2 support, and if the state indicates failure the operation will fail. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 10:43:56 2017 +0100 rnd: switched to 3 chacha-based PRNGs for all security levels Chacha was selected because it is already present in TLS protocol as algorithm, meaning that re-using would improve CPU caching, and it is a comparable in performance algorithm to the existing PRNG used for nonces (salsa20). The yarrow generator was removed because we are primarily seeding from system devices which are sufficiently trustworthy to offload us from coping with the handling of multiple sources of input. As such it allows us to switch to a simpler PRNG such as a stream cipher like Chacha. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 19 10:40:44 2017 +0100 rnd: aligned type of data counter with input data type (size_t) Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 19 09:57:39 2017 +0100 random: keep global list of initialized contexts This allows to properly deinitialize all random generator contexts on library deinitialization. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 18 21:47:33 2017 +0100 rnd: removed call of _rnd_system_entropy_deinit on deinit This was already being done in _gnutls_rnd_deinit(). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 27 13:52:23 2017 +0100 Removed locks from internal rng Also made the rng back-end to be thread-safe. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 27 10:21:56 2017 +0100 Use a thread local random generator. This allows accessing the per-thread random generator in a lock-free way, at the cost of additional memory per thread. The default random generator imposes around 640 bytes per thread on 64-bit architectures. Resolves: #141 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 07:38:20 2017 +0100 Makefile.am: added missing file Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 6 06:58:29 2017 +0100 .gitlab-ci.yml: execute initialization stage unconditionally [ci skip] This step is required both in tags and commit runs. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 5 18:22:04 2017 +0100 datum.h: documented behavior of datum functions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Mar 5 18:17:36 2017 +0100 _gnutls_set_strdatum: always return an allocated string on success That prevents returning NULL to functions which require a string. Signed-off-by: Nikos Mavrogiannopoulos Author: Alex Gaynor Date: Sun Mar 5 02:21:30 2017 +0000 Enforce the max packet length for OpenPGP subpackets as well This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 Signed-off-by: Alex Gaynor Author: Nikos Mavrogiannopoulos Date: Sun Mar 5 08:08:10 2017 +0100 doc: corrected typo [ci skip] It was pointed out by morozov@eags.ru. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 09:31:37 2017 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 09:29:12 2017 +0100 tests: do not generate certificates with serial being zero Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 08:48:41 2017 +0100 tests: check whether a certificate with illegal version is rejected That is, whether a certificate with version zero fails to import. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 08:38:01 2017 +0100 gnutls_x509_crt_set_version: do not allow writing illegal versions Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 08:28:47 2017 +0100 x509: reject illegal certificate versions Resolves #182 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 08:44:41 2017 +0100 gnutls_x509_crt_set_serial: refuse to write all-zero serial number This is prohibited by RFC5280. Relates #181 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 3 08:27:23 2017 +0100 gnutls_x509_crt_set_serial: document the 20-byte limit for serial sizes Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 12:51:47 2017 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 11:59:50 2017 +0100 tests: chainverify: incorporated the tests for unknown critical extensions These check whether unknown critical extensions are detected during verification, and whether the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, is honored during verification. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 11:47:17 2017 +0100 x509.h: introduced flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS That flag signals the verification process, not to fail on unknown critical extensions. This can be used when the critical extension checking in a chain is handled externally. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 16:54:33 2017 +0100 tests: verify that critical extensions can be stored That is, ensure that we don't repeat the regression of certtool not processing free-form critical extensions when no other free-form extensions are present. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 15:50:44 2017 +0100 tests: added verification for unknown critical extensions This tests whether unknown critical extensions will cause a verification failure. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 14:48:37 2017 +0100 x509/verify: refuse to verify certificates with unknown critical extensions That is, introduced flag GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, which is set when the chain under verification contains unsupported extensions marked as critical. Resolves: #177 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 10:17:41 2017 +0100 .gitlab-ci.yml: run tests under a FIPS140 mode simulation That is, in FIPS140-2/Fedora/x86_64 build, run tests under a normal run (when library is compiled with FIPS140-2 support but not enabled on run time), and also run tests under a run-time that simulates FIPS140-2 support. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 17:13:37 2017 +0100 crypto-self-tests: modified exported functions to work under fips140-2 mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 15:52:13 2017 +0100 tests: skip tests which cannot be run in FIPS140-2 mode This allows the test suite to be run in FIPS140-2 mode. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 15:42:25 2017 +0100 _gnutls_pk_params_copy: copy the provable algorithm used This is affected utilization of generated RSA keys under FIPS140-2 mode which utilizes provable generation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 14:31:30 2017 +0100 gnutls_session_ticket_key_generate: fixed operation under FIPS140-2 mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 14:05:31 2017 +0100 tests: priorities: enhanced for test to work under FIPS140-2 mode Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 13:46:43 2017 +0100 gnutls-cli: print the ciphers, MACs and KXs when priority string is given Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 13:39:39 2017 +0100 gnutls_priority_get_cipher_suite_index: do not return values for non-existent ciphers That is, do return only the enabled algorithms in states like FIPS140-2, rather than returning the set that would have been enabled if these restrictions wouldn't be in place. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 28 15:46:07 2017 +0100 README.md: removed info that gnutls is a gnu project [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 28 15:33:45 2017 +0100 tests: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 07:58:04 2017 +0100 tests: added test cases with invalid openpgp certs These certificates contain invalid secret key sub-packets. These trigger invalid memory accesses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Mar 1 07:54:04 2017 +0100 opencdk: do not parse any secret keys in packet when reading a certificate This reduces the attack surface on the parsers, and prevents any bugs in the secret key parser to be exploitable by inserting secret key sub-packets into an openpgp certificate. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 28 10:32:38 2017 +0100 tests: crt_apis: added tests for writing/reading unique IDs That is check the functionality of: - gnutls_x509_crt_get_subject_unique_id - gnutls_x509_crt_get_issuer_unique_id - gnutls_x509_crt_set_issuer_unique_id - gnutls_x509_crt_set_subject_unique_id Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 28 10:59:28 2017 +0100 Added _gnutls_idna_email_reverse_map This allows printing the reverse map of an IDNA-encoded email. Modified x509/output to include this decoding for RFC822Name. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 28 10:47:03 2017 +0100 x509/output: Cleanup in IDNA name printing That also removes the incorrect mapping to IDNA punycode when the input is not printable. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 28 08:48:24 2017 +0100 tests: added test for interactive creation of a request Relates #179 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 28 08:24:30 2017 +0100 certtool: removed limits in interactive input That removes the limits when reading most of the interactive input. The read_str() function due to its dependence on static variable remains with a limit, but will output an error if the input string exceeds size. Resolves #179 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 28 08:00:56 2017 +0100 certtool: increased buffer for reading from user This allows reading longer than 128-byte fields interactively. The new limit is 512-bytes. Relates #179 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 08:23:47 2017 +0100 tests: added certificate generation with very long DNS and CN name Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 15:58:53 2017 +0100 gnutls_x509_crt_get_extension_info: fixed function to comply with documented approach That is, do not include the trailing NULL byte size in the size of the object identifier. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 16:47:55 2017 +0100 certtool: store critical extensions even if no other extension are present That is, fix a bug which prevented critical extensions to be stored if no other free-form extensions were specified. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 27 15:06:57 2017 +0100 x509/name_constraints: documented return values and corrected return type Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 09:24:19 2017 +0100 gnutls_ocsp_resp_verify_direct, gnutls_ocsp_resp_verify: defined flags argument That was defined to be gnutls_certificate_verify_flags, and it allows passing verification flags, such as flags to allow broken algorithms. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 09:09:10 2017 +0100 is_level_acceptable: no longer checks for broken algorithms This is done at is_broken_allowed(), and in fact checking them in is_level_acceptable() creates a conflict when overrides like flag GNUTLS_VERIFY_ALLOW_BROKEN is used. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 08:57:27 2017 +0100 gnutls_store_commitment: introduced flag GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN This flag allows operation of the function even with broken algorithms. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 08:46:01 2017 +0100 verify: is_broken_allowed: account for "new" flag GNUTLS_VERIFY_ALLOW_BROKEN Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 09:53:26 2017 +0100 devel/fuzz: added necessary casts for compilation [ci skip] Also added the IDNA targets to makefile's default target. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 24 07:56:50 2017 +0100 devel/fuzz: include string.h for strlen() [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 18:05:09 2017 +0100 devel/fuzz: IDNA fuzzers: removed printf [ci skip] see request in: https://github.com/google/oss-fuzz/issues/417 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 11:08:34 2017 +0100 tests: added test case with invalid openpgp cert This triggers an invalid memory access: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 11:10:04 2017 +0100 opencdk: read_attribute: account buffer size That ensures that there is no read past the end of buffer. Resolves the oss-fuzz found bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 13:35:42 2017 +0100 gnutls-cli-debug: fixed protocol to port discovery That is, if --starttls-proto is provided the default port selected will be converted to host byte order as expected. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 13:11:45 2017 +0100 pk.c: fixed memory leak on DSS signature decoding Detected using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 13:07:47 2017 +0100 tests: added client reproducer for memory leak That reproduces a memory leak detected in the client code path. Detected using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 12:34:28 2017 +0100 tests: update to take into account the removal of random art Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 10:26:04 2017 +0100 x509/output: No longer include public key's random art That is in order to reduce bloat in the output, which already contains many identifiers for public key. See mailing list discussion at: https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008324.html https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008329.html Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 17:02:33 2017 +0100 tests: updated to include the pin-sha256 in output Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 16:47:02 2017 +0100 tests: updated to take into account the pin-sha256 oneline output Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 11:11:06 2017 +0100 x509/output: print key PIN on oneline output That is, instead of the public key ID. The key PIN due to HPKP is now more widely used than hex-based key IDs. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 11:06:51 2017 +0100 x509/output: print the public key PIN of a certificate That is, print the value used by the HPKP protocol as per RFC7469. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 23 09:39:28 2017 +0100 certtool: don't warn when 'uri' is specified on template Reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1425884 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 21:53:42 2017 +0100 .gitlab-ci.yml: ubsan build: fixed artifacts path Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 21:45:32 2017 +0100 tests: split starttls.sh into multiple scripts Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 21:29:22 2017 +0100 tests: pkcs11-import-with-pin: removed invalid conditional macro Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 17:38:07 2017 +0100 tests: added PKCS#11 test for pin input This introduces a test on PIN input to retrieve an object using pin-value and pin-source (file). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 22 21:01:30 2017 +0100 SECURITY.md: updated after comments from Daniel Berrange [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 16:50:22 2017 +0100 Removed unnecessary entries in pkix.asn and gnutls.asn Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 14:20:17 2017 +0100 nettle/pk: corrected memcpy of Q in DSA params Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 08:02:02 2017 +0100 crypto.h: improved documentation of randomness levels Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 08:01:09 2017 +0100 nettle/pk: use the appropriate level of randomness for each operation Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 08:00:41 2017 +0100 srp: use nonce level for SRP password randomization Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 08:58:16 2017 +0100 doc: document the use of assert() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 08:17:25 2017 +0100 doc: removed protocol/ directory While it was used during the first years of development, today it is way more easy to access protocol documents via the IETF web site. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Feb 21 08:13:56 2017 +0100 Added SECURITY.md, a description of the security issue handling process Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 18:57:56 2017 +0100 .gitlab-ci.yml: require clang analyzer build to be warning free Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 18:53:01 2017 +0100 configure: no longer use -Wframe-larger-than We do not require a specific stack size, and there is legacy code which utilizes large stack sizes. As such remove the warnings to allow for a warning free compilation. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 18:50:40 2017 +0100 pkcs11: avoid calling memcpy will null options Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 16:41:46 2017 +0100 preinitialize variables to work-around warnings with clang Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 15:05:57 2017 +0100 eliminated dead code as indicated by clang scan-build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 15:02:22 2017 +0100 pkcs7: corrected error checking in write_signer_id Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 14:18:25 2017 +0100 preinitialize variables to work-around warnings with clang's scan-build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 14:03:40 2017 +0100 eliminated various clang warnings with non-null arguments That is, use assert() to ensure that known to be non-null variables will be used as input to functions requiring non-null. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 13:49:55 2017 +0100 make_printable_string: allow operation with null input Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 13:32:37 2017 +0100 .gitlab-ci.yml: replaced clang's build with clang analyser's scan-build This introduces a static analyser pass in the CI. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 13:13:19 2017 +0100 .gitlab-ci.yml: added cppcheck run This adds a basic static analysis of the source code. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 11:14:49 2017 +0100 opencdk/read-packet.c: corrected typo in type cast Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 11:13:08 2017 +0100 cdk_pkt_read: enforce packet limits That ensures that there are no overflows in the subsequent calculations. Resolves the oss-fuzz found bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Feb 20 11:01:07 2017 +0100 tests: added test case with invalid openpgp cert That triggers a heap buffer overflow: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Signed-off-by: Nikos Mavrogiannopoulos Author: Robert Scheck Date: Sun Feb 19 22:50:30 2017 +0100 Add LMTP, POP3, NNTP, Sieve and PostgreSQL support to gnutls-cli Add LMTP (RFC 2033), POP3 (RFC 2595), NNTP (RFC 4642), Sieve (RFC 5804) and PostgreSQL support to gnutls-cli ("--starttls-proto"). Signed-off-by: Robert Scheck Author: Nikos Mavrogiannopoulos Date: Sun Feb 19 17:31:52 2017 +0100 README.md: added CII best practices badge [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Rical Jasan Date: Fri Feb 17 21:22:19 2017 -0800 tests: Improve port-checking infrastructure. The test suite unnecessarily failed on systems without netstat because it was assumed to be present. Instead of simply checking for its presence and indicating an unsupported test, however, the ss utility can be used as a drop-in replacement. When netstat/net-tools is not present, the ss utility from iproute2 still stands a fair chance of existing, and they also have similar enough semantics that they can be used interchangeably in the test suite. The functions in tests/scripts/common.sh that used netstat (wait_for_port, wait_for_free_port) now use new functions, check_if_port_in_use and check_if_port_listening, to abstract the call to netstat/ss. The eval'd variable GETPORT also used netstat, and has been updated accordingly. The new port-checking functions use another new function, have_port_finder, which takes care of the details of selecting ss (preferred) or netstat, or fails otherwise. Signed-off-by: Rical Jasan Signed-off-by: Nikos Mavrogiannopoulos Author: Alon Bar-Lev Date: Sun Feb 12 19:48:19 2017 +0200 build: doc: install images also into htmldir images are required also by the html documentation. Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 15:37:42 2017 +0100 .gitlab-ci.yml: corrected coverage build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 18 07:23:18 2017 +0100 .gitlab-ci.yml: remove submodule update from main build Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 17:40:27 2017 +0100 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 17:38:23 2017 +0100 Makefile: improved symbols extraction That is, do not include non-function names. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 15:35:41 2017 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 15:31:02 2017 +0100 tests: ignore sanity checks in broken cert test This allows the existing reproducers which contain certificates which are rejected by sanity checks, to still be used to detect regressions. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 15:26:56 2017 +0100 Added gnutls_x509_crt_set_flags() This functions allows specifying flags to the certificate object. In particular it allows the single flag GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which allows to ignore sanity checks at the import of the certificate. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 15:20:44 2017 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 15:14:38 2017 +0100 Introduced GNUTLS_E_CERTIFICATE_TIME_ERROR error code This error code indicates an issue in the time fields of certificate. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 11:49:48 2017 +0100 x509/output: properly indicate error in Time fields Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 11:33:56 2017 +0100 x509/time: refuse importing certificates with invalid Time fields That will refuse to import certificates which their time field is not in GMT, or contain fractional seconds. Resolves: #169 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 11:26:33 2017 +0100 _gnutls_x509_generalTime2gtime: refuse to parse fractional seconds Fractional seconds in GeneralizedTime are prohibited by RFC5280. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 11:25:15 2017 +0100 tests: enhanced test suite to include invalid X509v3 cert That certificate contains a GeneralizedTime with fractional seconds. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 15:10:40 2017 +0100 gnutls_x509_crt_list_import: fixed leak on import failure Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 10:39:21 2017 +0100 tests: enhanced test suite to include creation of invalid certificates That is, check whether the creation of invalid V2 or V1 certificates will be detected, and that the correct error codes are returned. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 10:06:58 2017 +0100 gnutls_x509_crt_sign2: refuse to sign invalid X.509 certificates That is, do not sign X.509 certificates which have fields that shouldn't be present on their corresponding version. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 10:04:52 2017 +0100 gnutls_x509_crt_import: reject X.509v1 certificates with invalid fields Refuse to import X.509v1 certificates which have fields that didn't exist in X.509v1 specification. That is the issuerUniqueID and subjectUniqueID fields. Resolves: #168 Resolves: #167 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 17 09:56:24 2017 +0100 tests: enhanced test suite to include invalid V1 certs That is, added X.509v1 certificates with attributes that shouldn't have been presented (valid for X.509v2 only). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Feb 15 18:42:22 2017 +0100 gnutls.pc: do not include libidn2 in Requires.private The libidn2 versions available do not include libidn2.pc, thus the inclusion was causing problems when using pkg-config. Instead we include -lidn2 in Libs.private. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 12 11:01:46 2017 +0100 .gitlab-ci.yml: Re-organized stages The less CPU intensive tasks were moved to earlier stage, and the CPU intensive tasks are only spawned only after basic syntax and ABI checks have succeeded. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Feb 12 09:42:15 2017 +0100 gnutls.h: corrected typo [ci skip] Author: Marcin Cieślak Date: Thu Feb 9 00:26:16 2017 +0000 only if HAVE_ALLOCA_H FreeBSD does know alloca() but has no such header Signed-off-by: Marcin Cieślak Author: Nikos Mavrogiannopoulos Date: Sun Feb 5 11:41:41 2017 +0100 doc: document the intention of the priority string usage [ci skip] This documents the gnutls_set_default_priority() function, and how it is intended to be combined with an application that utilizes priority strings. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 24 15:51:17 2016 +0100 doc update Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Dec 28 08:57:16 2016 +0100 tests: modified tests for the disablement of 3DES Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Dec 24 15:50:11 2016 +0100 Removed support for the 3DES cipher by default That is a legacy cipher that is no longer needed to be included as backup cipher. Resolves #120 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 2 22:59:43 2017 +0100 x509: optimize subject alternative name access That reads SAN and IAN early on import, significantly reducing the running time of functions which iterate over the alternative names of a certificate, e.g., gnutls_x509_crt_check_hostname(). Relates #165 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 4 14:28:30 2017 +0100 .travis.yml: list all logs on failure Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 4 14:01:36 2017 +0100 tests: enable all IDNA tests when compiled with libidn2 Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Feb 4 07:50:03 2017 +0100 .travis.yml: updated instructions for travis builds Removed unbound and other minor fixes. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 3 23:28:01 2017 +0100 extras/hex.h: do not use strlen as variable name That is, do not utilize a standard C function name as variable name. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 3 23:11:27 2017 +0100 gnutls_pkcs11_obj_list_import_url4: always return an initialized pointer When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4, could have returned zero number of elements with a pointer that was uninitialized. Ensure that an initialized (i.e., null in that case), pointer is always returned. Reported by Jeremy Harris. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Feb 3 00:08:19 2017 +0100 .gitlab-ci.yml: use libidn2 on windows builds Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 2 11:26:18 2017 +0100 gnutls_heartbeat_allowed: corrected type on dummy wrapper That is, when compiling without heartbeat support, compilation could fail due to the dummy wrapper not returning the right type. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Feb 2 08:27:14 2017 +0100 Address test suite failure due to timezone differences. Reported by Thorsten Glaser and Andreas Metzler. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 31 17:06:16 2017 +0100 doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 31 07:38:50 2017 +0100 gnutls_heartbeat_allowed: corrected return type This reflects better the fact that this function returns a boolean. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sat Jan 28 09:26:05 2017 +0100 _idn2_to_unicode_8z8z: do not err on mixed IDNA domains That is allow domains of the form 'großes.xn--fa-hia.de'. The drawback is that we may not err early on invalid formatted names. We however delegate any such decisions to libidn2. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 27 10:07:28 2017 +0100 README.md: added link to travis build for 3.5.x [ci skip] In addition to adding a link to travis build for 3.5.x branch removed link on 3.4.x branch. It is no longer active. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 26 14:49:33 2017 +0100 heartbeat extension: doc update Document how to calculate the total TLS data transmitted. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 26 13:21:39 2017 +0100 str-idna: improved error handling In addition to detecting input with invalid characters in _idn2_to_unicode_8z8z(), we also add support for case insensitive punycode header. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 25 15:45:57 2017 +0100 Updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 25 03:35:54 2017 +0100 str-idna: cleanups in IDNA handling Ensure safe operation even with broken libidn2, and make sure that we properly allocate memory to caller, even on complex library configuration. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 14:13:21 2017 +0100 fuzz: added run-afl helper script This script which allows running the fuzzying tests locally using american fuzzy lop. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 13:50:59 2017 +0100 fuzz: Added IDNA encoding/decoding fuzzying units Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 13:43:54 2017 +0100 Move IDNA functionality to str-idna.c from str-unicode.c Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 08:57:52 2017 +0100 tests: use the exported API for IDNA testing In addition group together the tests which require libidn2 >= 0.14. This allows the tests to succeed. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 08:55:06 2017 +0100 tools: depend on gnutls_idna_map() instead of using directly libidn/libidn2 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 08:50:54 2017 +0100 Exported gnutls_idna_map() and gnutls_idna_reverse_map() Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 07:56:12 2017 +0100 .gitlab-ci.yml: added run with IDNA2003 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 18:59:51 2017 +0100 tests: simplified str-idna This separates the directions that are tested (utf-8 -> punycode and vice versa). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 07:52:23 2017 +0100 configure: added flag to force IDNA2003 That allows to compile with libidn even if libidn2 is present, and can be used to check IDNA2003 support. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Rühsen Date: Sat Jan 21 23:14:46 2017 +0100 Add support for libidn2 (IDNA 2008 + TR46) Signed-off-by: Tim Rühsen Author: Nikos Mavrogiannopoulos Date: Wed Jan 25 08:55:40 2017 +0100 pkcs7 decryption: addressed memory leak in PBES1-DES-CBC-MD5 handling Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 25 09:46:00 2017 +0100 minitasn1: updated to libtasn1 4.10 Author: Nikos Mavrogiannopoulos Date: Wed Jan 25 03:24:34 2017 +0100 configure: do not disable valgrind tests unless explicitly specified ... or unless we are in release build. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 24 16:28:41 2017 +0100 Makefile.am: increased the number of releases to perform ABI checks with That is added 3.4.0, 3.4.17 and 3.5.8. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 20 16:55:26 2017 +0100 tests: verify that a written certificate will inherit its ID from privkey That is, whether p11tool will do the right thing and figure the proper ID to use for a certificate object, if the public key is available. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 20 16:33:03 2017 +0100 p11tool: re-use ID from corresponding objects when writing certificates That is when writing a certificate which has a corresponding public key, or private key in the token, ensure that we use the same ID for the objects. That eases the work of someone writing objects to certificates, and does not require him to manually detect the object IDs. Resolves #160 Signed-off-by: Nikos Mavrogiannopoulos Author: Alon Bar-Lev Date: Fri Jan 20 19:18:09 2017 +0200 .gitlab-ci.yml: add Fedora/x86_64/no-tools Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Fri Jan 20 23:12:36 2017 +0200 valgrind: support separate builddir for suppressions.valgrind Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Fri Jan 20 21:14:22 2017 +0200 configure: remove void statement Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Fri Jan 20 23:39:41 2017 +0200 tests: skip tests that requires tools if tools are disabled building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Sun Jan 22 00:59:41 2017 +0100 doc: improved documentation on DH parameters [ci skip] Author: Nikos Mavrogiannopoulos Date: Fri Jan 20 14:36:51 2017 +0100 Revert "tests: suite: pkcs11: skip if no softhsm" This reverts commit 276a6ee44d80d4d3b144a78794020c177be8f0ea. The reason is to avoid having changes in softhsm packaging, result to skipping large parts of the test suite without someone noticing. Author: Nikos Mavrogiannopoulos Date: Thu Jan 19 09:28:08 2017 +0100 _decode_pkcs8_dsa_key: ensure that the P value is non-zero When decoding a DSA private key, and constructing the public key ensure that P is non-zero, and thus can be used as modulus. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 19 09:24:19 2017 +0100 tests: added private key causing FPE Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 19 09:20:28 2017 +0100 _gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a multiple of blocksize That prevents incorrect data reaching nettle which has only assertion checks (leading to an abort). Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 19 09:14:29 2017 +0100 tests: added PKCS#8 key which causes undefined behavior on import Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 19 09:08:49 2017 +0100 tests: added certificate which reproduces a leak in gnutls_x509_ext_import_aia Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Jan 19 09:08:04 2017 +0100 x509: eliminated memory leak on gnutls_x509_ext_import_aia Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 17 15:08:29 2017 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Jan 18 13:51:32 2017 +0100 tests: added check which ensures a client cannot receive during handshake Relates #158 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 18 09:51:35 2017 +0100 tests: added check which ensures a client cannot transmit during handshake Relates #158 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 17 15:28:05 2017 +0100 tests: cleanup error reporting in handshake-false-start Author: Nikos Mavrogiannopoulos Date: Wed Jan 18 13:47:02 2017 +0100 Refuse to receive data during handshake This prevents buggy applications from receiving non-authenticated data that may have arrived during the handshake. Relates #158 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 17 15:05:35 2017 +0100 Refuse to send data during handshake That prevents buggy applications from transmitting sensitive data during handshake. Resolves #158 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 15 10:40:02 2017 +0100 Disable AVX support when it is not supported by the CPU This mostly affects virtual systems. Reported by Frank Chen. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 17 13:34:33 2017 +0100 opencdk: improved error code checking in the stream reading functions This amends 49be4f7b82eba2363bb8d4090950dad976a77a3a Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 16 17:09:36 2017 +0100 minitasn1: updated to latest git version Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 16 13:01:56 2017 +0100 doc: removed references to OpenPGP functions and enumerations Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Jan 15 11:11:19 2017 +0100 doc: removed documentation related to OpenPGP and guile Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 6 08:26:17 2017 +0100 doc: removed documentation related to OpenPGP Also added section explaining why OpenPGP is being deprecated. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Jan 6 08:14:09 2017 +0100 openpgp.h: all openpgp functionality was marked as deprecated This is to prevent new applications using that functionality. As the OpenPGP certificate for HTTPS (or TLS in general) never got any traction, GnuTLS is the only implementation supporting it, and the quality of the OpenPGP supporting code is questionable, we deprecate that code with the intention to drop it completely when an opportunity is given. Relates #102 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 9 08:36:02 2017 +0100 tests: added missing file Author: Nikos Mavrogiannopoulos Date: Mon Jan 9 08:18:33 2017 +0100 CONTRIBUTING.md: Improve instructions on git-template [ci skip] Signed-off-by: Nikos Mavrogiannopoulos Author: Alon Bar-Lev Date: Thu Jan 5 10:35:29 2017 +0200 tests: remove bash usage Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Thu Jan 5 14:01:30 2017 +0200 tests: suite: chain: support separate builddir Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Thu Jan 5 10:34:07 2017 +0200 tests: skip tests that requires tools if tools are disabled building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Tue Jan 3 16:46:46 2017 +0200 gitignore: update [ci skip] Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Tue Jan 3 16:45:19 2017 +0200 gitignore: sort() Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 15:22:13 2017 +0100 opencdk: added error checking in the stream reading functions This addresses an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 15:03:12 2017 +0100 tests: added test case with invalid openpgp cert This triggers an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 14:56:50 2017 +0100 opencdk: cdk_pk_get_keyid: fix stack overflow Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 14:48:38 2017 +0100 tests: added test case with invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 14:47:11 2017 +0100 tests: added test case with invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 14:42:03 2017 +0100 opencdk: read_attribute: added more precise checks when reading stream That addresses heap read overflows found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 14:34:05 2017 +0100 tests: added test case with invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 14:31:26 2017 +0100 tests: openpgp-cert-parser: simplified Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 09:46:26 2017 +0100 auth rsa: eliminated memory leak on pkcs-1 formatting attack path Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 09:42:25 2017 +0100 tests: added reproducer for server issues This allows to reproduce issues found on server side, by adding a transcript in server-interesting. Currently it contains values found using oss-fuzz. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 09:32:17 2017 +0100 _decode_pkcs8_dsa_key: fixed memory leak on error path Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 09:28:23 2017 +0100 decode_private_key_info: eliminate memory leaks on error path Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 09:26:07 2017 +0100 _gnutls_x509_read_dsa_params: update params structure parameters size on successful read That will allow proper deinitialization of the parameters even if the structure fill up doesn't succeed. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 09:18:03 2017 +0100 tests: added test with private key that causes memory leak Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 09:10:54 2017 +0100 _gnutls_pkcs12_string_to_key: avoid division by zero when salt_size = 0 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Wed Jan 4 09:07:10 2017 +0100 tests: added test with PKCS#8 key that signals FPE Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376 Signed-off-by: Nikos Mavrogiannopoulos Author: Alon Bar-Lev Date: Sat Dec 31 05:07:47 2016 +0200 tests: skip tests that requires tools if tools are disabled building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Tue Jan 3 14:56:05 2017 +0200 tests: cert-tests: pkcs12 drop builddir usage sync with other tests Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Tue Jan 3 14:40:36 2017 +0200 tests: suite: pkcs11: skip if no softhsm similar to other tests Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 16:10:07 2017 +0100 gnutls_x509_ext_import_policies: fixed memory leak on error path Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 15:53:27 2017 +0100 tests: added test case with invalid X.509 cert This triggers a memory leak. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=294 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 15:49:37 2017 +0100 x509 output: fixed memory leak in AIA extension printing Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 15:46:41 2017 +0100 tests: added test case with invalid X.509 cert Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=300 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 15:00:59 2017 +0100 doc: document how to enhance the testsuite with issues found Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 14:37:18 2017 +0100 status_request: eliminated leak on error path Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 13:49:18 2017 +0100 proc_server_kx: eliminated leak on error path Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 14:49:03 2017 +0100 tests: added reproducer for client issues This allows to reproduce issues found on client handling, by adding a transcript in client-interesting. Currently it contains values found using oss-fuzz. The client3.disabled transcript is disabled because it depends on a fix in nettle. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 13:39:43 2017 +0100 tests: do not run key-tests under leak sanitizer The reason is that we cannot distinguish between a memory leak on application failure (which is followed by exit- thus should be ignored) and an address sanitizer issue (which should never be ignored). As such we disable leak detection with asan and rely on valgrind. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 13:20:16 2017 +0100 tests: illegal-rsa: don't hide stderr Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 10:47:24 2017 +0100 tests: added suite for checking PKCS#7 structure import The initial (problematic) structures have been obtained from oss-fuzz project. Author: Nikos Mavrogiannopoulos Date: Tue Jan 3 11:39:13 2017 +0100 fuzz: added basic Makefile to assist in reproducing [ci skip] Also updated README.md Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 17:24:41 2017 +0100 Simplified contribution policy [ci skip] Also added a template to assist in the required steps to contribute. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 17:05:29 2017 +0100 _gnutls_x509_get_signature: fix memory leak on error path Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 17:04:29 2017 +0100 tests: added test case with invalid X.509 certificate This certificate causes a memory leak while printing. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=280 Relates #156 Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 15:07:48 2017 +0100 valgrind: use different exit code to signify error This allows the test suite to differentiate between valgrind and expected errors from tools. Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 15:01:26 2017 +0100 tests: cert-tests: force asan to return an error code other than one on failure Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 15:00:24 2017 +0100 gnutls_pkcs8_info: addressed memory leak on error path Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 14:55:14 2017 +0100 certtool: pkcs8_info_int: fix memory leak Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 13:44:46 2017 +0100 wrap_nettle_mpi_modm: bail on a modulus that is zero Relates #156 Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 13:32:41 2017 +0100 tests: added test for invalid private keys Also force asan to return an error code other than one (the normally expected for invalid keys). Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 12:02:53 2017 +0100 x509: address leak in print_altname - cert printing Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 12:03:35 2017 +0100 tests: added certificate to reproduce memory leak Found by oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299 Relates #156 Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 11:05:21 2017 +0100 tests: added test case with invalid PKCS#8 data Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=363 Relates #156 Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 11:20:45 2017 +0100 nettle: added a safety net on wrap_nettle_cipher_setiv() Return error if attempting to set invalid IV size. Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 11:51:10 2017 +0100 pkcs7 decrypt: require a valid IV size on all ciphers That is, do not accept the IV size present in the structure as valid without checking. Relates #156 Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 13:26:29 2017 +0100 fuzz: added a PBES1 PKCS#8 private key file into corpus Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 13:23:01 2017 +0100 pkcs8: pkcs8_key_info() will correctly detect non-encrypted files Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 13:19:49 2017 +0100 certtool: don't print PKCS#8 information when outputting DER data Author: Alex Gaynor Date: Sun Jan 1 09:15:09 2017 -0500 Corrected a leak in OpenPGP sub-packet parsing. Signed-off-by: Alex Gaynor Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 10:13:48 2017 +0100 doc: fixed copyright date in gnutls.texi Author: Nikos Mavrogiannopoulos Date: Mon Jan 2 08:43:47 2017 +0100 gnutls_rnd: document the available values of level [ci skip] This enables using the function by only checking the man page. Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 16:45:19 2016 +0100 pkcs11 verification: ensure that an issuer we retrieve is not blacklist It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set. Author: Alex Gaynor Date: Fri Dec 30 21:17:22 2016 -0500 Attempt to fix a leak in OpenPGP cert parsing. Author: Nikos Mavrogiannopoulos Date: Sat Dec 31 14:57:57 2016 +0100 tests: enable all the ciphersuite in openssl cli for DSS checks Author: Nikos Mavrogiannopoulos Date: Sat Dec 31 11:48:44 2016 +0100 certtool: improved error reporting on file error Author: Nikos Mavrogiannopoulos Date: Sat Dec 31 13:27:10 2016 +0100 tests: don't check against 3DES if disabled in openssl Author: Nikos Mavrogiannopoulos Date: Sat Dec 31 13:25:23 2016 +0100 tests: do not pass the -dhparams to openssl 1.1.0; it doesn't work Author: Nikos Mavrogiannopoulos Date: Sat Dec 31 12:14:44 2016 +0100 tests: simplified DH params format Also switch to RFC7919 DH params. Author: Nikos Mavrogiannopoulos Date: Sat Dec 31 12:13:20 2016 +0100 tests: corrected type in openssl compat tests Author: Nikos Mavrogiannopoulos Date: Sat Dec 31 12:12:33 2016 +0100 tests: added common variable for DH parameters Author: Nikos Mavrogiannopoulos Date: Wed Dec 28 10:36:37 2016 +0100 tests: fixed paths in compat tests Author: Nikos Mavrogiannopoulos Date: Wed Dec 28 09:04:59 2016 +0100 tests: better termination checking in compat tests This ensures that the exit code of all spawned processes is checked. Author: Nikos Mavrogiannopoulos Date: Sat Dec 31 10:12:34 2016 +0100 cfg.mk: exclude devel/ subdirectory from syntax checks Author: Nikos Mavrogiannopoulos Date: Fri Dec 30 15:50:45 2016 +0100 certtool: properly report unencrypted PKCS#8 keys in --p8-info Author: Nikos Mavrogiannopoulos Date: Fri Dec 30 15:41:53 2016 +0100 fuzz: added decrypted PKCS#8 keys Author: Nikos Mavrogiannopoulos Date: Fri Dec 30 15:23:17 2016 +0100 fuzz: added PKCS#8 keys with low iteration count This makes sure that the fuzzer will not timeout while trying to decode keys. Author: Nikos Mavrogiannopoulos Date: Wed Dec 28 11:01:37 2016 +0100 submodules: use the github mirror of openssl Author: Alex Gaynor Date: Mon Dec 26 13:15:25 2016 -0500 Do not infinite loop if an EOF occurs while skipping a PGP packet Signed-off-by: Alex Gaynor Author: Alex Gaynor Date: Tue Dec 27 09:45:31 2016 -0500 Added a fuzzer for OpenPGP cert parsing Signed-off-by: Alex Gaynor Author: Nikos Mavrogiannopoulos Date: Wed Dec 28 09:59:34 2016 +0100 fuzz: document the convention for initial values Author: Nikos Mavrogiannopoulos Date: Wed Dec 28 09:58:20 2016 +0100 fuzz: Added initial values for DN, PKCS8 and X.509 tests Author: Alex Gaynor Date: Mon Dec 26 15:59:03 2016 +0000 Added a parser for PKCS7 importing and printing Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 08:38:41 2016 +0100 fuzz: added X.509 DN parser Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 08:35:45 2016 +0100 fuzz: added PKCS#8 private key parser Author: Nikos Mavrogiannopoulos Date: Wed Dec 21 08:18:24 2016 +0100 configure: introduced --with-priority-string option This allows specifying the priority string to be used with gnutls_set_default_priority() on configure time. Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 21:35:53 2016 +0100 priorities: reset the profile flags when appending new flags That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the outcome could be undefined. Now, the last call will prevail. Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 21:39:02 2016 +0100 gnutls_session_set_verify_cert: doc update Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 21:26:09 2016 +0100 Revert "priorities: set the additional verify flags instead of appending them" This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2. Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 21:19:05 2016 +0100 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 19:01:31 2016 +0100 tests: added check for certtool loading CA certificates from PKCS#11 Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 15:52:49 2016 +0100 certtool: document that --load-ca-certificate can be used with PKCS#11 URLs Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 15:44:20 2016 +0100 certtool: load_ca_cert() can load a CA from URLs Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 11:36:13 2016 +0100 certtool: unified the CA certificate loading process That is, combined how CA certificates are loaded for --verify-chain, --verify and --p7-verify. It is based on the trust list high level functions, something that allows PKCS#11 URLs to be specified in --load-ca-certificate. Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 16:15:50 2016 +0100 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 16:21:30 2016 +0100 .gitlab-ci.yml: changed buildroot to fedora25 Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 11:01:10 2016 +0100 tests: added check for multiple calls to gnutls_priority_set_direct() Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 10:49:34 2016 +0100 priorities: set the additional verify flags instead of appending them That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the combo could be undefined. Author: Nikos Mavrogiannopoulos Date: Mon Dec 19 10:36:01 2016 +0100 verify: print certificate on sec param failure Author: Nikos Mavrogiannopoulos Date: Thu Dec 15 15:08:31 2016 +0100 x509: corrected leak in certificate printing The leak could be triggered if the certificate policies to be imported are invalid. Author: Nikos Mavrogiannopoulos Date: Thu Dec 15 15:02:18 2016 +0100 gnutls_x509_ext_import_proxy: fix issue reading the policy language If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed. Author: Nikos Mavrogiannopoulos Date: Thu Dec 15 14:50:36 2016 +0100 tests: added certificate which was causing issues in gnutls_x509_crt_print() Author: Nikos Mavrogiannopoulos Date: Thu Dec 15 14:47:13 2016 +0100 tests: improved certder to easily load certificates from a directory That allows to place certificates in certs-interesting/ and these will be loaded and checked upon the new "cert" test case. Author: Nikos Mavrogiannopoulos Date: Thu Dec 15 14:06:06 2016 +0100 doc update Author: Alexander Kanavin Date: Wed Dec 14 17:42:45 2016 +0200 Do not add cli-args.h to cli-args.stamp Makefile target Signed-off-by: Alexander Kanavin Author: Alex Gaynor Date: Thu Dec 15 08:08:45 2016 -0500 Describe the integration Author: Alex Gaynor Date: Thu Dec 15 07:27:47 2016 -0500 Move to the devel dir Author: Alex Gaynor Date: Tue Dec 13 20:14:33 2016 -0500 Added a server fuzzer Author: Alex Gaynor Date: Mon Dec 12 08:09:49 2016 -0500 Migrated fuzzers from the oss-repo to here. Also added a new private_key_parser fuzzer. Author: Dmitry Baryshkov Date: Wed Dec 14 18:07:05 2016 +0300 Drop _gnutls_epoch_get_compression This function is unused since long ago, let's drop it. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Dec 14 17:51:56 2016 +0300 Rework setting next compression method Only update compression method if all internal check succeed and next epoch will use this it. Also while we are at at, actually check for _gnutls_set_compression() return value. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Dec 14 17:51:56 2016 +0300 Rework setting next cipher suite Only update cipher_suite if all internal check succeed and next epoch will use this ciphe suite. Also while we are at at, actually check for _gnutls_set_cipher_suite() return value. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Mon Nov 28 13:16:13 2016 +0300 Cache MAC algorithm used for PRF function Instead of spreading checks all over the GnuTLS, cache used PRF after setting the cipher suite and reference the value later. Like in _gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo. Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Dec 14 04:11:11 2016 +0300 Use MAC_MD5_SHA1 instead of MAC_UNKNOWN to specify TLS 1.0 PRF Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Dec 14 03:52:06 2016 +0300 Rewrite SSL/TLS signature verification to use combined MD5+SHA1 digest Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Dec 14 03:52:06 2016 +0300 Rewrite SSL/TLS signing code to use combined MD5+SHA1 digest Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Wed Dec 14 03:15:49 2016 +0300 Add special MD5+SHA1 digest to simplify TLS signature code Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Wed Dec 14 10:52:27 2016 +0100 _gnutls_pkcs_raw_decrypt_data: merge all errors during decryption to GNUTLS_E_DECRYPTION_FAILED This makes the function's return values simpler to handle. Author: Dmitry Baryshkov Date: Wed Dec 14 00:46:16 2016 +0300 configure.ac: remove autogen'erated files only if necessary Currently autogen'erated files will be removed on each call to configure. However this would break the build if one of previous make invocations have created corresponding stamp files. Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Wed Dec 14 09:50:24 2016 +0100 bumped versions and added news entry for 3.6.0 [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed Dec 14 09:46:18 2016 +0100 README.md: added information on the 3.5.x builds Author: Nikos Mavrogiannopoulos Date: Tue Dec 13 11:41:12 2016 +0100 tests: added test for PKCS#8 encrypted key decoding This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED. Author: Nikos Mavrogiannopoulos Date: Tue Dec 13 11:27:38 2016 +0100 pkcs8: ensure that the correct error code is returned on decryption failure Author: Nikos Mavrogiannopoulos Date: Sat Dec 10 13:15:16 2016 +0100 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 15:44:47 2016 +0100 doc: updated to documentation of certtool [ci skip] This corrects options which incorrectly mentioned they support URLs. Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 11:54:30 2016 +0100 x509: better documented gnutls_trust_list_flags_t Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 15:06:55 2016 +0100 tests: disable ASAN leak checks on suite tests These detect memory leaks in the tools in src/ which are not critical nor there is serious reason to address. Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 12:03:33 2016 +0100 tests: disable ASAN leak checks on certificate tests These detect memory leaks in the tools in src/ which are not critical nor there is serious reason to address. Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 09:54:14 2016 +0100 tests: enhanced long-session-id test This ensures that no leaks exist during exit (to avoid asan failures), and that we test for the specific error code that gnutls_handshake() is expected to return. Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 09:52:20 2016 +0100 handshake: return GNUTLS_E_ILLEGAL_PARAMETER on invalid ID size This is a more sensible error code to return on invalid packet. Author: Nikos Mavrogiannopoulos Date: Fri Dec 9 09:15:59 2016 +0100 tests: eliminate compilation warning in crq-basic [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 15:41:40 2016 +0100 .gitlab-ci.yml: do not enable IDN support in minimal build Author: Nikos Mavrogiannopoulos Date: Fri Dec 2 14:57:41 2016 +0100 configure.ac: use AC_CONFIG_LINKS to copy autogenerated files Author: Nikos Mavrogiannopoulos Date: Fri Dec 2 09:22:38 2016 +0100 Added autogen pre-generated files into repository This allows building gnutls from git in systems without using autogen. Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 14:28:46 2016 +0100 configure: added option to enable maintainer mode That makes normal builds, not regenerate Makefiles or configure, allowing for faster CI builds on second stage. Author: Nikos Mavrogiannopoulos Date: Tue Nov 15 09:03:59 2016 +0100 .gitlab-ci.yml: split the CI run into stages In addition avoid re-generating images for operating systems on every build and use pre-built images, which are generated in the gnutls-build-images sub-project. That allows for faster and more reliable (independent of network) CI runs. Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 21:40:14 2016 +0100 .gitlab-ci.yml: use local libopts on x86 This works around autogen failures on x86-64 centos7 CI hosts. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 16:35:24 2016 +0100 doc: updated documentation on multithreading [ci skip] Resolves #154 Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 16:27:36 2016 +0100 doc: list gnutls_init_flags_t [ci skip] Suggested by Tyler Burns. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 15:54:07 2016 +0100 tests: make conditional (to HAVE_LIBIDN) any IDN related checks This allows the test suite to successfully complete even when compiled without libidn. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 15:44:28 2016 +0100 str: do not call gnutls_assert in inline function This allows the build to succeed when compiled without libidn. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 13:09:35 2016 +0100 tests: disable leak checks in rsa-md5-collision.sh Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 14:04:07 2016 +0100 tests: split and enhanced UTF-8 name checks from hostname-check That is, added checks to ensure that non-ASCII DNS names in certificates fail, and that properly encoded IDNA2003 names, succeed. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 13:54:53 2016 +0100 tests: added check with failed verification on invalid UTF-8 That is, check whether raw UTF-8 in the certificate will fail verification. Raw UTF-8 is prohibited by IETF PKIX (RFC5280) on a certificate. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 13:40:41 2016 +0100 tests: updated cert with UTF8 names to contain proper IDNA2003 encoded names Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 13:28:00 2016 +0100 gnutls_x509_crt_check_email type changed to unsigned This reflects the documented returned value type (bool), and allows the compiler to warn on accidental checks for negative value. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 13:20:05 2016 +0100 x509: do not attempt to ACE encode values stored in certificates The email and hostname values are required to be in ASCII form by PKIX. We instead ignore these names, if their values are outside the ASCII printable character set. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 08:08:28 2016 +0100 .gitlab-ci.yml: removed libintl references They are no longer shipped in the build systems. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 07:32:18 2016 +0100 tests: added missing test in dist Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 07:23:18 2016 +0100 tests: corrected typos in starttls.sh This allows to detect chat in most systems. Author: Nikos Mavrogiannopoulos Date: Thu Dec 8 07:17:34 2016 +0100 bumped version Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 15:43:21 2016 +0100 tests: reduced the intermediate steps in rsa-md5-collision Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 13:24:34 2016 +0100 configure: break after finding the first libtspi It may happen that multiple versions are available on a system, and by using the first one we ensure, that we are using the 64-bit version on 64-bit system, instead of falling back to the 32-bit. Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 13:20:08 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 10:56:30 2016 +0100 tests: added operational -sign/verify- tests in keygen app This will check that a generated key is immediately usable for operations. Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 10:27:01 2016 +0100 gnutls_x509_privkey_cpy: use _gnutls_pk_params_copy This ensures that all fields of parameters are copied. Inspired by patch of Dmitry Eremin-Solenikov. Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 10:30:13 2016 +0100 tests: enhanced keygen to include check of gnutls_x509_privkey_cpy Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 08:58:30 2016 +0100 tests: added tests for CRL generation APIs Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 09:05:01 2016 +0100 x509 crl: document the nextUpdate field limitation Author: Dmitry Baryshkov Date: Tue Dec 6 22:41:28 2016 +0300 Don't trash DER CRQ output with text data Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Wed Dec 7 08:59:03 2016 +0100 x509 crl: Allow generation of CRLs not to specify a nextUpdate Author: Nikos Mavrogiannopoulos Date: Tue Dec 6 20:03:31 2016 +0100 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Dec 6 13:07:57 2016 +0100 tests: updated overhead calculation for new code Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 11:57:56 2016 +0100 DTLS: more precise overhead calculation That takes into account space available due to padding, and allows it to be included for use in the gnutls_get_data_mtu(). Resolves #140 Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 09:54:45 2016 +0100 tests: added check for MTU calculation on DTLS 1.2 Author: Nikos Mavrogiannopoulos Date: Mon Dec 5 10:36:04 2016 +0100 src: clean all stamp files on 'make clean' Author: Nikos Mavrogiannopoulos Date: Mon Dec 5 10:33:07 2016 +0100 configure: search 64-bit paths for libtspi before 32-bit paths That is, because 64-bit systems may have both 64-bit and 32-bit paths while 32-bit systems only the latter. Author: James Bottomley Date: Sat Dec 3 14:36:40 2016 -0800 tpm: fix handling of keys requiring authorization There are several problems with the key handling in the tpm code. The first, and most serious, is that we should make sure we understand the authorization requirements of a key *before* using it. The reason for this is that the TPM has a dictionary attack defence and is programmed to lock up after a certain number of authorization failures (which can be very small). If we try first without authorization, we may lock up the TPM. The fix for this is to check whether authorization is required and supply it before using the key. Secondly, if the key does require authorization but no password is supplied we should return immediately, since we know the TPM will give us an authorization error anyway. Thirdly, we should unconditionally read the policy of the key rather than checking if a policy exists: Policies are tied to key objects, so if there is an old policy in s->tpm_key_policy, but we're creating a new key, the key it belonged to will be closed, meaning the policy will be invalid. Fix this by always setting the policy each time we get a new key object. Signed-off-by: James Bottomley Author: Nikos Mavrogiannopoulos Date: Sun Dec 4 09:56:13 2016 +0100 In import_tpm_key_cb() fix the wrong password loop When calling import_tpm_key() once it initializes the key, but a second call fails due to the key being already initialized. Ensure that failure of import_tpm_key() leaves the key on a clear state. Reported by James Bottomley . Author: Nikos Mavrogiannopoulos Date: Sun Dec 4 18:48:55 2016 +0100 src gl: updated Author: Nikos Mavrogiannopoulos Date: Fri Dec 2 15:59:17 2016 +0100 gl: removed iconv module It is no longer used by the library. Author: Nikos Mavrogiannopoulos Date: Sun Dec 4 10:11:19 2016 +0100 configure.ac: detect trousers library on debian Author: Andreas Metzler Date: Sat Dec 3 14:29:51 2016 +0100 Prevent unwanted linkage to -lhogweed Specify action-if-found for AC_CHECK_LIB when checking for !SuiteB curves to keep autoconf from adding -lhogweed to LIBS. This caused linkage of e.g. openssl wrapper and C++ library to -lhogweed. The issue only shows up if --disable-libdane is specified, since the dane autoconf test resets LIBS. Author: James Bottomley Date: Fri Dec 2 15:28:08 2016 -0800 Fix inability to find libtspi (trousers) on openSUSE For distro reasons, the path on openSUSE is /lib[64]/libtspi.so.1 which the current code doesn't find. Fix this by having it search all viable system library locations (/lib /lib64 /usr/lib and /usr/lib/lib64) Signed-off-by: James Bottomley Author: Nikos Mavrogiannopoulos Date: Fri Dec 2 16:27:58 2016 +0100 x509: fixed output of pubkey Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 16:41:55 2016 +0100 doc: document the fact that certificates and CRLs are unusable after generation They must be exported and re-imported if intended to be used for signing or verification. Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 16:32:04 2016 +0100 doc: no longer list SHA1 as a safe choice in X.509 signing Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 16:19:31 2016 +0100 certtool: prevent-null termination of buffers allocated with fread_file() We do not know whether their allocated size allows for that additional null, and we do not need the null termination. Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 08:40:13 2016 +0100 gnutls_x509_crl_verify: always return zero on success Also document that in previous versions a positive number could be returned on success. Reported by Adrien Beraud. Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 14:09:15 2016 +0100 tests: corrected space-tab issue Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 10:04:45 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 09:55:51 2016 +0100 Improved messages and violation handling in signature key usage checks This will now tolerate violations in server certificate, if %DEBUG_ALLOW_KEY_USAGE_VIOLATIONS is set. Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 09:48:56 2016 +0100 Removed redundant certificate key usage checks. There were redundant checks when a certificate was obtained, as well as prior to performing operations with certificates/pubkeys. Kept the checks prior to operations. Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 09:45:26 2016 +0100 _gnutls_map_pk_get_pk -> _gnutls_map_kx_get_pk Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 14:18:51 2016 +0100 gnutls_kx_get: allow calling the function during handshake Previous this function would return garbage during handshake, because parameters were not considered established, however there are valid uses of this function during it. For that reason this function is modified to return a correct value even during handshake (after a hello is being exchanged). Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 14:14:42 2016 +0100 _gnutls_check_key_usage: check for invalid key exchange algorithm Reported by Dmitry Eremin-Solenikov. Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 14:56:41 2016 +0100 tests: added checks on signature key usage violations Author: Nikos Mavrogiannopoulos Date: Thu Dec 1 09:10:41 2016 +0100 .gitlab-ci.yml: added docker tag on mingw builds That ensures that these builds are done on the gitlab.com runners which run as privileged containers (and thus have access to mount). Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 09:20:26 2016 +0100 privkey: set the key parameters algorithm prior to returning success Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 09:15:06 2016 +0100 When decoding a public key ensure that algorithm is written in the params struct Reported by Dmitry Eremin-Solenikov. Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 08:54:09 2016 +0100 cfg.mk: disable checks for public submodule updates in CI Author: Nikos Mavrogiannopoulos Date: Wed Nov 30 08:44:40 2016 +0100 .gitlab-ci.yml: do not require update to /proc/sys/fs/binfmt_misc to succeed In some CI systems, it is not possible to write to this filesystem, and they already have the wine executable registered. In the case we cannot write proceed to running the check and hope for the best. Author: Nikos Mavrogiannopoulos Date: Tue Nov 29 16:00:30 2016 +0100 tests: use datefudge in rsa-md5-collision check This makes sure that any failure detected is not because of expired certificates, but because of MD5 being disabled. Author: Nikos Mavrogiannopoulos Date: Tue Nov 29 15:51:18 2016 +0100 tools: use stamp files to allow parallel build of autogen files Autogen seems to output on the creates files gradually, something that makes 'make' believe that the command is complete prior to the output file being fully populated. The current approach uses stamp files to ensure that no incomplete files are used for compilation. Author: Nikos Mavrogiannopoulos Date: Tue Nov 29 13:44:01 2016 +0100 guile: do not use +COMP-DEFLATE in priorities test This allows the test to work even in the cases where gnutls is compiled without zlib support. Author: Nikos Mavrogiannopoulos Date: Mon Nov 28 18:19:43 2016 +0100 moved all syntax check exceptions in cfg.mk Author: Nikos Mavrogiannopoulos Date: Tue Nov 29 07:57:26 2016 +0100 .gitlab-ci.yml: added zlib dependency Author: Nikos Mavrogiannopoulos Date: Mon Nov 28 12:48:25 2016 +0100 .gitlab-ci.yml: fixed artifacts paths for Debian build Author: Nikos Mavrogiannopoulos Date: Mon Nov 28 10:26:14 2016 +0100 tests: str-unicode: check whether exceptions are tolerated on decryption Author: Nikos Mavrogiannopoulos Date: Mon Nov 28 10:01:02 2016 +0100 tests: added exception and join control characters in str-unicode Author: Nikos Mavrogiannopoulos Date: Mon Nov 28 09:38:38 2016 +0100 unistring: added property-join-control Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 17:49:10 2016 +0100 unistring: added default_ignorable_code_point and not_a_character tests Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 17:23:51 2016 +0100 unistring: added NFKC normalization Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 15:29:43 2016 +0100 unistring: included all possible categories for simplicity and extensibility Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 14:55:37 2016 +0100 tests: enhanced str-unicode with more char sets Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 14:20:11 2016 +0100 gnutls_utf8_password_normalize: perform more strict check on input characters That is, ensure that the input characters are in the valid class of characters for the PRECIS FreeformClass. Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 13:11:44 2016 +0100 tests: fixed str-unicode tests with control characters Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 13:02:48 2016 +0100 gnutls_utf8_password_normalize: avoid use of strlen() Author: Nikos Mavrogiannopoulos Date: Mon Nov 28 11:03:28 2016 +0100 tests: added pkcs12 file with long password Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 16:09:20 2016 +0100 renamed system/iconv.c -> str-iconv.c We no longer use the system's functionality for converting between charsets (we use libunistring), hence it is no longer suitable for the wrappers to stay in system/. Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 11:58:14 2016 +0100 x509: when printing ACE DNSnames ensure the actual name is also printed Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 11:47:53 2016 +0100 tests: added unit tests of of _gnutls_idna_reverse_map Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 11:34:19 2016 +0100 introduced _gnutls_idna_reverse_map() This function allows mapping ACE formatted domains to UTF-8. Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 10:05:28 2016 +0100 Combined checks for printable characters Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 09:58:58 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Nov 23 08:44:59 2016 +0100 tests: updated crt_apis to include setting UTF-8 SAN Author: Nikos Mavrogiannopoulos Date: Wed Nov 23 08:17:13 2016 +0100 tests: updated crq_apis to include setting UTF-8 SAN Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 09:48:56 2016 +0100 gnutls_idna_map: check for printable data prior to mapping Author: Nikos Mavrogiannopoulos Date: Wed Nov 23 10:53:23 2016 +0100 gnutls_x509_aia_set: IDNA encode when needed Author: Nikos Mavrogiannopoulos Date: Wed Nov 16 14:48:59 2016 +0100 When writing alternative names to certificates ensure we write in ACE format Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 10:39:10 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 16:30:49 2016 +0100 tests: added pkcs7 verification with struct generated from openssl (with keyid) Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 15:44:35 2016 +0100 tests: added pkcs7 verification with struct generated from openssl Author: Nikos Mavrogiannopoulos Date: Fri Nov 25 10:23:00 2016 +0100 doc: added certificate for ECC with any purpose Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 16:40:15 2016 +0100 pkcs7: return GNUTLS_E_PK_SIG_VERIFY_FAILED on hash mismatch In addition introduce a new error code to warn about no embedded data. Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 16:33:18 2016 +0100 pkcs7: only print signer's issuer DN when DN has contents Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 14:51:15 2016 +0100 pkcs7: added recursive discovery of structure's signer This uses the PKCS#7 certificate list as a pool of certificates to generate a certificate chain that leads to our root CAs. Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 15:11:31 2016 +0100 pkcs7: on data verification failure log the signer Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 13:17:41 2016 +0100 tests: added complex verification example using PKCS#7 That uses multiple intermediate certificates from the PKCS#7 structure. Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 14:32:28 2016 +0100 doc: updated gnutls_x509_trust_list_verify_crt2() Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 13:14:16 2016 +0100 pkcs7: pass the verification flags down to gnutls_x509_trust_list_verify_crt2, in find_signer() This allows for flags like GNUTLS_VERIFY_DISABLE_TIME_CHECKS to apply when verifying PKCS#7 structures. Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 09:54:17 2016 +0100 pkcs7: corrected iteration over stored certificates This allows to use all possibly stored certificates on chain discovery, not only the first. Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 09:53:58 2016 +0100 pkcs7: added debug logging on verification discovery Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 14:54:46 2016 +0100 errors.h: added _gnutls_reason_log Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 09:49:13 2016 +0100 errors.h: added _gnutls_cert_log This log function allows to easily log the name of a certificate. Author: Andreas Schneider Date: Thu Nov 24 17:31:45 2016 +0100 certtool: One if check is enough Signed-off-by: Andreas Schneider Author: Nikos Mavrogiannopoulos Date: Thu Nov 24 08:37:47 2016 +0100 corrected log message [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed Nov 23 21:09:03 2016 +0100 gnutls_idna_map was prefixed with underscore to avoid clashes with exported symbols Author: Nikos Mavrogiannopoulos Date: Wed Nov 23 14:37:47 2016 +0100 more files to ignore Author: Nikos Mavrogiannopoulos Date: Wed Nov 23 14:30:48 2016 +0100 avoid the use of c_isascii() and use c_isprint() That latter detects correctly the printable characters we are interested in. Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 15:45:22 2016 +0100 tests: added unit tests for gnutls_idna_map() Author: Nikos Mavrogiannopoulos Date: Wed Nov 23 13:12:08 2016 +0100 IDNA code re-organization That introduces the internal function gnutls_idna_map(), which utilizes libidn and libunistring to convert hostnames to IDNA ACE form. Author: Nikos Mavrogiannopoulos Date: Tue Nov 22 16:57:01 2016 +0100 tests: updated outputs to reflect new fingerprint/keyid formats Author: Nikos Mavrogiannopoulos Date: Tue Nov 22 16:56:41 2016 +0100 tests: made tmp files unique Author: Nikos Mavrogiannopoulos Date: Tue Nov 22 16:43:25 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Nov 22 16:42:14 2016 +0100 Align the printing of a certificate's fingerprint with the key ID printing Author: Nikos Mavrogiannopoulos Date: Tue Nov 22 16:35:58 2016 +0100 Print a key's or certificate's key ID with SHA256 in addition to SHA1 Author: Nikos Mavrogiannopoulos Date: Tue Nov 22 16:18:01 2016 +0100 certtool: address compiler warnings Author: Nikos Mavrogiannopoulos Date: Tue Nov 22 09:31:19 2016 +0100 doc: document the RFC7613 normalization of passwords [ci skip] Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 21:16:28 2016 +0100 unistring: include only the required categories In addition fix the license text of the included library. Author: Nikos Mavrogiannopoulos Date: Wed Nov 16 15:50:39 2016 +0100 server_name: log server name sent Author: Nikos Mavrogiannopoulos Date: Wed Nov 16 16:47:15 2016 +0100 x509/output: improve log message on embedded null Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 12:00:28 2016 +0100 build-aux: added unused-parameter.h Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 11:36:43 2016 +0100 .gitlab-ci.yml: explicitly specify --with-included-unistring when needed Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 11:32:09 2016 +0100 hooks.m4: corrected typo Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 10:52:23 2016 +0100 .gitlab-ci.yml: ignore syntax-check issues caused by included unistring Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 10:11:32 2016 +0100 more files to ignore Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 09:38:38 2016 +0100 unconditionally include unistring code That simplifies internationalization support, at the cost of including a version of libunistring, which is used on systems which do not ship it. Author: Nikos Mavrogiannopoulos Date: Mon Nov 21 09:20:36 2016 +0100 lib: added unistring sub-library Author: Nikos Mavrogiannopoulos Date: Sun Nov 20 17:11:57 2016 +0100 updated auto-generated files for gnutls_utf8_password_normalize() Author: Nikos Mavrogiannopoulos Date: Sun Nov 20 17:08:55 2016 +0100 tests: enhanced str-unicode with GNUTLS_UTF8_IGNORE_ERRS flag That is, enhanced to check the tolerable variant of gnutls_utf8_password_normalize() Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 18:26:21 2016 +0100 .gitlab-ci.yml: added build without libunistring Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 10:42:32 2016 +0100 doc: mention the RFC7613 normalization and the libunistring dependency Author: Nikos Mavrogiannopoulos Date: Sun Nov 20 17:03:02 2016 +0100 tolerate non-valid UTF8 passwords when decrypting Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 14:42:26 2016 +0100 tests: addressed compiler warnings Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 14:40:19 2016 +0100 _gnutls_utf8_to_ucs2: normalize to NFC UTF16 output Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 14:31:24 2016 +0100 openssl_hash_password: normalize the password prior to use Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 12:55:22 2016 +0100 TPM: normalize the password prior to use Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 10:53:40 2016 +0100 _gnutls_calc_srp_sha: normalize the password prior to use Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 10:50:42 2016 +0100 gnutls_x509_crq_set_challenge_password: normalize the password prior to use Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 10:48:04 2016 +0100 PKCS#7/8: normalize the password according to rfc7613 Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 10:53:37 2016 +0100 gnutls.pc: use the LT version of the lib variables Author: Nikos Mavrogiannopoulos Date: Tue Nov 8 15:24:26 2016 +0100 Use libunistring when present instead of iconv() That allows us to rely to a single provider for unicode functionality. Author: Nikos Mavrogiannopoulos Date: Tue Nov 8 15:24:00 2016 +0100 tests: added unit tests for gnutls_utf8_password_normalize() Author: Nikos Mavrogiannopoulos Date: Tue Nov 8 13:00:16 2016 +0100 Added function for UTF-8 normalization based on RFC7613 This introduces gnutls_utf8_password_normalize() and a dependency on libunistring. Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 17:12:02 2016 +0100 tests: added test suite with PKCS#8 files that have invalid encryption Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 16:30:46 2016 +0100 PKCS#5,7 decryption: verify the correctness of padding That is, for block ciphers (i.e., cbc), verify that all the padding bytes match the expected contents according to RFC2898. Relates #148 Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 15:17:26 2016 +0100 PKCS#5,7 decryption: added sanity check on padding size Relates #148 Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 15:01:18 2016 +0100 PKCS#5,7 decryption: fail without leak on unknown MAC Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 14:54:00 2016 +0100 PKCS#5,7 decryption: fail early on invalid block sizes Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 14:47:13 2016 +0100 PKCS#5,7 decryption: enforce limits in the support parameter sizes This allows to detect invalid parameters early rather than later. Relates #148 Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 14:03:58 2016 +0100 updated auto-generated files for new functions Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 10:03:29 2016 +0100 pkcs7 output: use the new functions for DN output Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 09:52:16 2016 +0100 tests: account for the strict RFC4514 compliance reversal Test the new functions only for the strict RFC4514 compliance to output strings, and test the old functions for the legacy format. Author: Nikos Mavrogiannopoulos Date: Fri Nov 11 19:05:27 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 11 18:52:03 2016 +0100 x509 output: use the new functions for DN output Author: Nikos Mavrogiannopoulos Date: Fri Nov 11 18:31:37 2016 +0100 cleanups in _gnutls_buffer_to_datum() Author: Nikos Mavrogiannopoulos Date: Fri Nov 11 18:42:59 2016 +0100 certtool: use the new APIs for DN extraction Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 13:31:34 2016 +0100 _gnutls_x509_get_dn: when no data ensure we return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE This aligns with the previous (prior to RFC4514 improvements) behavior of the function. Author: Nikos Mavrogiannopoulos Date: Fri Nov 11 16:20:01 2016 +0100 Introduced new functions to allow multiple DN parsing modes The old DN parsing functions are changed to return the original non-fully compliant with RFC4514 string format, while the new ones return the compliant string by default. This allows applications which relied on the previous format to continue functioning without changes. Author: Nikos Mavrogiannopoulos Date: Wed Nov 9 17:19:48 2016 +0100 .gitlab-ci.yml: include root dir log files in all builds Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 11:06:26 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Nov 14 12:57:53 2016 +0100 gl: removed invalid module name Author: Nikos Mavrogiannopoulos Date: Sun Nov 13 17:08:35 2016 +0100 tools: added explicit socket flag to skip TLS initialization This allows proper error recovery when SOCKET_FLAG_RAW is specified and initialize_session() fails. Author: Nikos Mavrogiannopoulos Date: Sun Nov 13 16:41:43 2016 +0100 gnutls-cli-debug: terminate sessions which cannot be re-used Author: Nikos Mavrogiannopoulos Date: Sun Nov 13 16:15:42 2016 +0100 sockets: only use gnutls_bye on a valid socket session Author: Nikos Mavrogiannopoulos Date: Thu Nov 10 06:39:32 2016 +0100 p11tool: --initialize will no longer reset user PIN That is because it only resetted the user PIN and not the admin PIN, while at the same time it had problems to cope with the case where the URL changed between token initialization and PIN setting (which is the case if --label is provided to --initialize). Author: Nikos Mavrogiannopoulos Date: Thu Nov 10 06:34:50 2016 +0100 p11tool: added options to initialize a user and admin's PIN Author: Nikos Mavrogiannopoulos Date: Fri Nov 11 09:01:39 2016 +0100 gnutls_store_pubkey: document the default hosts format Author: Nikos Mavrogiannopoulos Date: Mon Nov 7 09:17:22 2016 +0100 _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success This will prevent verification to succeed if the system is in error state. Author: Nikos Mavrogiannopoulos Date: Mon Nov 7 09:11:24 2016 +0100 fips140-2: moved PCT-test in wrap_nettle_generate_keys This allows it to run in any potential scenario, i.e., any call of _gnutls_pk_generate_keys(). Author: Nikos Mavrogiannopoulos Date: Sat Nov 5 19:18:08 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sun Nov 6 10:03:35 2016 +0100 .gitlab-ci.yml: use included libtasn1 in CI systems which do not have 4.9 Author: Nikos Mavrogiannopoulos Date: Sat Sep 3 10:31:27 2016 +0200 bumped the version of the minimum required libtasn1 We now require the latest version that supports OIDs with elements that are longer than 32-bits. Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 11:16:12 2016 +0200 tests: added check for the decoding of certificates with long OIDs That is, OIDs which have an element which exceeds 2^32. Author: Nikos Mavrogiannopoulos Date: Fri Nov 4 10:42:58 2016 +0100 symbol-check: do not compare against symbols not exported by us Author: Nikos Mavrogiannopoulos Date: Fri Nov 4 09:49:41 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 4 09:34:55 2016 +0100 tests: updated known ciphersuites test for CHACHA20-POLY1305 in the SECURE set Author: Nikos Mavrogiannopoulos Date: Fri Nov 4 09:10:18 2016 +0100 priorities: added CHACHA20-POLY1305 to SECURE set Author: Nikos Mavrogiannopoulos Date: Fri Nov 4 08:15:24 2016 +0100 released 3.5.6 Author: Nikos Mavrogiannopoulos Date: Fri Nov 4 07:58:48 2016 +0100 bumped versions Author: Nikos Mavrogiannopoulos Date: Fri Nov 4 07:56:33 2016 +0100 symbols.last: updated auto-generated file Author: Nikos Mavrogiannopoulos Date: Wed Oct 19 10:27:26 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 10:18:09 2016 +0100 tests: added test to ensure that gnutls_rnd() is not called during initialization Author: Nikos Mavrogiannopoulos Date: Mon Oct 24 08:30:06 2016 +0200 doc: explicitly state that rng self_test mustn't require rng initialization Author: Nikos Mavrogiannopoulos Date: Mon Oct 17 14:10:08 2016 +0200 deprecated _gnutls_rnd() in favor of exported gnutls_rnd() Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 14:16:51 2016 +0200 rng: split initialization in preinit and init This makes gnutls to initialize its random generator on the first call to gnutls_rnd(). That prevents blocking due to getrandom() on a constructor; that change allows to use gnutls-linked applications even in early boot in systems where getrandom() blocks waiting for entropy. Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 11:40:12 2016 +0100 _gnutls_rnd_check: call _rnd_system_entropy_check directly Author: Nikos Mavrogiannopoulos Date: Wed Nov 2 18:07:13 2016 +0100 x509: removed unused IDNA file Author: Nikos Mavrogiannopoulos Date: Wed Nov 2 13:24:59 2016 +0100 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed Nov 2 08:29:25 2016 +0100 handshake: log advertized version Author: Nikos Mavrogiannopoulos Date: Wed Nov 2 08:13:38 2016 +0100 algorithms.h: removed exported prototype from internal header Author: Nikos Mavrogiannopoulos Date: Tue Nov 1 18:39:38 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 17:23:16 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 16:59:20 2016 +0100 tests: added decoding of multi-value DN Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 14:21:37 2016 +0100 x509_dn: forbid non-supported escaped chars on DN encoding Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 14:07:13 2016 +0100 tests: enhanced RFC4514 with arbitrary escaped strings Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 14:07:27 2016 +0100 x509_dn: allow arbitrary escaped strings In addition fail encoding on unescaped '+'. We do not support it for DN encoding. Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 14:46:49 2016 +0200 tests: modified to account for backwards-encoded DN (according to RFC4514) Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 13:18:17 2016 +0100 tests: removed old README file The description in the file had no relevance to the existing tests. Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 13:00:14 2016 +0100 gnutls_x509_crt_set_*dn, gnutls_x509_dn_set_str: honor the reverse property of RFC4514 When converting an RFC4514 string to a DN ensure that the elements are encoded in reverse order, as required by the RFC. Resolves #111 Author: Nikos Mavrogiannopoulos Date: Tue Jul 19 15:35:44 2016 +0200 Encode string DNs backwards according to RFC4514 This makes the output string from functions such as gnutls_x509_crt_get*dn() to comply with RFC4514 requirements in DN element order. Relates #111 Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 14:41:10 2016 +0100 Updated issue templates [ci skip] Author: Nikos Mavrogiannopoulos Date: Mon Oct 31 14:35:22 2016 +0100 Added issue templates [ci skip] Author: Nikos Mavrogiannopoulos Date: Sat Oct 29 23:45:18 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Sat Oct 29 23:31:00 2016 +0200 nettle: renamed system random generator-related files for clarity Author: Nikos Mavrogiannopoulos Date: Mon Oct 17 14:34:10 2016 +0200 tests: introduced checks for gnutls_rnd() in multi-threaded scenario Author: Nikos Mavrogiannopoulos Date: Mon Oct 17 14:33:53 2016 +0200 tests: introduced sanity checks in rng-fork Author: Nikos Mavrogiannopoulos Date: Mon Oct 24 08:30:29 2016 +0200 drbg-aes-self-test: corrected free call Author: Nikos Mavrogiannopoulos Date: Thu Oct 27 21:04:49 2016 +0200 tests: check for gnutls 3.3.x compatibility That is, check whether the status request extension is not sent by the server, if the server does not hold a status response. We require that behavior to be backwards compatible with gnutls 3.3.x. Author: Nikos Mavrogiannopoulos Date: Wed Oct 26 17:51:11 2016 +0200 Reverted the behavior of sending a status request extension even without a response That is, we no longer reply to a client's hello with a status request, with a status request extension. Although that behavior which was introduced in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is legal, it creates incompatibility issues with gnutls 3.3.x branch. That is because versions prior 3.3.26 translates the presence of the extension as a guarrantee that the status response data will be sent. Even though, that is false assumption we replicate the previous behavior to allow such clients to connect to a gnutls 3.5.x server. Relates !66 Author: Dmitry Baryshkov Date: Thu Oct 27 18:42:38 2016 +0300 tests: do not enable testpkcs11.sh twice Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Oct 22 14:24:16 2016 +0300 starttls: search for chat in sbin if it is not present in PATH Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Fri Oct 21 04:17:36 2016 +0300 Fix autoconf warnings in libopts.m4 Without this patch Autoconf will spam console with the following kind of messages: configure.ac:650: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body ../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from... ../../lib/autoconf/general.m4:2740: _AC_RUN_IFELSE is expanded from... ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... ../../lib/autoconf/general.m4:2759: AC_RUN_IFELSE is expanded from... ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... ../../lib/autoconf/general.m4:2042: AC_CACHE_VAL is expanded from... src/libopts/m4/libopts.m4:386: LIBOPTS_RUN_FOPEN_TEXT is expanded from... src/libopts/m4/libopts.m4:425: INVOKE_LIBOPTS_MACROS is expanded from... src/libopts/m4/libopts.m4:560: AM_COND_IF is expanded from... src/libopts/m4/libopts.m4:581: LIBOPTS_CHECK is expanded from... configure.ac:650: the top level Signed-off-by: Dmitry Eremin-Solenikov Author: Dmitry Baryshkov Date: Sat Oct 22 02:18:40 2016 +0300 cfg.mk: fix m4 files removal Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 17:45:03 2016 +0200 tests: better check for gnutls_ecc_curve_get result Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 17:30:43 2016 +0200 Terminate handshake if only unknown or disabled signatures are advertized by the peer That is, do not attempt to proceed assuming that the peer supports SHA-1. Author: Dmitry Baryshkov Date: Sat Oct 22 03:28:14 2016 +0300 Fix compilation of tests if nettle is not installed in standard path Signed-off-by: Dmitry Eremin-Solenikov Author: Nikos Mavrogiannopoulos Date: Tue Oct 25 08:03:32 2016 +0200 gnutls-cli-debug: corrected TLS1.2 detection Author: Nikos Mavrogiannopoulos Date: Mon Oct 24 08:33:42 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Oct 22 09:41:45 2016 +0200 modified the gnutls_certificate_set_key* change While the change was fully backwards compatible for applications that were adding a single certificate, and applications that were checking for negative errors codes, many applications do not. As this may cause incompatibility issues with software properly utilizing the previously documented API, the change is reverted, and applications need to explicitly enable a flag (GNUTLS_CERTIFICATE_API_V2) in the credentials structure for the set_key functions to return an index. Author: Nikos Mavrogiannopoulos Date: Wed Oct 19 23:06:59 2016 +0200 tests: removed nohats.ca from testdane The host seems to be unreliable. Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 16:43:47 2016 +0200 .travis.yml: use as many jobs as CPUs in OSX Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 16:14:32 2016 +0200 .travis.yml: do not run the public submodule checks of maint.mk These seem to be problematic to detect modification and are preventing the CI from operating. Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 13:16:50 2016 +0200 .travis.yml: simplified the submodule checkout The default submodule initialization in travis caused the MacOSX builds to fail. Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 13:15:19 2016 +0200 Added casts to prevent compiler warnings Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 13:14:57 2016 +0200 corrected typo Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 12:10:56 2016 +0200 README.md: corrected link to travius build Author: Nikos Mavrogiannopoulos Date: Thu Oct 20 15:58:38 2016 +0200 .travis.yml: added support for compiling in macosx Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 11:02:30 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 11:01:43 2016 +0200 tests: added checks for the new GNUTLS_NO_TICKETS flag Author: Nikos Mavrogiannopoulos Date: Fri Oct 21 10:26:13 2016 +0200 gnutls_init: added GNUTLS_NO_TICKETS flags These flags allow the callers to disable the automatically enabled session tickets. This could be done only with GNUTLS_NO_EXTENSIONS which also disabled other useful extensions. Author: Nikos Mavrogiannopoulos Date: Thu Oct 20 09:26:10 2016 +0200 tests: added pkcs11-privkey-export This checks whether the public parts of RSA private and public keys can be properly extracted from a PKCS#11 module. Author: Jakub Jelen Date: Wed Oct 19 13:41:55 2016 +0200 Expose CKA_PUBLIC_EXPONENT and CKA_MODULUS for private keys too Author: Jakub Jelen Date: Wed Oct 19 09:17:52 2016 +0200 tests/pkcs11: Return also CKA_CLASS Author: Jakub Jelen Date: Tue Oct 18 15:28:39 2016 +0200 tests/pkcs11: Expose SUBJECT for certificates, PUBLIC_EXPONENT and MODULUS for public keys to widen compatibility Author: Nikos Mavrogiannopoulos Date: Tue Oct 18 15:42:52 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Oct 18 13:45:34 2016 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Tue Oct 18 09:24:02 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Oct 18 10:13:56 2016 +0200 certtool: allow setting key purposes for non-CA certificates That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose. Author: Nikos Mavrogiannopoulos Date: Tue Oct 18 10:01:49 2016 +0200 certtool: introduce key purpose checks in p7 direct verification Author: Nikos Mavrogiannopoulos Date: Tue Oct 18 09:22:59 2016 +0200 x509: introduced gnutls_x509_crt_check_key_purpose() Author: Nikos Mavrogiannopoulos Date: Mon Oct 17 15:07:03 2016 +0200 gnutls_x509_crt_verify_data2: introduce constraints checks on the provided certificate That is check the provided certificate for validity in time and key usage. Author: Nikos Mavrogiannopoulos Date: Tue Oct 18 10:02:29 2016 +0200 tests: introduced verification constraints checks for PKCS#7 structures That is, key purpose checks and more elaborate time checks. Author: Nikos Mavrogiannopoulos Date: Mon Oct 17 12:00:41 2016 +0200 gnutls-serv: use the included known DH parameters by default Author: Nikos Mavrogiannopoulos Date: Mon Oct 17 11:54:51 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 12:02:31 2016 +0200 certtool: manpage update Author: Nikos Mavrogiannopoulos Date: Wed Oct 12 08:34:13 2016 +0200 getfuncs-map.pl: ignore the ffdhe exported parameters That is ignore the new variables exported which are not functions, and thus cannot be detected by getfuncs-map.pl. Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 19:26:44 2016 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 20:10:37 2016 +0200 tests: crl-test: use a unique temp file Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 20:01:27 2016 +0200 tests: added sanity check for included primes Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 19:36:26 2016 +0200 doc: discuss the set_known_dh_params and use it in the examples Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 19:25:52 2016 +0200 tests: check gnutls_psk_set_server_known_dh_params Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 19:22:25 2016 +0200 tests: check gnutls_anon_set_server_known_dh_params Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 19:12:16 2016 +0200 tests: check gnutls_certificate_set_known_dh_params Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 16:42:28 2016 +0200 DH: introduced gnutls_*_set_known_dh_params() That is, the functions gnutls_certificate_set_known_dh_params(), gnutls_anon_set_server_known_dh_params(), gnutls_psk_set_server_known_dh_params(). These functions allow to statically set the DH parameters, based on the RFC7919 FFDHE parameters. This can simplify server configuration by allowing DH without loading parameters from file. Relates #37 Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 16:18:22 2016 +0200 certtool: --get-dh-params will output the FFDHE primes instead of the SRP primes Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 16:05:57 2016 +0200 DH: export the FFDHE Diffie-Hellman values Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 16:13:29 2016 +0200 .gitlab-ci.yml: use fedora's mingw-cmocka packages Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 16:12:44 2016 +0200 more files to ignore Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 15:04:41 2016 +0200 tests: added check for PKCS#7 catalog file parsing and data extracting Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 15:46:05 2016 +0200 tests: updated pkcs7 text outputs to account for certtool update Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 14:55:57 2016 +0200 certtool: --p7-info will include the PKCS#7 encoded data in PEM format Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 14:50:25 2016 +0200 tests: replaced large test2.cat with a smaller file Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 13:13:26 2016 +0200 certtool: improve text on missing options for cert generation Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 12:57:31 2016 +0200 Revert "certtool: improve text on missing options for cert generation" This reverts commit 7daed1fd0602bce7495d252f1a9b638fc41e38d3. Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 10:22:07 2016 +0200 handshake: set a maximum number of warning messages that can be received per handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing. Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 10:08:35 2016 +0200 record: disallow parsing of alert messages prior to session start Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 10:07:58 2016 +0200 tests: added check to verify that the server will bail out after receiving only alerts Author: Nikos Mavrogiannopoulos Date: Fri Oct 14 09:59:22 2016 +0200 tests: added check to verify that the server will bail out after many alerts Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 17:01:16 2016 +0200 certtool: improve text on missing options for cert generation Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 16:55:00 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 16:51:19 2016 +0200 tools: removed redudant messages on PIN re-use Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 16:48:52 2016 +0200 p11tool: avoid asking the security officer PIN twice on initialization Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 16:41:04 2016 +0200 p11tool: improved messages on token initialization Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 16:37:45 2016 +0200 p11tool: corrected check of PIN existance in token initialization Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 13:10:52 2016 +0200 doc: set a default handshake timeout on example server Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 13:09:35 2016 +0200 serv: set a timeout value in handshake Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 08:56:45 2016 +0200 tests: added check for Encrypt-then-MAC under DTLS Author: Nikos Mavrogiannopoulos Date: Thu Oct 13 08:54:52 2016 +0200 tests: cleanups in tls-etm.c Author: Nikos Mavrogiannopoulos Date: Wed Oct 12 13:36:01 2016 +0200 gnutls_pkcs7_get_embedded_data: added GNUTLS_PKCS7_EDATA_GET_RAW flag This flag allows the export of the stored embedded data with any wrapping encoding included. This in particular, it allows to read the data from the microsoft catalog PKCS#7 structures, which store as embedded data elements of a SEQUENCE, but only authenticate the inner parts without the bytes forming the SEQUENCE header. Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 21:33:24 2016 +0200 configure: automatically disable non-suiteb curves That is, if the installed nettle doesn't provide the nettle_secp_192r1 symbol. Author: Nikos Mavrogiannopoulos Date: Sun Oct 9 20:41:18 2016 +0200 doc update Author: Colin Walters Date: Tue Oct 11 11:28:39 2016 -0400 priorities: Do read crypto policy files with mtime of zero In a default Fedora Atomic Host installation, `/etc/crypto-policies/backends/gnutls.config` is a symlink to the default in `/usr/share/`. On an OSTree-managed system, files in `/usr` have an mtime of zero (to help deduplication). The simple fix here is to still try to read the first time, even if the file has an mtime of zero. Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 14:11:27 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 13:55:56 2016 +0200 certtool: corrected use of gnutls_pkcs7_get_embedded_data() Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 13:06:48 2016 +0200 pkix.asn: simplified ASN.1 description by eliminating pkcs-7-ContentType Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 13:03:45 2016 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Tue Oct 11 11:30:28 2016 +0200 certtool: print the enacapsulated content OID on verification Author: Nikos Mavrogiannopoulos Date: Fri Oct 7 15:25:31 2016 +0200 tests: added checks for the decoding of various PKCS#7 structures Author: Nikos Mavrogiannopoulos Date: Fri Oct 7 15:19:16 2016 +0200 pkcs7: print the eContent type in output functions if it does not match the defaults Author: Nikos Mavrogiannopoulos Date: Fri Oct 7 12:06:37 2016 +0200 pkcs7: allow unknown and legacy signature data OIDs to be imported This allows to decode very old PKCS#7 structures where the content is not an octet string. In addition, it introduces gnutls_pkcs7_get_embedded_data_oid() to obtain the OID of the signature data. Author: Nikos Mavrogiannopoulos Date: Fri Oct 7 19:07:41 2016 +0200 certtool: --p7-info can be combined with --p7-show-data to display embedded data Author: Nikos Mavrogiannopoulos Date: Mon Oct 10 09:48:05 2016 +0200 lib: link with LTLIBDL instead of LIBDL It fixes compilation issues on some systems. Author: Nikos Mavrogiannopoulos Date: Sun Oct 9 20:01:06 2016 +0200 released 3.5.5 Author: Nikos Mavrogiannopoulos Date: Sun Oct 9 19:27:39 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sun Oct 9 19:04:30 2016 +0200 doc: mention gnutls_session_ext_register and its supplemental data equivalent Author: Nikos Mavrogiannopoulos Date: Sun Oct 9 18:56:52 2016 +0200 bumped version Author: Nikos Mavrogiannopoulos Date: Sun Oct 9 14:21:09 2016 +0200 TLS extensions: only cache the extension IDs from exts that the server supports That avoids imposing any artificial limits on the number of extensions that a server can handle. Resolves #136 Author: Nikos Mavrogiannopoulos Date: Sun Oct 9 14:05:07 2016 +0200 tests: check the registration of multiple extensions Author: Nikos Mavrogiannopoulos Date: Sat Oct 8 07:24:02 2016 +0200 doc: added gnutls_datum_t and giovec_t to indexes Resolves #137 Author: Nikos Mavrogiannopoulos Date: Fri Oct 7 15:24:25 2016 +0200 pkcs7: removed any limits in hex encoding of attributes Author: Nikos Mavrogiannopoulos Date: Fri Oct 7 16:10:19 2016 +0200 certtool: lift any limits in print_raw() Author: Nikos Mavrogiannopoulos Date: Fri Oct 7 14:17:52 2016 +0200 certtool: added safety net when generating a certificate request That is, do not allow specifying --generate-request --load-pubkey without specifying --load-privkey. Previously if --load-pubkey would have been used, it would have been ignored, causing confusion to the users. Author: Nikos Mavrogiannopoulos Date: Thu Oct 6 08:50:39 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 20:10:46 2016 +0200 Makefile.am: improved the files-update output Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 20:09:21 2016 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 13:51:05 2016 +0200 _gnutls_utf8_to_ucs2: force NFC normalization form in windows Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 11:04:54 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 11:41:23 2016 +0200 tests: added checks for gnutls_session_supplemental_register Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 11:33:55 2016 +0200 Added session-specific supplemental data handling This allows a caller to add supplemental data handling which will only be made available for a specific session. Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 10:43:29 2016 +0200 tests: added checks for gnutls_session_ext_register Author: Nikos Mavrogiannopoulos Date: Fri Sep 30 18:53:09 2016 +0200 Added session-specific TLS extensions This allows a caller to add extensions which will be made available for a specific session. Author: Ludovic Courtès Date: Wed Oct 5 14:30:33 2016 +0200 guile: Implement session record ports using the Guile 2.2 API. This allows the Guile bindings to be built and used with Guile >= 2.1.4, which introduced a new port API. * guile/src/core.c (USING_GUILE_BEFORE_2_2): New macro. (session_record_port_type) [!USING_GUILE_BEFORE_2_2]: New definition. (read_from_session_record_port, write_to_session_record_port) (make_session_record_port) [!USING_GUILE_BEFORE_2_2]: New functions. Conditionalize the other same-named functions on USING_GUILE_BEFORE_2_2. (scm_init_gnutls_session_record_port_type): Use 'read_from_session_record_port' when !USING_GUILE_BEFORE_2_2. Author: Ludovic Courtès Date: Wed Oct 5 14:30:32 2016 +0200 guile: Test 'set-session-transport-fd!'. * guile/tests/session-record-port.scm: Use 'set-session-transport-fd!' on the server side. Author: Ludovic Courtès Date: Wed Oct 5 14:30:31 2016 +0200 guile: Guile 2.x 'uniform-vector-read!' replacement returns 0 upon EOF. This problem was never hit in practice because our tests always got the non-EOF case. * guile/modules/gnutls/build/tests.scm (uniform-vector-read!) [guile-2]: Return 0 upon EOF. Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 10:01:20 2016 +0200 win32: install the .def files in libdir instead of bindir Suggested by Eli Zaretskii. Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 08:48:57 2016 +0200 certtool: include arpa/inet.h unconditionally That is because we use inet_pton() which is either provided by the OS, or by gnulib. Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 08:46:08 2016 +0200 gnutls-cli: fix compilation warning in win32 Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 08:44:05 2016 +0200 Fixed the version in libgnutls-openssl.def file Previously the version set in that file would have been (incorrectly) equal to the version of the main library. Author: Nikos Mavrogiannopoulos Date: Wed Oct 5 08:34:51 2016 +0200 tests: avoid using %zd for formatted output It is not supported by windows. Author: Nikos Mavrogiannopoulos Date: Tue Oct 4 16:20:44 2016 +0200 tests: skip tests which depend on libidn functionality if build without libidn Author: Nikos Mavrogiannopoulos Date: Tue Oct 4 15:55:08 2016 +0200 tests: fixed compilation of pkcs11-privkey-always-auth Author: Nikos Mavrogiannopoulos Date: Tue Oct 4 15:10:22 2016 +0200 Fix build of system/keys-win.c with older mingw Patch by Eli Zaretskii Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 14:48:49 2016 +0200 tests: introduced further parallelization in provable* tests This runs independent verification steps in parallel, improving running time significantly. Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 14:40:06 2016 +0200 tests: provable-dh-default check is too slow and is only run when the complete suite is requested Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 14:25:06 2016 +0200 tests: split provable-privkey into multiple checks This allows the tests to be run in parallel. Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 14:17:52 2016 +0200 tests: provable-dh was split into two programs This allows the test to be run more efficiently when run in parallel. Author: Nikos Mavrogiannopoulos Date: Fri Sep 30 16:48:54 2016 +0200 .gitlab-ci.yml: do not run the full test suite on valgrind test This allows the CI test to run on reasonable time. Author: Nikos Mavrogiannopoulos Date: Fri Sep 30 14:16:01 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Sep 26 13:00:36 2016 +0200 more files to ignore Author: Nikos Mavrogiannopoulos Date: Fri Sep 30 13:08:53 2016 +0200 devel/openssl: updated to 1.1.0 release Author: Nikos Mavrogiannopoulos Date: Thu Sep 29 15:41:23 2016 +0200 aarch64: added optimized AES-CCM mode Author: Nikos Mavrogiannopoulos Date: Tue Sep 27 21:43:05 2016 +0200 Imported Andy Polyakov's implementation of AES-GCM in aarch64 Author: Nikos Mavrogiannopoulos Date: Mon Sep 26 11:55:37 2016 +0200 Imported Andy Polyakov's implementation of AES in aarch64 Author: Nikos Mavrogiannopoulos Date: Thu Sep 29 13:36:55 2016 +0200 Added HMAC-SHA* optimizations for aarch64 Author: Nikos Mavrogiannopoulos Date: Fri Sep 23 14:55:37 2016 +0200 Imported Andy Polyakov's implementations for SHA* in aarch64 Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 12:53:43 2016 +0200 fix zero-termination in _gnutls_server_name_set_raw() for large server names Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 12:56:07 2016 +0200 _gnutls_check_id_for_change: added check for NULL username This is not required, but may prevent from issues if code-reorganizations which may set a NULL username, occur. Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 12:58:17 2016 +0200 gnutls_*_crt_print: better error checking Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 10:29:29 2016 +0200 tests: added test for CKA_ALWAYS_AUTHENTICATE handling in PKCS#11 This checks whether GnuTLS properly calls login prior to any sign operations when the object is marked as CKA_ALWAYS_AUTHENTICATE. Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 11:11:55 2016 +0200 pkcs11: improved debugging output in pkcs11_login Author: Nikos Mavrogiannopoulos Date: Mon Oct 3 10:22:44 2016 +0200 name constraints: removed unused variable Author: Nikos Mavrogiannopoulos Date: Fri Sep 30 13:25:41 2016 +0200 tools: clarify errors when reading files Previously certtool and ocsptool would report: ``` $ certtool --generate-request --load-privkey=foo --outfile=bar Generating a PKCS #10 certificate request... reading --load-privkey: foo ``` And that doesn't make apparent what the issue was. Modified to print: ``` error reading --load-privkey: foo ``` Report and initial patch by Thibault Nélis. Resolves !97 Author: Nikos Mavrogiannopoulos Date: Wed Sep 28 07:41:13 2016 +0200 p11tool: doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Sep 27 23:42:01 2016 +0200 Removed C99 constructions in for-loops These constructions although valid for C99 they are being rejected by various compilers. Get rid of them. Author: Daiki Ueno Date: Tue Sep 27 11:04:16 2016 +0200 certtool: print correct size of EC keys Previously certtool complained about key size if --curve is given: $ certtool --generate-privkey --ecc --curve secp256r1 --outfile key.pem Generating a -2147483646 bit EC/ECDSA private key... Note that ECDSA keys with size less than 256 are not widely supported. Author: Nikos Mavrogiannopoulos Date: Tue Sep 27 09:51:56 2016 +0200 p11tool: documented the p11-kit relevancy of distrust and stapled Author: Nikos Mavrogiannopoulos Date: Tue Sep 27 09:39:09 2016 +0200 pkcs11: forbid PKCS#11 extensions to be used in other than trust modules That is, only use the CKA_X_DISTRUSTED and the extension override in p11-kit trust modules, to avoid conflicts with potentially other PKCS#11 extensions. Author: Nikos Mavrogiannopoulos Date: Tue Sep 27 11:46:24 2016 +0200 .gitlab-ci.yml: enabled valgrind tests build Author: Nikos Mavrogiannopoulos Date: Tue Sep 27 11:44:16 2016 +0200 tests: allow handshake-large-packet to run under valgrind That is, initialize the allocated buffers with a known value. Author: Nikos Mavrogiannopoulos Date: Mon Sep 26 14:24:31 2016 +0200 p11tool: introduced the --mark-distrusted and --distrusted options This allows to mark objects as distrusted, as well as list all distrusted certificates (blacklisted) for a p11-kit trust module as: p11tool --list-all-certs --distrusted Author: Nikos Mavrogiannopoulos Date: Mon Sep 26 14:23:24 2016 +0200 pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED This allows to mark objects as distrusted, as well as to be able to list distrusted objects. Author: Nikos Mavrogiannopoulos Date: Mon Sep 26 14:00:32 2016 +0200 pkcs11: only staple extensions from a trust module when they are from a non-distrusted certificate That is, make sure that the API for stapling extensions is only used for non-distrusted (blacklisted) certificates. The reason is to avoid duplicate extension entries from the p11-kit trust database. These come from blacklisted certificates, and we have no reason to support stapled extensions with blacklisted certificates. Author: Nikos Mavrogiannopoulos Date: Mon Sep 26 13:47:19 2016 +0200 p11tool: allow to export a certificate with its stapled extensions Author: Nikos Mavrogiannopoulos Date: Mon Sep 26 08:12:52 2016 +0200 gnutls_oid_to_ecc_curve: fix null pointer dereference This addresses issue where an unknown curve would cause a null pointer dereference. This was introduced with the addition of X25519. Reported by Theofilos Petsios. Author: Nikos Mavrogiannopoulos Date: Fri Sep 23 16:01:07 2016 +0200 Only send the status request extension on cert authentication That is, do not both asking for it, or replying to it, if we are not using any certificates. Author: Nikos Mavrogiannopoulos Date: Thu Sep 22 14:49:57 2016 +0200 gdoc: improved the detection and display of escaped characters (@%) This allows to properly display strings like %COMPAT and @SYSTEM in the manual and the manpages. Author: Nikos Mavrogiannopoulos Date: Thu Sep 22 13:46:19 2016 +0200 doc: gnutls_priority_init: fixed %COMPAT [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Sep 22 12:08:45 2016 +0200 .gitlab-ci.yml: corrected debian build's dependency Author: Nikos Mavrogiannopoulos Date: Thu Sep 22 11:07:45 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Sep 21 17:59:18 2016 +0200 On client side allow signing with the signature algorithm of our cert That allows to sign for example with DSA-SHA1 as client even if we do not allow DSA-SHA1 as signature algorithm for server's certificate. This allows to use a deprecated certificate without enabling deprecated algorithms globally. Author: Nikos Mavrogiannopoulos Date: Thu Sep 22 11:01:22 2016 +0200 _gnutls_session_get_sign_algo: always return GNUTLS_SIGN_UNKNOWN on failure Author: Nikos Mavrogiannopoulos Date: Thu Sep 22 10:35:13 2016 +0200 tests: added check for server-side ECDSA keys These tests check whether a server ECDSA key will be rejected by the client in case the client has no ECDSA signature algorithms available. Author: Nikos Mavrogiannopoulos Date: Thu Sep 22 09:54:12 2016 +0200 tests: added check for client-side DSA key This checks whether a client can use and send a DSA key, even if DSA is not enabled (which should prohibit the server from providing a DSA certificate). Author: Nikos Mavrogiannopoulos Date: Thu Sep 22 09:21:06 2016 +0200 certtool: do not require a certificate to generate a PKCS#12 file That is, allow generating PKCS#12 files with private keys only as well. Author: Nikos Mavrogiannopoulos Date: Tue Sep 20 09:00:23 2016 +0200 .gitlab-ci.yml: added debian build Author: Nikos Mavrogiannopoulos Date: Tue Sep 20 14:31:12 2016 +0200 README.md: depend on softhsm2 and net-tools on debian Author: Nikos Mavrogiannopoulos Date: Mon Sep 19 15:36:21 2016 +0200 tests: mini-server-name: skip invalid UTF-8 check if compiled without libidn This allows the test suite to run in systems without libidn. Reported by Thomas Klausner. Author: Nikos Mavrogiannopoulos Date: Mon Sep 19 14:55:24 2016 +0200 tests: added the macros test_fail() and test_success() These macros allow test programs which run multiple checks, to report the name of the check failed. Modified mini-server-name and x509-dn-decode to use the macro. Author: Nikos Mavrogiannopoulos Date: Mon Sep 19 18:55:59 2016 +0200 cfg.mk: removed invalid rule in web target Author: Nikos Mavrogiannopoulos Date: Mon Sep 19 14:24:10 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Sep 19 14:12:56 2016 +0200 added debugging message when session fails due to handshake hash buffer Author: Nikos Mavrogiannopoulos Date: Mon Sep 19 08:02:14 2016 +0200 tests: check whether large packets are allowed on the handshake Author: Nikos Mavrogiannopoulos Date: Mon Sep 19 08:01:24 2016 +0200 Do not allow sending overflowed extensions field That is, restrict the extensions to a 2^16 total size. Author: Nikos Mavrogiannopoulos Date: Mon Sep 19 07:42:41 2016 +0200 tests: minor improvements in mini-extension This will improve recovery from error conditions. Author: Nikos Mavrogiannopoulos Date: Fri Sep 16 13:12:50 2016 +0200 Increased the maximum size allowed for handshake messages to 128kb This would allow the library to cope with larger packets, as well as TLS 1.3 hellos. Suggested by Hubert Kario. Author: Nikos Mavrogiannopoulos Date: Sat Sep 17 12:52:41 2016 +0200 tests: added check for insecure key That is, a check which verified whether a connection to a server with a very small key will fail the certificate verification check. Author: Nikos Mavrogiannopoulos Date: Sat Sep 17 11:43:45 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Sep 17 11:31:29 2016 +0200 Introduced separate error codes for invalid private and public keys This allows functions like decryption and verification to report the specific issue they encountered on public key error. The new codes are GNUTLS_E_PK_INVALID_PUBKEY and GNUTLS_E_PK_INVALID_PRIVKEY Author: Nikos Mavrogiannopoulos Date: Thu Sep 15 16:50:26 2016 +0200 .gitlab-ci.yml: no longer require gnutls-devel This package is no longer needed to run abi-check. Author: Nikos Mavrogiannopoulos Date: Thu Sep 15 16:49:37 2016 +0200 Makefile: abi-check no longer require gnutls headers to be installed This addresses the issue of requiring gnutls-devel in the CI system to run abi-check. Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 15:17:29 2016 +0200 doc: remove the conditional self_test functions Also prevent them by re-entering the documented functions list by restricting the header files that contribute functions to the known list defined by $(HEADER_FILES). Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 10:37:54 2016 +0200 Makefile.am: introduced 'make files-update' rule This rule updates the makefiles in doc/ and the kept symbol list. This allows for easier automation of the symbol change 'make dist' breakages. Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 10:33:00 2016 +0200 manpages: delete comparison temp file Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 10:30:09 2016 +0200 Makefile.am: symbol changes were made more elaborate During make dist, the makefile will report the appropriate symbol change message with instructions and fail. Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 10:02:48 2016 +0200 updated doc and symbol files for gnutls_certificate_set_ocsp_status_request_function2 Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 10:00:42 2016 +0200 Makefile.am: print the symbols.last diff on make dist This allows to manually verify the contents before overriding the old file. Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 17:23:07 2016 +0200 doc: allow creation of gnutls.epub without running epub-fix Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 15:50:52 2016 +0200 .gitlab-ci.yml: use nproc as argument to 'make -j' That way, we use as many make processes, as the number of CPUs in the CI system. Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 15:31:13 2016 +0200 .gitlab-ci.yml: added build which runs 'make dist' This tests whether the manpages, info, html, pdf and epub manual are properly generated, and whether any new functions were included into makefiles. Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 15:30:07 2016 +0200 doc: fixed the epub documentation generation Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 20:18:03 2016 +0200 gnutls_certificate_set_ocsp_status_request_file: mention version it was enhanced Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 20:11:28 2016 +0200 doc: corrected typo Author: Alex Monk Date: Mon Sep 12 18:24:49 2016 +0100 Add ECDHE-* to the priority string docs for key exchange algorithms GNUTLS_KX_ECDHE_PSK was added in 2.99.3 (released 2011-06-18) The other two were added in 2.99.2 (released 2011-05-26) Signed-off-by: Alex Monk Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 08:54:42 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 08:49:10 2016 +0200 .gitlab-ci.yml: added check for position dependent code Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 08:46:51 2016 +0200 Makefile.am: added check for position dependent code This check will verify that the generated library doesn't contain position dependent code. It depends on elf utilities. Author: Nikos Mavrogiannopoulos Date: Tue Sep 13 08:38:36 2016 +0200 openssl asm: reverted to AESNI-x86 code to gnutls 3.4.x code The newer code was creating position dependent code. Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 11:59:37 2016 +0200 tests: added checks to verify server understanding of UTF8 hostnames This verifies whether a server can understand and serve requests which contain UTF-8 server names. Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 11:51:07 2016 +0200 tests: set_key: fixed the time override Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 11:23:25 2016 +0200 tests: set_key: enabled failure_mode test Also eliminated memory leaks related to it. Author: Nikos Mavrogiannopoulos Date: Sat Sep 10 10:50:43 2016 +0200 Added IDNA support in server side Any server names provided to server side by the gnutls_certificate_set_* functions, are converted to IDNA format for comparison with client provided values. Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 10:52:18 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 10:48:10 2016 +0200 .gitlab-ci.yml: restrict the freebsd builds to local branches only Author: Alex Monk Date: Sun Sep 11 22:10:14 2016 +0100 Add SIGN-ECDSA-SHA* to the priority strings docs There were added in version 2.99.2, 2011-05-26 Signed-off-by: Alex Monk Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 10:22:37 2016 +0200 gnutls_certificate_set_*key: ensure proper cleanup on key mismatch failures That is, ensure that we keep no local references that are shared with the caller, and that we properly free all initialized values. Author: Nikos Mavrogiannopoulos Date: Mon Sep 12 10:23:48 2016 +0200 tests: check key mismatch on gnutls_certificate_set_*key That is, check whether these functions can successfully recover from such condition, without leaks or double freeing. Author: Nikos Mavrogiannopoulos Date: Thu Sep 8 15:32:06 2016 +0200 tests: added unit testing for gnutls_certificate_set_ocsp_status_request_function2 Author: Nikos Mavrogiannopoulos Date: Thu Sep 8 15:14:37 2016 +0200 tests: added unit tests for gnutls_certificate_set_x509_key() In addition these tests verify that the expected index is returned and that can be used with gnutls_certificate_get_crt_raw() afterwards. Author: Nikos Mavrogiannopoulos Date: Thu Sep 8 15:03:00 2016 +0200 tests: enhanced set_x509_key tests to include index verification That is, verify that correct indexes are returned, and these can be used with gnutls_certificate_get_crt_raw() afterwards. Author: Nikos Mavrogiannopoulos Date: Thu Sep 8 13:48:30 2016 +0200 tests: enhanced set_x509_key_file tests to include index verification That is, verify that correct indexes are returned, and these can be used with gnutls_certificate_get_crt_raw() afterwards. Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 17:55:38 2016 +0200 tests: more checks for functionality of gnutls_certificate_set_ocsp_status_request_file This introduces checks for the cases where gnutls_certificate_set_ocsp_status_request_file() is called with multiple indexes, to set an OCSP response for different certificates. The tests then verify whether the expected OCSP response is received. Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 14:49:35 2016 +0200 Added gnutls_certificate_set_ocsp_status_request_function2 That introduces a new function to allow setting an OCSP status request handling function per certificate. Furthermore it repurposes the flag parameters to an index option on gnutls_certificate_set_ocsp_status_request_file. The changes above allow setting a different OCSP status response file per certificate, and a different function. The indexes they rely on to associate with existing certs are the indexes returned by the gnutls_certificate_set_key() and friends functions. Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 13:38:19 2016 +0200 All the key and chain set functions return an index When setting key and certificate material to a gnutls_certificate_credentials_t structure, the corresponding set functions will return an index. That index could be used later either on the get functions, or when setting corresponding data (e.g., an OCSP response). Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 13:29:54 2016 +0200 doc: clarifications in gnutls_certificate_set_ocsp_status_request_function() Author: Andreas Metzler Date: Sun Sep 11 16:00:57 2016 +0200 Typo fixes found by lintian. incosistent, ommited Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 20:24:43 2016 +0200 .gitlab-ci.yml: added code-coverage output to clang build Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 19:40:25 2016 +0200 .gitlab-ci.yml: the code-coverage command will always succeed This works around random failures while calculating the code coverage. Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 19:37:45 2016 +0200 .gitlab-ci.yml: moved commonly installed packages into the before_script field Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 12:57:04 2016 +0200 .gitlab-ci.yml: added syntax check build Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 12:51:11 2016 +0200 cfg.mk: revived 'make release' Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 12:21:59 2016 +0200 several spacing fixes to keep syntax-check happy Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:51:37 2016 +0200 avoid the usage of '-a' and '-o' bash options This keeps syntax-check happy. Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:44:58 2016 +0200 avoid the usage of strncpy Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:40:51 2016 +0200 removed signal.h from files that wasn't used at Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:38:35 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:38:08 2016 +0200 gnutls_x509_cidr_to_rfc5280: removed double semi-colon Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:37:32 2016 +0200 removed c-ctype.h from files that wasn't used at Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:36:27 2016 +0200 configure.ac: quote parameters when needed Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:35:51 2016 +0200 removed assert.h from files that wasn't used at Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:34:53 2016 +0200 POTFILES: added libdane files Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:25:15 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sun Sep 11 11:23:15 2016 +0200 tests/tools: avoid non-null check before free() Author: Nikos Mavrogiannopoulos Date: Sat Sep 10 23:02:13 2016 +0200 latex manual: added backwards compatibility options Author: Nikos Mavrogiannopoulos Date: Sat Sep 10 11:04:51 2016 +0200 .gitlab-ci.yml: windows DLL builds now include all required dependencies Also improved naming conventions for builds Author: Nikos Mavrogiannopoulos Date: Sat Sep 10 07:49:59 2016 +0200 inet_ntop4: casted signed/unsigned comparison Author: Nikos Mavrogiannopoulos Date: Sat Sep 10 07:48:22 2016 +0200 system.h: undefine macros before defining them Author: Nikos Mavrogiannopoulos Date: Sat Sep 10 07:44:21 2016 +0200 _gnutls_fbase64_decode: use memsub macro instead of casts Author: Nikos Mavrogiannopoulos Date: Fri Sep 9 15:04:52 2016 +0200 gnutls-cli: use gnutls_set_default_priority if no priorities are given Author: Nikos Mavrogiannopoulos Date: Fri Sep 9 15:01:05 2016 +0200 gnutls-serv: removed '...' from documentation That caused caused problems in generated manpage. Author: Nikos Mavrogiannopoulos Date: Fri Sep 9 13:59:05 2016 +0200 configure: better document the random generator variant used Author: Nikos Mavrogiannopoulos Date: Thu Sep 8 07:30:33 2016 +0200 released 3.5.4 Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 22:44:08 2016 +0200 .gitlab-ci.yml: corrected wrong operation in minimal build Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 22:25:47 2016 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 22:20:10 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 13:17:56 2016 +0200 bumped versions Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 13:16:41 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 09:30:18 2016 +0200 tests: do not run pkcs12-utf8 under windows This test required to pass UTF8 data under command line, and that doesn't seem to work under windows. Author: Nikos Mavrogiannopoulos Date: Wed Sep 7 08:45:24 2016 +0200 _gnutls_ucs2_to_utf8: corrected use of WideCharToMultiByte in windows Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 18:45:17 2016 +0200 tests: added debugging info in conv-utf8 Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 16:45:19 2016 +0200 tests: don't build cmocka tests with libutils - they conflict Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 15:58:59 2016 +0200 .gitlab-ci.yml: keep config.log in windows builds Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 15:14:01 2016 +0200 .gitlab-ci.yml: corrected typo for libidn installation in windows64 Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 14:52:54 2016 +0200 .gitlab-ci.yml: install our internal cmocka for windows Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 13:18:10 2016 +0200 tests: added unit tests of _gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8 Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 11:40:36 2016 +0200 libgnutls.map: export _gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8 for testing Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 14:49:07 2016 +0200 pkcs12: enhanced to allow encrypting using UCS2 passwords That is use _gnutls_utf8_to_ucs2() to convert the provided password to UCS2. Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 15:56:19 2016 +0200 _gnutls_ucs2_to_utf8: fixed null termination check in windows code Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 14:48:24 2016 +0200 Added _gnutls_utf8_to_ucs2() This function allows to convert between UTF8 to UCS2 big-endian. Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 14:23:13 2016 +0200 tests: added tests for PKCS#12 decoding with UTF8 passwords Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 14:34:07 2016 +0200 pkcs7 encryption: corrected memory leaks Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 14:54:30 2016 +0200 Makefile: local-code-coverage-output always succeeds Author: Martin Ukrop Date: Fri Sep 2 10:30:54 2016 +0200 x509: Adjust IP name constraints behavior - Modified IPv4/IPv6 interaction in name constraints -- IPv4 and IPv6 no have empty intersection (previously: were treated independently). - Current behavior is more conservative -- in case of IPv4 constraint cert, subcerts will not be able to have IPv6 addresses. - Tests updated accordingly. - Behavior now matches NSS. Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 09:05:59 2016 +0200 tests: added checks to verify behavior in writing pkcs11 objects That is, verify that private keys are marked as private by default, and public objects are marked as non-private by default. Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 09:00:20 2016 +0200 p11tool: eliminated memory leak in --list options Author: Nikos Mavrogiannopoulos Date: Tue Sep 6 08:49:01 2016 +0200 p11tool: do not mark written objects as private by default That is, when --mark-private or --no-mark-private are not specified, set non-private for public objects and private for private ones. Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 18:16:57 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 18:15:25 2016 +0200 minitasn1: updated to latest git version Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 18:08:50 2016 +0200 _gnutls_encode_ber_rs_raw: simplified That is, use a single allocation for temporary data. Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 13:05:17 2016 +0200 .gitlab-ci.yml: use fedora24 with address sanitizer The fix in fbb9618b25b77c65e24a6ce224d53bc9a0b81457 addresses the problems with asan in fedora24. Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 13:01:31 2016 +0200 tests: use LSAN_OPTIONS instead of ASAN_OPTIONS New versions of address sanitizer do not parse this file otherwise. Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 09:48:24 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 09:41:30 2016 +0200 tests: corrected detection of 64-bit systems in softhsm.h Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 09:37:51 2016 +0200 tests: added check for PKCS#11 signature validity That is, tests whether our generated DSASignatureValue with PKCS#11 contains r, s values that are non-negative, i.e., are zero padded when necessary. This utilizes _gnutls_decode_ber_rs_raw(). Author: Nikos Mavrogiannopoulos Date: Mon Sep 5 09:29:24 2016 +0200 Introduced helper function _gnutls_decode_ber_rs_raw() Author: Nikos Mavrogiannopoulos Date: Sat Sep 3 11:39:57 2016 +0200 _gnutls_encode_ber_rs_raw: zero-pad values when necessary This addresses issue when encoding values obtained via PKCS#11 which may not be necessarily padded. Resolves #122 Author: Nikos Mavrogiannopoulos Date: Sat Sep 3 10:23:49 2016 +0200 tests: template-test: use uniform way to detect 32-bit systems Author: Nikos Mavrogiannopoulos Date: Thu Sep 1 12:35:55 2016 +0200 .gitlab-ci.yml: use the gitlab.com shared runners This removes the need to administer custom runners (except for the FreeBSD runner which cannot run under Linux), makes the testing on other platforms such as Debian simpler, and allows merge requests to pass through the CI. Author: David Woodhouse Date: Tue Aug 30 15:26:27 2016 +0100 Import DTLS sliding window validation from OpenConnect ESP code In this implementation, the end of the sliding window is always advanced to the latest received packet, and we accept up to 64 packets before that one. We no longer refuse to accept packets because they are *too* far ahead of what we've already seen. Some of the test cases are fixed up accordingly. This matches the code in OpenConnect esp-seqno.c at commit 314ac65. Author: Jussi Kukkonen Date: Wed Aug 31 11:04:06 2016 +0300 tools: Use correct include dir with minitasn This allows compiling certtool without libtasn headers. Author: Nikos Mavrogiannopoulos Date: Mon Aug 29 14:16:16 2016 +0200 nettle: removed unused variable in windows rng Author: Nikos Mavrogiannopoulos Date: Mon Aug 29 13:52:24 2016 +0200 tests: don't run danetool.sh when not compiled with dane support Author: Nikos Mavrogiannopoulos Date: Mon Aug 29 13:48:04 2016 +0200 tests: mini-dtls-record: modified expected order to account for new SW behavior Author: Nikos Mavrogiannopoulos Date: Mon Aug 29 13:02:54 2016 +0200 dtls: ensure that the DTLS window doesn't get stalled That is ensure that it is forwarded at least one place if more than 16 packets have been received since the first one. Author: Nikos Mavrogiannopoulos Date: Mon Aug 29 13:25:23 2016 +0200 tests: enhance the DTLS window unit test to account for lost packets This adds tests for cases where many lost packets are encountered, such as 50% of the packets received, as well as 3 consequent packets being lost. Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 16:52:19 2016 +0200 README.md: added coverage report [ci skip] Author: David Woodhouse Date: Sun Aug 28 21:42:34 2016 +0100 gnutls_pkcs12_simple_parse: set the key value to null on failure Author: Nikos Mavrogiannopoulos Date: Sun Aug 28 00:55:30 2016 +0200 tests: added basic operational check of gnutls_ocsp_resp_get_single() Author: Nikos Mavrogiannopoulos Date: Sun Aug 28 00:40:49 2016 +0200 gnutls_ocsp_resp_get_single: reorganized function to eliminate memory leaks Simplified and optimized the function operation, by removing unecessary memory allocations, as well as eliminate memory leaks on certain error cases. Author: Nikos Mavrogiannopoulos Date: Sat Aug 27 17:00:22 2016 +0200 ocsp: corrected the comparison of the serial size in OCSP response Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't. Reported by Stefan Buehler. Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 11:35:50 2016 +0200 tools: eliminated memory leaks in deinitialization Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 11:28:51 2016 +0200 tools: allow socket_bye() to be used for non-polite terminations Author: Nikos Mavrogiannopoulos Date: Fri Aug 26 11:14:19 2016 +0200 tests: added suppressions.valgrind in ocsp-tests Author: Nikos Mavrogiannopoulos Date: Thu Aug 25 15:48:03 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Aug 25 15:46:06 2016 +0200 tests: added check for the decoding of pbes1-des-md5 key Author: Nikos Mavrogiannopoulos Date: Thu Aug 25 17:27:16 2016 +0200 pkcs8: cleaned up PKCS#8 decoding from common code with PKCS#7 Author: Nikos Mavrogiannopoulos Date: Thu Aug 25 15:40:28 2016 +0200 pkcs8: added support for decryption with PBES1-DES-CBC-MD5 While this is a legacy (and insecure) cipher combination it is the default output of openssl up until the 1.0.2 version. We introduce this option to allow decrypting private keys from these versions of openssl. Author: raspa0 Date: Thu Aug 25 10:58:22 2016 +0200 fix memleak in pkcs11_get_random Author: Nikos Mavrogiannopoulos Date: Thu Aug 25 09:57:55 2016 +0200 ocsptool: reduce memory leaks on execution Author: Nikos Mavrogiannopoulos Date: Wed Aug 24 14:09:13 2016 +0200 tests: enable ocsp-must-staple-connection check Author: Nikos Mavrogiannopoulos Date: Wed Aug 24 16:17:20 2016 +0200 doc: be more explicit about the usage of gnutls_global_init/deinit [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed Aug 24 14:41:33 2016 +0200 tests: don't use piped tee in pkcs8-decode It would prevent error codes from being detected in the tests. Author: Nikos Mavrogiannopoulos Date: Wed Aug 24 14:04:52 2016 +0200 ocsptool: corrected bug in session establishment Author: Nikos Mavrogiannopoulos Date: Wed Aug 24 13:57:00 2016 +0200 tests: ocsp-tls-connection: no longer check for netcat; it was not needed Author: Nikos Mavrogiannopoulos Date: Wed Aug 24 13:39:43 2016 +0200 tests: added decoding of key with pbes2 and SHA256 PRF Author: Nikos Mavrogiannopoulos Date: Wed Aug 24 13:32:04 2016 +0200 Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRF This improves compatibility with new openssl versions. Author: Nikos Mavrogiannopoulos Date: Wed Aug 24 10:49:13 2016 +0200 Ported openssl format fix from openconnect Patch by David Woodhouse Author: raspa0 Date: Wed Aug 24 06:15:03 2016 +0000 src/pkcs11.c: fix mech_list out-of-bounds check Author: Philippe Proulx Date: Mon Aug 15 01:13:16 2016 -0400 gnutls_record_recv(): doc: push -> pull Signed-off-by: Philippe Proulx Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 16:32:34 2016 +0200 rnd-linux: added check for SYS_getrandom being defined This allows to compile the getrandom() code in old Linux systems which do not have the system call defined. Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 16:29:09 2016 +0200 libdane: include minitasn1 headers Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 17:11:53 2016 +0200 gnutls-cli: do not exit if fast open is not supported Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 13:21:07 2016 +0200 gnutls-cli: added bufferring in starttls read of packets Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 13:34:44 2016 +0200 tests: added basic test of STARTTLS over FTP for gnutls-cli Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 09:03:41 2016 +0200 tests: added basic starttls functionality testing on gnutls-cli Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 09:13:50 2016 +0200 gnutls-cli: exit with error code 2 on starttls errors Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 08:57:23 2016 +0200 tests: fixed fastopen.sh to operate from cmd Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 08:47:57 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 08:46:04 2016 +0200 gnutls-cli: fixed the behavior when --starttls or --starttls-proto is given The change of moving the handshake process as part of the socket establishment broke the starttls functionality in gnutls-cli. This change fixes that functionality. Reported by Andreas Metzler. Author: SUMIT AGGARWAL Date: Fri Aug 19 11:58:39 2016 +0200 Fix HANDLE_LEAK and memory leak issues. Author: Nikos Mavrogiannopoulos Date: Mon Aug 22 08:18:15 2016 +0200 gnutls-cli: print 'Handshake was completed' The change of moving the handshake process as part of the socket establishment, prevented the text 'Handshake was completed' from being printed as part of a successful handshake. That message was used by applications like gnus which use gnutls-cli. This patch reverts that change and prints that message on successful handshakes. Author: Nikos Mavrogiannopoulos Date: Wed Aug 10 14:43:03 2016 +0200 tests: openpgp-certs tests were moved to cert-tests Author: Nikos Mavrogiannopoulos Date: Wed Aug 10 14:07:03 2016 +0200 gnutls_key_generate: fail if the state of the library is invalid Suggested by Stephan Mueller. Author: Nikos Mavrogiannopoulos Date: Wed Aug 10 13:35:33 2016 +0200 tests: mini-dtls-hello-verify: ignore SIGPIPE to avoid unexpected crashes Resolves: #119 Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 12:00:57 2016 +0200 gnutls_safe_renegotiation_status: changed return type to unsigned Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 11:12:16 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 10:54:09 2016 +0200 tests: removed unused variables from tests Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 10:45:00 2016 +0200 doc update Author: Martin Ukrop Date: Thu Jun 23 12:11:18 2016 +0200 tests: Add tests for X509 IP constraints - Add dedicated test file name-constraints-ip for IP tests. - Test the following: * Generation and saving of valid name constraints. * Trying to save invalid IP constraints. * Reading the saved constraints. * constraints_check() calls for both IPv4 and IPv6. * IP constraints intersection (simple, empty, mediocre, complicated). * IPv4/IPv6 constraints interaction and various corner cases. - IPs/CIDRs are printed in logs in case of failure. - Add 2 new chain tests (positive, negative). - Add generated test executable to ignored files. Signed-off-by: Martin Ukrop Author: Martin Ukrop Date: Wed Jun 29 11:25:59 2016 +0200 x509: Add support for IP constraints - IP constraints are now checked against the subject alternative name field. - Implemented IP name constraints merging. - Added IP constraints validity checking during loading and getting the name constraints object from the user. - Add a convenience function name_constraints_node_new that allocates a name constraints node and sets its fields. Use this new function where applicable. - Add documentation for is_nc_empty, _gnutls_name_constraints_node_free, _gnutls_name_constraints_intersect. - Small improvements elsewhere (polishing). Signed-off-by: Martin Ukrop Author: Martin Ukrop Date: Wed Aug 3 19:40:55 2016 +0200 tests: Add more IP conversion unit tests - Renamed ip-in-cidr test to ip-utils. - Added built binary to .gitignore. - Added new tests for gnutls_x509_cidr_to_rfc5280. Signed-off-by: Martin Ukrop Author: Nikos Mavrogiannopoulos Date: Tue Aug 2 15:28:52 2016 +0200 tests: added unit test for ip_in_cidr function Author: Martin Ukrop Date: Wed Jun 29 11:23:40 2016 +0200 x509: Separate out IP handling functions - Moved IP/CIDR to string conversion functions into separate header and export privately for the use in tests. - Placed ip_in_cidr() into separate header for easy testing - Add publicly available function to convert text CIDR to RFC5280 format for the use in name constraints extension. - certtool: Use GnuTLS exported CIDR functions instead of local ones. - Export mask_to_prefix, mask_ip for internal GnuTLS use. - Introduce new error value (malformed cidr) and add to description functions in errors.c. Signed-off-by: Martin Ukrop Author: Martin Ukrop Date: Thu Jun 23 12:33:15 2016 +0200 tests: Add corner case tests for name constraints, improve doc - Added corner case test suite for DNS name constraints. - Documentation update in chain tests. Signed-off-by: Martin Ukrop Author: Martin Ukrop Date: Fri Jul 8 11:59:47 2016 +0200 Add more ignored files * .tmp and .swp for text editor files * Makefile.user created by Qt Creator * gl/tests/ctype.h as it is generated from ctype.h.in Signed-off-by: Martin Ukrop Author: Stefan Sørensen Date: Mon Aug 8 13:31:18 2016 +0200 Change ca3 and related certificate to include an intermediate CA in the chain. Also update a bunch of test-cases to support chains with an intermediate CA. Signed-off-by: Stefan Sørensen Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 10:14:08 2016 +0200 Revert "tests: check gnutls_certificate_get_x509_crt with more than one certificates" This reverts commit f7d884720b128ef86f6b9dc9fc498be89faf1732. Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 09:35:03 2016 +0200 tests: do not run srp test when no SRP support is compiled in Author: Nikos Mavrogiannopoulos Date: Mon Aug 8 11:49:04 2016 +0200 tests: moved child status error checking code in utils.h Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 07:46:42 2016 +0200 latex: updated sources for new functions Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 07:28:27 2016 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Tue Aug 9 07:23:36 2016 +0200 released 3.5.3 Author: Nikos Mavrogiannopoulos Date: Mon Aug 8 16:30:10 2016 +0200 gnutls_transport_set_fastopen: added flags options This will allow minor modifications to the semantics of the function in the future, without introducing a new API. Author: Nikos Mavrogiannopoulos Date: Mon Aug 8 16:22:42 2016 +0200 doc update Author: Stefan Sørensen Date: Mon Aug 8 13:31:15 2016 +0200 Fix gnutls_pkcs12_simple_parse to always extract the complete chain gnutls_pkcs12_simple_parse was only collecting extra certificates that was possible elements of the certificate chain when the extra_certs argument was not NULL. Fix by allways collecting all the certificates, any unneeded certificates are released before returning if extra_certs is NULL anyway. Signed-off-by: Stefan Sørensen Author: Nikos Mavrogiannopoulos Date: Mon Aug 8 16:08:29 2016 +0200 tests: check gnutls_certificate_get_x509_crt with more than one certificates This would detect the issue in the "Fix invalid pointer operation in gnutls_certificate_get_x509_crt" Author: Stefan Sørensen Date: Mon Aug 8 13:31:17 2016 +0200 tests: Use common ca3 test certificates in x509cert, x509dn and x509self tests. Signed-off-by: Stefan Sørensen Author: Stefan Sørensen Date: Mon Aug 8 13:31:16 2016 +0200 tests: Remove zero-termination of gnutls_datum encapsulated certificates This allows for memcmp comparison with certificates after processing. Signed-off-by: Stefan Sørensen Author: Stefan Sørensen Date: Mon Aug 8 13:31:14 2016 +0200 Fix invalid pointer operation in gnutls_certificate_get_x509_crt The access to the allocated crt_list variable was missing a pointer dereference, leading to memory corruption for any certificate list with more than one element. Signed-off-by: Stefan Sørensen Author: Nikos Mavrogiannopoulos Date: Sun Aug 7 12:56:21 2016 +0200 tests: added check for errors when importing illegal RSA keys Author: Nikos Mavrogiannopoulos Date: Sun Aug 7 12:45:03 2016 +0200 x509: call the fixup functions after loading private keys That way we can better report errors which relate to illegal parameters being detected. Author: Nikos Mavrogiannopoulos Date: Sun Aug 7 12:06:39 2016 +0200 nettle: use rsa_*_key_prepare on key import Previously we calculated the size of the key directly, but by using the rsa_*_key_prepare we benefit from any checks that may be introduced in the future. Specifically any checks for invalid public keys (e.g., keys that may crash the underlying gmp functions). This patch avoids calling rsa_private_key_prepare every time we construct a nettle private key struct, because this function requires a bigint multiplication. We call that function once on private key import. Author: Nikos Mavrogiannopoulos Date: Sun Aug 7 11:53:19 2016 +0200 tests: added missing backslash in key-tests Makefile Author: Nikos Mavrogiannopoulos Date: Mon Aug 8 08:25:31 2016 +0200 Revert "nettle: use rsa_*_key_prepare" This reverts commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2. Author: Nikos Mavrogiannopoulos Date: Sun Aug 7 11:41:47 2016 +0200 gnutls.h: moved all compatibility defines outside the enum Author: Nikos Mavrogiannopoulos Date: Sun Aug 7 11:31:36 2016 +0200 prepared for release 3.5.3 Author: Nikos Mavrogiannopoulos Date: Fri Aug 5 15:55:47 2016 +0200 tests: use gnutls_record_set_timeout instead of kill child processes That way we avoid issues like #118 which are caused by killing the child process, and we also avoid deadlocks by making sure that recv will terminate after a long delay. Author: Nikos Mavrogiannopoulos Date: Fri Aug 5 15:52:17 2016 +0200 tests: mini-record modify in a way to be more fail safe That is, do not kill the child, but instead switch the roles of child and parent, and add a timeout on recv to avoid infinite delays. Relates: #118 Author: Nikos Mavrogiannopoulos Date: Fri Aug 5 15:20:48 2016 +0200 pkcs11: is_object_pkcs11_url -> is_pkcs11_url_object Renamed function for clarity. Author: Nikos Mavrogiannopoulos Date: Fri Aug 5 09:46:14 2016 +0200 tests: ignore sigpipe in mini-record Author: Nikos Mavrogiannopoulos Date: Fri Aug 5 09:30:14 2016 +0200 gnutls_fips140_mode_enabled: changed return type to unsigned Author: Nikos Mavrogiannopoulos Date: Thu Aug 4 13:58:54 2016 +0200 doc: updated contribution guide with more info on test suite [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Aug 4 10:22:50 2016 +0200 gnutls_pkcs11_privkey_status: return type changed to unsigned Author: Nikos Mavrogiannopoulos Date: Thu Aug 4 09:57:04 2016 +0200 doc: added section on SCTP protocol [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Aug 2 13:46:05 2016 +0200 tests: client-fastopen: removed seccomp conditional Author: Nikos Mavrogiannopoulos Date: Tue Aug 2 13:34:18 2016 +0200 fastopen: improved error checking at connect() Author: Nikos Mavrogiannopoulos Date: Mon Aug 1 10:48:46 2016 +0200 nettle: use rsa_*_key_prepare Previously we calculated the size of the key directly, but by using the rsa_*_key_prepare we benefit from any checks that may be introduced in the future. Specifically any checks for invalid public keys (e.g., keys that may crash the underlying gmp functions). Author: Nikos Mavrogiannopoulos Date: Fri Jul 29 15:00:06 2016 +0200 gnutls_transport_set_fastopen: doc update Author: Nikos Mavrogiannopoulos Date: Fri Jul 29 13:47:27 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Jul 29 12:19:25 2016 +0200 getrandom: use SYS_getrandom instead of __NR_getrandom These are identical definitions, but according to syscall() SYS_getrandom is the expected value. Author: Martin Ukrop Date: Wed Jul 27 15:41:08 2016 +0200 x059: Fix asymmetry in name constraints intersection - In _gnutls_name_constraints_intersect, if *_nc had a node of some type not present in _nc2, this was preserved. However, if it was vice versa (_nc2 having a type not present in *_nc), this node was discarded. - This is now fixed. - Removed redundant return value check that was accidentally left when refactoring from set_datum to explicit NULL setting. Signed-off-by: Martin Ukrop Author: Martin Ukrop Date: Tue Jul 26 17:44:53 2016 +0200 tests: Add and improve chain tests - Add a new chaintest testing the symmetry of merging name constraints of different types. - Rename old name_constraints_but_no_name test to match other name constraints tests. - Improve chain description of older name constraints tests. Signed-off-by: Martin Ukrop Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 14:34:15 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:41:11 2016 +0200 configure: do not generate makefiles in removed dirs Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:37:31 2016 +0200 tests: updated paths for new location of p12 files Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:34:34 2016 +0200 tests: safe renegotiation tests are run from top dir Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:30:18 2016 +0200 tests: srp tests moved outside subdir Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:24:55 2016 +0200 tests: moved sha2 tests into cert-tests/ Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:20:25 2016 +0200 tests: moved ecdsa tests to key-tests/ Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:13:39 2016 +0200 tests: moved dsa tests into key-tests/ Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:08:57 2016 +0200 tests: moved pkcs8 tests to key-tests/ Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:04:31 2016 +0200 tests: key-tests: moved data files into data/ subdir Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 12:59:33 2016 +0200 tests: moved pkcs12 tests into cert-certs/ subdir Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 11:23:43 2016 +0200 more files to ignore Author: Tim Rühsen Date: Thu Jul 28 09:55:27 2016 +0200 Require compiler to support C99 Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 13:59:26 2016 +0200 doc update Author: Tim Kosse Date: Sat Jul 9 13:03:55 2016 +0200 Add test for gnutls_x509_crt_list_import2 with flag GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED. Author: Tim Kosse Date: Sat Jul 9 12:24:33 2016 +0200 gnutls_x509_crl_list_import2 was ignoring the passed flags if all CTLs in the list fit within the initially allocated memory. Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 10:51:40 2016 +0200 gnutls_certificate_get_peers may return an unsorted list Author: Tim Kosse Date: Sat Jul 9 11:53:52 2016 +0200 gnutls_x509_crt_list_import2 was ignoring the passed flags if all certificates in the list fit within the initially allocated memory. Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 10:37:00 2016 +0200 x509: parse_tlsfeatures: move limit check at the point of addition This prevents appending failures when verifying chains on certificates which use the maximum allowed number of features. Suggested by Tim Kosse. Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 10:33:06 2016 +0200 tests: removed irrelevant comment Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 10:31:25 2016 +0200 correct the sign type of integers in debug message Suggested by Tim Kosse Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 10:29:18 2016 +0200 verify_crt: simplified error setting based on suggestion by Tim Kosse. Author: Nikos Mavrogiannopoulos Date: Thu Jul 28 10:12:46 2016 +0200 verify_crt: removed text on parameter no longer being present Author: Nikos Mavrogiannopoulos Date: Wed Jul 27 23:36:20 2016 +0200 x509: avoid using int declaration within a for-loop This addresses compilation problem with old compilers, and brings consistency as this type of declaration is not used in gnutls' code. Author: Nikos Mavrogiannopoulos Date: Wed Jul 27 23:32:28 2016 +0200 gnutls_global_init/deinit: don't use any locking during constructor This ensures that there is no deadlock on unexpected errors, such as missing symbols (e.g., on lazy linking). Reported by Ludovic Courtès. Author: Nikos Mavrogiannopoulos Date: Wed Jul 27 23:27:07 2016 +0200 rnd-linux: use better define check for linux systems Author: Nikos Mavrogiannopoulos Date: Wed Jul 27 13:10:28 2016 +0200 gnutls_prf: document when its output matches gnutls_prf_rfc5705 Author: Nikos Mavrogiannopoulos Date: Wed Jul 27 11:05:59 2016 +0200 doc: gnutls_session_set_id: added since Author: Nikos Mavrogiannopoulos Date: Wed Jul 27 10:38:47 2016 +0200 .gitlab-ci.yml: keep the guile logs as artifacts on test suite failure Author: Nikos Mavrogiannopoulos Date: Wed Jul 27 09:20:52 2016 +0200 doc update Author: David Walker Date: Wed Jul 20 12:43:26 2016 +0100 Add extra dependency flags This fixes the build when the dependencies are split up during a cross-compile Resolves: #113 Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 15:14:33 2016 +0200 moved system-keys-win.c and system-key-dummy.c under system/ Author: Nikos Mavrogiannopoulos Date: Mon Jul 25 15:47:19 2016 +0200 split system.c to various files under system/ Author: Nikos Mavrogiannopoulos Date: Mon Jul 25 16:26:39 2016 +0200 gnutls.h: giovec_t is a typedef to iovec where that is available Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 13:37:43 2016 +0200 tests: added unit test for linux _rnd_get_system_entropy This tests whether the function can operate as expected while being interrupted by signals. Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 12:03:54 2016 +0200 getrandom: loop around getrandom to get the requested number of bytes This simplifies and enhanced the previous error handling code. Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 11:45:30 2016 +0200 README.ci-runners: document asan and ubsan tags Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 15:17:35 2016 +0200 tests: removed pkcs1-padding from subdirs Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 15:10:49 2016 +0200 .gitignore: more tests files to ignore Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 14:59:34 2016 +0200 configure.ac: don't generate makefiles of moved tests Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 14:57:44 2016 +0200 tests: pkcs1-pad: moved to cert-tests Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 14:55:25 2016 +0200 tests: userid test moved to cert-tests/ Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 14:51:59 2016 +0200 tests: rsa-md5-collision: run from top-level Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 14:29:45 2016 +0200 doc: updated documentation for gnutls_transport_set_int* Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 13:59:04 2016 +0200 doc: added section on reducing round-trips That discusses TCP fast open with gnutls_transport_set_fastopen(), and false start. Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 11:38:32 2016 +0200 tests: added test of gnutls_transport_set_fastopen Author: Tim Rühsen Date: Mon Jul 25 13:05:30 2016 +0200 tests: added test of TCP fast open using gnutls-cli and gnutls-serv Author: Tim Rühsen Date: Mon Jul 25 13:08:28 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 10:33:24 2016 +0200 tools: TLS handling has been incorporated into socket_open() This is of particular usage to the server IP address loop, since we can detect fast open errors and retry handshake to the next IP address. Author: Tim Rühsen Date: Mon Jul 25 13:04:11 2016 +0200 gnutls-cli: added example usage of TCP fastopen It is enabled with the new --fastopen option. Author: Tim Rühsen Date: Mon Jul 25 13:00:12 2016 +0200 Support TCP Fast Open This introduces a new function gnutls_transport_set_fastopen(). Signed-off-by: Nikos Mavrogiannopoulos Signed-off-by: Tim Ruehsen Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 11:09:56 2016 +0200 .gitlab-ci.yml: added asan tag for builds which require asan Author: Nikos Mavrogiannopoulos Date: Tue Jul 26 11:08:12 2016 +0200 tests: pkcs11-privkey-fork: added explicit pkcs11 deinitialization Also ignore known leaks for p11-kit. Author: Nikos Mavrogiannopoulos Date: Mon Jul 25 11:43:08 2016 +0200 mention ubsan in README [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Jul 21 20:14:39 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Jul 22 14:11:25 2016 +0200 tests: added checks for OCSP response file support That is, check the usability of the APIs for setting and using an ocsp response. This improves and makes more generic the test suite API and test_cli_serv() in particular. Author: Nikos Mavrogiannopoulos Date: Fri Jul 22 15:36:55 2016 +0200 dtls: added a null pointer check in record_overhead According to my reading this check is unnecessary as in no case a null pointer can be encountered. However gcc6 warns about a null pointer derefence and thus adding it, to be safe. Author: Nikos Mavrogiannopoulos Date: Fri Jul 22 14:43:49 2016 +0200 gnutls_x509_crt_check_hostname*: use unsigned a return value This is to prevent issues to callers who may check for negative error values. Author: Nikos Mavrogiannopoulos Date: Fri Jul 22 11:17:08 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Fri Jul 22 11:08:32 2016 +0200 introduced: GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE This error code is returned when the session resumption parameters are requested during a handshake. That is, to increase the clarity when requesting these parameters while false start is active and the handshake is not complete even if gnutls_handshake() has returned. Relates #114 Author: Nikos Mavrogiannopoulos Date: Thu Jul 21 18:58:24 2016 +0200 tests: added check of the return values of resumption data functions during false start Relates #114 Author: Nikos Mavrogiannopoulos Date: Fri Jul 22 10:57:37 2016 +0200 doc: mention that the session data functions will fail prior to handshake completion Author: Martin Ukrop Date: Wed Jul 20 14:52:00 2016 +0200 x509: Fix DNS name constraints checking - If the intersection of name constraints of the given type was empty, the results allowed all names instead of none. - Fixed by adding an universal excluded name constraint in case the intersection for the particular type is empty. - Moved the logic of creating a name constraint node copy from _gnutls_name_constraints_intersect to name_constraints_intersect_nodes (previously name_constraints_match), as intersecting IP addresses will require further processing (not just taking one of the compared nodes as was the implementation till now). - GNUTLS_SAN_MAX added in order to comfortably iterate over SAN type enum. Author: Martin Ukrop Date: Wed Jul 20 14:29:40 2016 +0200 tests: Add DNS name constraints tests - One chaintest with empty permitted intersection. - Merge testset with 2 permitted constraints with empty intersection (intersected list is completely empty). - Merge testset with 3 permitted constraints, 2 of which have empty intersection. - Merge testset with 2 permitted constraints with empty intersection and one constraints of different type that remains (intersected list is not empty). - Enhance failing function with suite number for easier comprehension. Author: Martin Ukrop Date: Wed Jul 20 14:28:20 2016 +0200 tests: Tidy up old X509 name constraints tests - Use convenience functions for error checking and failure reporting. - Drop explicit (de)initialization (prevents some not reed reachable memory due to PKCS11 subsystem not being deinitialized in the destructor). - Use variables to count set permitted/excluded constraints instead of hard-coded numbers. Author: Nikos Mavrogiannopoulos Date: Thu Jul 21 16:07:56 2016 +0200 doc: clarify return codes in verification functions [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Jul 21 16:02:42 2016 +0200 gnutls_certificate_verify_peers2: document that hostname comparison follows RFC6125 Author: Nikos Mavrogiannopoulos Date: Thu Jul 21 11:53:46 2016 +0200 rnd-getentropy: better handling of error printing with errno Author: Nikos Mavrogiannopoulos Date: Thu Jul 21 11:51:05 2016 +0200 rnd-linux: make getrandom back-end robust against EINTR failures Author: Nikos Mavrogiannopoulos Date: Wed Jul 20 13:36:38 2016 +0200 gnutls_init: doc update Author: Nikos Mavrogiannopoulos Date: Wed Jul 20 13:31:18 2016 +0200 tests: verify that GNUTLS_NONBLOCK is available as a definition Author: Nikos Mavrogiannopoulos Date: Wed Jul 20 13:23:16 2016 +0200 gnutls.h: define elements of gnutls_init_flags_t That is, define all the elements that were available prior the move from #define to enum, to allow code relying on Author: Nikos Mavrogiannopoulos Date: Wed Jul 20 13:07:44 2016 +0200 gnutls.h: documented the version various gnutls_init flags were introduced Author: Nikos Mavrogiannopoulos Date: Wed Jul 20 11:27:35 2016 +0200 Moved the gnutls_x509_dn API functions to x509_dn.c Author: Nikos Mavrogiannopoulos Date: Tue Jul 19 15:12:13 2016 +0200 tests: enhanced DN decoding tests with complex encoding Author: Nikos Mavrogiannopoulos Date: Tue Jul 19 14:43:52 2016 +0200 RFC4514 DN decoding: allow decoding of raw ('#') items In addition allow escaping prefix or suffix spaces as well as the hash. Author: Nikos Mavrogiannopoulos Date: Tue Jul 19 14:21:16 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jul 19 14:10:08 2016 +0200 tests: enhanced DN decoding tests with encoding This adds unit tests for gnutls_x509_dn_set_str(). Author: Nikos Mavrogiannopoulos Date: Tue Jul 19 14:09:06 2016 +0200 Added gnutls_x509_dn_set_str() This allows initializing a gnutls_x509_dn_t structure via a DN string. Author: Nikos Mavrogiannopoulos Date: Tue Jul 19 13:45:08 2016 +0200 tests: utils: use vasprintf() where available This allows printing long strings. Author: Nikos Mavrogiannopoulos Date: Tue Jul 19 13:35:13 2016 +0200 tests: added checks for the RFC4514 decoding via gnutls_x509_dn_get_str() Author: Tim Rühsen Date: Tue Jul 19 12:08:23 2016 +0200 Remove redundant if expression from tests/mini-loss-time.c Author: Tim Rühsen Date: Tue Jul 19 11:08:10 2016 +0200 Fix tests/slow/cipher-openssl-compat.c for OpenSSL 1.1.0 Author: Nikos Mavrogiannopoulos Date: Mon Jul 18 18:02:25 2016 +0200 cfg.mk: no longer save config.rpath Author: Nikos Mavrogiannopoulos Date: Mon Jul 18 16:36:27 2016 +0200 removed auto-generated files from the repository Author: Nikos Mavrogiannopoulos Date: Sun Jul 17 09:37:22 2016 +0200 tests: removed an skipped failures due to bugs in softhsm 2.0.0 These are no longer an issue as the CI has been updated to softhsm 2.1.0, which addresses them, and they prevented catching the GNUTLS-SA-2016-2 regression. Author: Nikos Mavrogiannopoulos Date: Sat Jul 16 18:12:27 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Jul 16 17:19:02 2016 +0200 Dropped support for EGD random generator This removes rarely tested code for systems which no longer exist and simplifies code for Linux random generator. Resolves #112 Author: Nikos Mavrogiannopoulos Date: Fri Jul 15 21:55:04 2016 +0200 configure: prevent a version of getentropy() in a linux libc to be used For now, we auto-detect and switch between getrandom() and /dev/urandom when the former is not available. With the complexity of dealing with libc's that have the feature but kernel not supporting it, or vice versa it is best keep things simple. Author: Nikos Mavrogiannopoulos Date: Fri Jul 15 21:38:02 2016 +0200 rnd-linux: added sanity check in getrandom output Author: Nikos Mavrogiannopoulos Date: Fri Jul 15 18:57:01 2016 +0200 nettle: split the rnd-common to rnd-windows, rnd-getentropy, and rnd-linux That is, to the windows random generator as well as the getentropy() generator in BSDs, as well as the getrandom(), /dev/urandom, and EGD generators on Linux systems. Author: Nikos Mavrogiannopoulos Date: Fri Jul 15 18:51:14 2016 +0200 rnd-common: added faster detection of getrandom based on GRND_NONBLOCK Author: Nikos Mavrogiannopoulos Date: Fri Jul 15 15:31:16 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Jul 15 14:58:07 2016 +0200 urandom: use st_ino and st_rdev to determine device uniqueness Author: Nikos Mavrogiannopoulos Date: Fri Jul 15 14:34:38 2016 +0200 Added auto-detection of getrandom() system call in Linux systems In addition use getrandom() via the syscall interface if it doesn't exist in Libc. The reason for the latter is that getrandom() support for glibc is in limbo for several years, and for auto-detection is that even if it is going to be present in libc we will not be able to guarrantee that the system call is available just because it is present in glibc. For that we detect on initialization whether getrandom() can obtain random data, and if yes, we continue using that. Author: Nikos Mavrogiannopoulos Date: Fri Jul 15 13:58:16 2016 +0200 tests: seccomp examples: use cert-common.h Author: Nikos Mavrogiannopoulos Date: Thu Jul 14 10:00:19 2016 +0200 tests: enhanced arbitrary extension tests with octet_string encoding Author: Nikos Mavrogiannopoulos Date: Thu Jul 14 09:43:28 2016 +0200 certtool: added the ability to encode arbitrary extensions That is, added the ability to encode as an octet string any specified extension data. Author: Nikos Mavrogiannopoulos Date: Thu Jul 14 09:21:16 2016 +0200 .gitlab-ci.yml: added expiration time of a week for failure artifacts Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 16:36:39 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 16:31:47 2016 +0200 tests: added basic testing of gnutls_x509_crq_set_extension_by_oid() Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 16:13:12 2016 +0200 tests: added checks on certificate and request generation with arbitrary extensions This tests the add_extension and add_critical_extension options of certtool. Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 11:43:10 2016 +0200 certtool: added options to set arbitrary extensions to certificates and requests This allows setting arbitrary extensions using the following new template options: add_extension = "5.6.7.8 0x0001020304050607AAABCD" add_critical_extension = "9.10.11.12.13.14.15.16.17.1.5 0xCAFE" The "0x" prefix can be omitted. Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 11:41:14 2016 +0200 added gnutls_x509_crq_set_extension_by_oid() This is a function to add an arbitrary extension into a certificate request. Author: Nikos Mavrogiannopoulos Date: Wed Jul 13 13:20:10 2016 +0200 doc: mention the need of libtasn1-tools in Fedora based systems [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed Jul 13 12:11:57 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 10:54:09 2016 +0200 doc: mention libcmocka dependency Author: Nikos Mavrogiannopoulos Date: Sat Jul 9 14:52:42 2016 +0200 tests: added unit testing for DTLS sliding window implementation This was taken from the unit testing of AF_KTLS. Author: Nikos Mavrogiannopoulos Date: Fri Jun 10 23:14:03 2016 +0200 dtls: imported Fridolin's DTLS sliding window implementation This simplifies the current code, and reduces the memory needed. Author: Nikos Mavrogiannopoulos Date: Fri Jun 10 22:42:21 2016 +0200 dtls: moved DTLS window handling to separate file Author: Nikos Mavrogiannopoulos Date: Tue Jul 12 18:37:53 2016 +0200 ex-client-x509: removed unused call to gnutls_session_set_ptr() Author: Nikos Mavrogiannopoulos Date: Tue Jul 12 14:48:14 2016 +0200 libtasn1: updated to allow large OIDs to be used even on 32-bit systems Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 17:44:28 2016 +0200 doc: updated contribution guide Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 17:43:04 2016 +0200 doc: updated contribution guide Author: Nikos Mavrogiannopoulos Date: Mon Jul 11 17:19:16 2016 +0200 tests: link the resume tests to gnulib due to their missing memmem() This fixes compilation of gnutls in solaris. Reported by Dagobert Michelsen. Author: Nikos Mavrogiannopoulos Date: Fri Jul 8 14:26:38 2016 +0200 NEWS: corrected release date [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Jul 7 22:55:48 2016 +0200 .gitlab-ci.yml: keep the artifacts on failure Author: Nikos Mavrogiannopoulos Date: Thu Jul 7 21:00:56 2016 +0200 write_nss_key_log: write the premaster secret while it is still valid Author: Nikos Mavrogiannopoulos Date: Thu Jul 7 20:55:03 2016 +0200 updated libtasn1 Author: Nikos Mavrogiannopoulos Date: Wed Jul 6 08:43:58 2016 +0200 released 3.5.2 Author: Nikos Mavrogiannopoulos Date: Tue Jul 5 18:40:32 2016 +0200 cfg.mk: reduced the generated changelog size Author: Nikos Mavrogiannopoulos Date: Tue Jul 5 18:37:15 2016 +0200 bumped version Author: Nikos Mavrogiannopoulos Date: Tue Jul 5 12:03:51 2016 +0200 tests: ignore any memory leaks from libcrypto Author: Nikos Mavrogiannopoulos Date: Tue Jul 5 11:33:54 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Jul 1 13:51:18 2016 +0200 asm: updated openssl and the asm sources for AES-GCM from openssl 1.0.2h This improves the performance of AES-GCM significantly by taking advantage of AVX and MOVBE instructions where available. This utilizes Andy Polyakov's code under BSD license. Author: Nikos Mavrogiannopoulos Date: Tue Jul 5 11:44:59 2016 +0200 tests: when testing with openssl disallow any CPU optimizations This ensures that we test our optimized code (which is mostly openssl based), with code that is not identical. Author: Nikos Mavrogiannopoulos Date: Fri Jul 1 14:29:40 2016 +0200 tests: added openssl compatibility tests for AES-GCM cipher Author: Nikos Mavrogiannopoulos Date: Tue Jul 5 11:41:20 2016 +0200 dane: corrected the license of libdane files The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni. Author: Nikos Mavrogiannopoulos Date: Mon Jul 4 17:29:30 2016 +0200 tests: ignore leaks due to p11-kit in test suite This addresses issue in "pkcs11-privkey-fork" which failed when compiled under asan due to leaks in p11-kit after fork. Author: Nikos Mavrogiannopoulos Date: Mon Jul 4 15:28:27 2016 +0200 tests: added check to ensure that pkcs11 objects will be reopened on fork This checks whether C_Initialize() and C_OpenSession() will be called again when using a PKCS#11 module. Resolves #95 Author: Nikos Mavrogiannopoulos Date: Mon Jul 4 15:19:32 2016 +0200 pkcs11: on object import always check for a support public key algorithm Author: Nikos Mavrogiannopoulos Date: Fri Jul 1 15:29:58 2016 +0200 gnutls_aead_cipher_decrypt: corrected the return value of ptext_len That is, do not account the tag_size into the plaintext. Author: Nikos Mavrogiannopoulos Date: Thu Jun 30 15:29:44 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Jun 30 15:22:22 2016 +0200 configure: check for libdl irrespective of FIPS140 configuration This allows to link to libdl for the tests that require it. Author: Nikos Mavrogiannopoulos Date: Thu Jun 30 13:44:57 2016 +0200 tests: account pkcs11/pkcs11-mock-ext.h in Makefile Author: Nikos Mavrogiannopoulos Date: Thu Jun 30 13:41:51 2016 +0200 tests: link pkcs11-import-url-privkey with libdl That is because it uses dlopen(). Author: Nikos Mavrogiannopoulos Date: Thu Jun 30 10:47:02 2016 +0200 more files to ignore Author: Nikos Mavrogiannopoulos Date: Thu Jun 30 09:34:33 2016 +0200 tests: avoid compiler warning from pkcs11-pubkey-import Author: Nikos Mavrogiannopoulos Date: Thu Jun 30 09:30:47 2016 +0200 tests: added check to verify the tolerance of broken C_GetAttributes That is, test gnutls_pkcs11_obj_list_import_url4() when importing private keys from tokens that return CKR_OK on sensitive objects, and tokens that return CKR_ATTRIBUTE_SENSTIVE. Relates #108 Author: Nikos Mavrogiannopoulos Date: Thu Jun 30 09:11:40 2016 +0200 pkcs11_get_attribute_avalue: correctly handle a -1 value length from C_GetAttributeValue That is, work-around modules which do not return an error on sensitive objects. Relates #108 Author: Nikos Mavrogiannopoulos Date: Wed Jun 29 18:52:22 2016 +0200 pkcs11_get_attribute_avalue: do not assign values on failure When C_GetAttributeValue() returns size but does not return data then pkcs11_get_attribute_avalue() would set the return data pointer to a free'd value. This is against the convention expected by callers, i.e, set data to NULL. Reported by Anthony Alba in #108. Author: Nikos Mavrogiannopoulos Date: Wed Jun 29 17:25:06 2016 +0200 tests: use datefudge in name-constraints test This avoids the expiration of the used certificate to affect the test. Author: Nikos Mavrogiannopoulos Date: Tue Jun 28 09:17:13 2016 +0200 tests: link libpkcs11mock1 with gnulib This allows it to use gnulib for strndup where it is needed. Author: Nikos Mavrogiannopoulos Date: Tue Jun 28 09:15:55 2016 +0200 p11tool: do not return from void functions This fixes a compilation issue with solaris compiler. Reported by Peter Eriksson. Author: Nikos Mavrogiannopoulos Date: Fri Jun 24 11:01:35 2016 +0200 doc: mention the boolean functions in the gnutls API Author: Nikos Mavrogiannopoulos Date: Fri Jun 24 10:55:37 2016 +0200 tests: removed remainders of pkcs11 tests from suite/ Author: Nikos Mavrogiannopoulos Date: Fri Jun 24 08:37:03 2016 +0200 gnutls_pkcs11_crt_is_known: changed to unsigned type Author: Nikos Mavrogiannopoulos Date: Thu Jun 23 23:24:19 2016 +0200 tests: pkcs11-is-known: check that no flags enforce compare Author: Nikos Mavrogiannopoulos Date: Thu Jun 23 23:13:50 2016 +0200 gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given Author: Nikos Mavrogiannopoulos Date: Thu Jun 23 23:06:29 2016 +0200 tests: moved pkcs11-softhsm test suite into pkcs11/ Author: Nikos Mavrogiannopoulos Date: Thu Jun 23 22:40:26 2016 +0200 find_cert_cb: minor cleanups in find_cert_cb Author: Nikos Mavrogiannopoulos Date: Thu Jun 23 22:25:06 2016 +0200 tests: added more unit tests for gnutls_pkcs11_crt_is_known() Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 18:04:45 2016 +0200 dn2: updated to account for serial number being printed Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 18:01:15 2016 +0200 tests: corrected create-chain.sh to remove the ocsp_signing_key from generated certs Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 18:00:03 2016 +0200 tests: replaced tls feature extension checks The previous checks had incorrect key purpose check on the final (root) certificate. Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 17:31:30 2016 +0200 enhanced debugging messages for cert verification Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 17:09:54 2016 +0200 x509: print serial number in compact output Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 16:49:42 2016 +0200 tests: include softhsm.h into dist files Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 15:27:05 2016 +0200 pkcs11: correctly encode the serial number when searching for certificate In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial number to TLV DER from LV DER. This is the encoding we use when storing that number. Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 15:50:51 2016 +0200 pkcs11: correctly account check_found_cert() Author: Nikos Mavrogiannopoulos Date: Wed Jun 22 13:50:48 2016 +0200 gnutls-cli-debug: replaced draft-ietf-tls-chacha20-poly1305-04 with RFC7905 Author: Nikos Mavrogiannopoulos Date: Mon Jun 20 12:07:03 2016 +0200 gnutls-cli: benchmark the memcpy performance to compare with ciphers Also ensure that we use different memory areas for each operation to avoid measuring better performance due to caching. Author: Nikos Mavrogiannopoulos Date: Thu Jun 16 11:53:55 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Sun Jun 19 15:48:21 2016 +0200 doc: corrected typo Author: Nikos Mavrogiannopoulos Date: Sun Jun 19 13:06:15 2016 +0200 Sync with TP. Author: Andreas Metzler Date: Sat Jun 18 18:36:13 2016 +0200 Typo fixes (found by lintian): extention, reencode Author: Nikos Mavrogiannopoulos Date: Thu Jun 16 11:51:42 2016 +0200 tests: added check for handshake packet reconstruction This tests whether a split handshake packet is properly reconstructed if the parts are switched. Author: Nikos Mavrogiannopoulos Date: Thu Jun 16 11:37:30 2016 +0200 dtls: corrected reconstruction of handshake packets received out of order That is, when the handshake packet is split into multiple different chunks and received out of order, make sure that reconstruction occurs properly. Reported by Guillaume Roguez. Author: Nikos Mavrogiannopoulos Date: Thu Jun 16 10:08:34 2016 +0200 Corrected the writing of serial number in PKCS#11 modules That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek. Author: Nikos Mavrogiannopoulos Date: Wed Jun 15 13:50:54 2016 +0200 ext: ecc: replaced SUPPORTED ECC POINT FORMATS with better formatted name Author: Nikos Mavrogiannopoulos Date: Wed Jun 15 09:21:10 2016 +0200 tests: disable SRP-base64 encode/decoded tests when SRP is disabled Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 19:46:55 2016 +0200 .gitlab-ci.yml: restrict windows build checks to tests/ subdir [ci skip] That is because there is an issue with the gnulib self tests when run under windows. Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 16:43:50 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 16:35:55 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 16:32:21 2016 +0200 released 3.5.1 Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 16:31:35 2016 +0200 tests: added missing files Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 15:24:48 2016 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 15:23:04 2016 +0200 tests: fixed the path of cert-tests files and added missing files in Makefile.am Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 15:17:33 2016 +0200 more files to ignore Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 10:21:54 2016 +0200 tests: verify the resilience of the TLSFeature handling functions on large number of features Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 10:02:56 2016 +0200 tlsfeature: impose a maximum number of supported TLS features This avoids many allocations and simplifies handling of the features. The currently set maximum number of TLS features aligns with the maximum number of supported TLS extensions. Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 09:51:01 2016 +0200 tests: added unit test for gnutls_x509_tlsfeatures_check_crt Author: Nikos Mavrogiannopoulos Date: Tue May 31 16:07:44 2016 +0200 During PKIX chain verification check the TLSFeatures compliance This verifies whether a chain complies with RFC7366 p.4.2.2 requirements. That is whether the issuer's features are a superset of the certificate under verification. This enhances gnutls_x509_crt_get_tlsfeatures() to allow appending of TLSFeatures, and introduces gnutls_x509_tlsfeatures_check_crt(). Author: Nikos Mavrogiannopoulos Date: Tue May 31 15:10:27 2016 +0200 verify_crt: moved all verification state into a common structure This allows for easier extension of state. Author: Nikos Mavrogiannopoulos Date: Tue May 31 09:28:28 2016 +0200 tests: added chain verification with TLS features That adds checks for the RFC7633 requirements for intermediate and CA certificates (p. 4.2.2). Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 14:37:49 2016 +0200 bumped version Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 14:37:12 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 14:01:56 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 13:49:28 2016 +0200 tests: verify the operation of honor_crq_ext template option Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 13:41:24 2016 +0200 tests: common.sh will export the required TZ for datefudge tests Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 13:24:03 2016 +0200 tools: avoid using deprecated types Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 13:23:03 2016 +0200 certtool: allow copying specific certificate request extensions to certificate This introduces the honor_crq_extension multi-line template option. Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 13:13:32 2016 +0200 tests: added check on gnutls_x509_crt_set_crq_extension_by_oid() Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 11:19:50 2016 +0200 Added gnutls_x509_crt_set_crq_extension_by_oid() This allows copying specific OIDs from a certificate request to the certificate. Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 09:59:20 2016 +0200 tests: moved check for datefudge in scripts/common.sh Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 09:55:04 2016 +0200 tests: cert-tests: moved all data files in separate subdir Author: Nikos Mavrogiannopoulos Date: Tue Jun 14 09:36:29 2016 +0200 tests: cert-tests: moved templates into subdir Author: Daniel P. Berrange Date: Fri Jun 10 13:41:22 2016 +0100 tests: test trailing comma in system priorities Add tests which verify behaviour when the list of system priorities has a trailing ','. Avoid crash in test suite if the test unexpectedly succeeds when expected_str is NULL. Signed-off-by: Daniel P. Berrange Author: Nikos Mavrogiannopoulos Date: Fri Jun 10 13:56:23 2016 +0200 tests: added check of DTLS rehandshake for upgrade That is check whether anon -> cert renegotiation works. Author: Nikos Mavrogiannopoulos Date: Fri Jun 10 13:43:36 2016 +0200 tests: added check of DTLS rehandshake when using PKIX certs This complements the existing DTLS rehandshake test using anonymous ciphersuites. Author: Nikos Mavrogiannopoulos Date: Thu Jun 9 18:55:02 2016 +0200 tests: document some details in system-prio-file [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Jun 9 17:40:49 2016 +0200 doc: mention the usage of the _gnutls_resolve_priorities function in testsuite Author: Nikos Mavrogiannopoulos Date: Thu Jun 9 17:38:29 2016 +0200 doc: mention the fallback keyword support in manual Author: Nikos Mavrogiannopoulos Date: Thu Jun 9 17:36:12 2016 +0200 tests: added checks for system priority file fallback mechanism Author: Daniel P. Berrange Date: Fri Jun 3 16:57:02 2016 +0100 gnutls_priority_init: multiple @KEYWORD lookups with fallback The support for using "@KEYWORD" as a priority string is very useful to separate selection of priorities from application specific code or config files. It is, however, not general enough to fully serve all reasonable use cases. For example, consider an application sets gnutls_priority_set_direct(session, "@SYSTEM", NULL); The system administrator can modify the global priorities file to change what "@SYSTEM" resolves to for all apps using GNUTLS. As soon as one application wishes to have a slightly different configuration from others on the host, you have to go back and start modifying application specific configuration files once more. This is bad for the system administrator as it means there's no longer one single place where they can see the priority configuration for all apps. They may try to get around this problem by configuring the app to use a different keyword, instead of a full priority string, eg "@LIBVIRT". So the global priorities file can now define entries for both "SYSTEM" and "LIBVIRT". This has still placed a burden on the administrator change the config in two places - both libvirt config files and the global priorities file. What is more desirable is if applications were able to provide a list of keywords that would be tried in order, picking the first that existed. For example, libvirt could be written to request the following by default gnutls_priority_set_direct(session, "@LIBVIRT,SYSTEM", NULL); With this, gnutls would first try to find the "LIBVIRT" keyword in the global configuration file, and if that is not present, then it would fallback to trying to find the "SYSTEM" keyword. This provides nice "out of the box" behaviour for system administrators, whereby the app would be using "SYSTEM" initially and if the admin wishes to give the app a custom configuration, they can simply modify the global priorities file to add in the application specific keyword "LIBVIRT". There is never a need for the sysadmin to modify any application specific configuration files any more. It is exclusively controlled in one place via the global priorities file. Signed-off-by: Daniel P. Berrange Author: Nikos Mavrogiannopoulos Date: Thu Jun 9 17:20:22 2016 +0200 tests: enhanced system priority file testing This checks whether appending to system priority options work. Author: Nikos Mavrogiannopoulos Date: Thu Jun 9 17:21:57 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Jun 9 17:01:06 2016 +0200 doc: remove all references to openpgp auth example Author: Nikos Mavrogiannopoulos Date: Thu Jun 9 16:48:14 2016 +0200 doc update Author: Daniel P. Berrange Date: Fri Jun 3 14:59:11 2016 +0100 _gnutls_resolve_priorities: always try to re-read sys priority file Previously if the system priority file was edited, that would take effect on the very next TLS session an application created. As of: commit 006b89d4464ae1bb6d545ea5716998654124df45 Author: Nikos Mavrogiannopoulos Date: Fri Apr 1 10:46:12 2016 +0200 priorities: preload the system priorities on library loading time It is required to restart every application after changing the system priority file to get changes to take effect. Further, for applications running in a chroot, it will no longer honour a system priority file that may exist inside the chroot, always using the originally cached data from outside the chroot. This patch changes the caching so that we always try to reload the cache of system priorities. A mtime check is used to avoid actually re-reading the file unless its content has obviously changed. If the file no longer exists, the cache will not be invalidated. This ensures that the current priority file is always honoured, whether inside a chroot or not, while at the same time allowing apps to work in a chroot when no system priority file is present. Signed-off-by: Daniel P. Berrange Author: Nikos Mavrogiannopoulos Date: Wed Jun 8 19:38:07 2016 +0200 doc: remove references to GNUTLS_KEYLOGFILE Author: Nikos Mavrogiannopoulos Date: Mon Jun 6 19:33:34 2016 +0200 tests: renamed rehandshake checks for clarity Author: Nikos Mavrogiannopoulos Date: Mon Jun 6 18:47:28 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Jun 6 18:43:12 2016 +0200 keylogfile: only consider the SSLKEYLOGFILE variable In addition do not check the environment in the constructor but instead use static variables to save the key file name. The GNUTLS_KEYLOGFILE environment variable is no longer used since there is no reason to have a separate one. Author: Nikos Mavrogiannopoulos Date: Mon Jun 6 18:39:18 2016 +0200 lib: eliminated the use of deprecated variables Author: Nikos Mavrogiannopoulos Date: Sat Jun 4 11:42:21 2016 +0200 doc: removed OpenPGP examples Relates #102 Author: Nikos Mavrogiannopoulos Date: Sat Jun 4 11:36:34 2016 +0200 pkcs12: corrected return type of gnutls_pkcs12_bag_get_type() Author: Nikos Mavrogiannopoulos Date: Fri Jun 3 17:07:28 2016 +0200 tests: move pkcs11-cert-import-url4-exts with the other pkcs11 tests This prevents a build failure in windows. Author: Nikos Mavrogiannopoulos Date: Fri Jun 3 15:01:59 2016 +0200 doc clarify the version since when GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT is accepted Author: Nikos Mavrogiannopoulos Date: Fri Jun 3 14:53:04 2016 +0200 tests: corrected typo in crl-test Author: Nikos Mavrogiannopoulos Date: Fri Jun 3 14:24:32 2016 +0200 tests: check gnutls_pkcs11_obj_list_import_url4() with GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT Author: Nikos Mavrogiannopoulos Date: Fri Jun 3 14:50:45 2016 +0200 gnutls_pkcs11_obj_list_import_url4: accepts the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag Author: Nikos Mavrogiannopoulos Date: Fri Jun 3 14:41:25 2016 +0200 gnutls_pkcs11_obj_list_import_url3: rewritten to use gnutls_pkcs11_obj_list_import_url4 Author: Nikos Mavrogiannopoulos Date: Fri Jun 3 14:29:45 2016 +0200 pkcs11: use ctx as variable name for ck_object_handle_t for clarity Author: Nikos Mavrogiannopoulos Date: Fri Jun 3 13:47:44 2016 +0200 pkcs11: doc update Author: Nikos Mavrogiannopoulos Date: Thu Jun 2 14:37:11 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Jun 2 14:28:52 2016 +0200 _gnutls_check_key_purpose: in CA certificates treat the SGC key purpose as GNUTLS_KP_TLS_WWW_SERVER This is a hack for certain very old CA certificates lurking around which instead of having the GNUTLS_KP_TLS_WWW_SERVER have some old OIDs for that purpose. Consider these OIDs equivalent to GNUTLS_KP_TLS_WWW_SERVER in marked as CA certificates. Author: Nikos Mavrogiannopoulos Date: Thu Jun 2 09:22:26 2016 +0200 gnutls-cli: --save-ocsp will work even if verification fails That is, allow saving the response even if the OCSP response caused a verification error. That way the response can be examined for possible issues. Author: Nikos Mavrogiannopoulos Date: Thu Jun 2 09:20:13 2016 +0200 ocsp: attempt harder to figure an OCSP staple issuer That is, check initially against the trust list set on the credentials, and if verification is not possible attempt with all certificates in the chain as possible issuers. The reason of this enhancement is the few servers have an OCSP response signed not by their direct CA but rather by one of the higher level CAs. Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 14:10:59 2016 +0200 tests: added comprehensive OCSP test suite with MUST-staple PKIX extension This includes the tests: - Server with valid certificate - no staple - Server with valid certificate - valid staple - Server with valid certificate - invalid staple - Server with valid certificate - unrelated cert staple - Server with valid certificate - expired staple - Server with valid certificate - old staple Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 10:09:54 2016 +0200 tests: utils: added c_print() Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 10:33:15 2016 +0200 ext: status_request: added more descriptive name Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 14:15:49 2016 +0200 ocsp: fail certificate verification on expired or too old revocation data info Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 14:13:52 2016 +0200 ocsp: Introduced GNUTLS_CERT_INVALID_OCSP_STATUS This verification status flag indicates an OCSP status response being stapled but it being invalid for some reason (e.g., unable to parse or doesn't contain the expected certificate). Author: Nikos Mavrogiannopoulos Date: Wed Jun 1 14:38:32 2016 +0200 doc: improved OCSP description and mention RFC7633 Author: Nikos Mavrogiannopoulos Date: Tue May 31 16:52:06 2016 +0200 tests: added basic check for gnutls_url_is_supported Author: Nikos Mavrogiannopoulos Date: Tue May 31 16:47:34 2016 +0200 gnutls_url_is_supported: type changed to unsigned In addition function documentation was updated. Author: Nikos Mavrogiannopoulos Date: Tue May 31 16:42:22 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue May 31 16:37:34 2016 +0200 pubkey_to_bits: return type was changed to unsigned This function did not return signed data, so the "int" return type was confusing. Author: Nikos Mavrogiannopoulos Date: Tue May 31 16:16:38 2016 +0200 crypto-selftests: removed unneeded cast Author: Nikos Mavrogiannopoulos Date: Tue May 31 13:49:13 2016 +0200 several sign-related API changes This replaces the usage of "int" in functions which could only have accepted an "unsigned" value. Also functions which return unsigned values are explicitly tagged as such. The ABI remains the same with these changes. This allows easier catching of sign/unsigned related errors from the calling applications. Author: Nikos Mavrogiannopoulos Date: Tue May 31 11:40:00 2016 +0200 x509: simplified _gnutls_x509_get_tbs() Author: Nikos Mavrogiannopoulos Date: Tue May 31 10:08:14 2016 +0200 x509: replace the bool type with the unsigned type This allows to rely on gcc warnings for improper checks and conversions. Unfortunately gcc does warn on invalid checks for the bool type (e.g., b<0). Author: Nikos Mavrogiannopoulos Date: Tue May 31 10:00:18 2016 +0200 configure: enable the type-limits gcc warnings In addition remove the unsafe-loop-optimizations warning as they were not helpful. Author: Nikos Mavrogiannopoulos Date: Tue May 31 08:59:47 2016 +0200 certtool: doc update Author: Nikos Mavrogiannopoulos Date: Mon May 30 22:28:23 2016 +0200 DCO: added Tim Kosse [ci skip] Author: Nikos Mavrogiannopoulos Date: Mon May 30 15:19:15 2016 +0200 tools: modify canonicalize_host to not depend on in6_addr Author: Nikos Mavrogiannopoulos Date: Mon May 30 15:17:06 2016 +0200 tests: added unit tests for gnutls_x509_tlsfeatures_t handling funcs This includes DER import/export as well as feature appending. Author: Nikos Mavrogiannopoulos Date: Mon May 30 14:19:20 2016 +0200 tests: tlsfeature-test will ignore the 'Algorithm Security Level' line in comparisons That is to allow depending on the certificate output validation without relying on "moving" parameters such as the Algorithm Security Level. Author: Nikos Mavrogiannopoulos Date: Mon May 30 13:47:14 2016 +0200 tests: verify whether the TLSFeatures extension is copied Verify whether the TLSFeatures extension is copied from the certificate request to the generated certificate. Author: Nikos Mavrogiannopoulos Date: Mon May 30 13:34:17 2016 +0200 doc: updated since version of tlsfeature functionality and documented new functions Author: Tim Kosse Date: Fri Jan 15 14:45:03 2016 +0100 tests: add testcase to check for missing status request That is verify whether the OCSP MUST-staple extension, as can be deduced from RFC7633, is accounted during handshake. Author: Tim Kosse Date: Fri Jan 15 14:45:42 2016 +0100 Reset extensions_sent_size only at start of handshake That is, do not reset it when completing it so that we can use the negotiated extensions even after the handshake is complete. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Kosse Date: Sun Dec 20 15:09:24 2015 +0100 Account the TLSFeature certificate extension in certificate verification That is, account for the OCSP-Must staple extension. If we have sent an OCSP status request and have not gotten anything, but the certificate has the Status Request TLSFeature extension present, fail to verify the certificate. Author: Nikos Mavrogiannopoulos Date: Mon May 30 12:57:55 2016 +0200 tools: allow specifying a hostname with a port attached That is: gnutls-cli www.example.com:443 is equivalent to gnutls-cli www.example.com -p 443 Author: Nikos Mavrogiannopoulos Date: Mon May 30 12:35:45 2016 +0200 tests: check the generation and printing of TLS feature PKIX extension Author: Nikos Mavrogiannopoulos Date: Mon May 30 11:23:39 2016 +0200 doc: document tls_feature option in the sample template Author: Nikos Mavrogiannopoulos Date: Mon May 30 10:55:46 2016 +0200 TLS extensions: use more human-friendly names This is required to provide better output to gnutls_ext_get_name() Author: Nikos Mavrogiannopoulos Date: Mon May 30 10:50:38 2016 +0200 exported function to convert TLS extension numbers to strings The exported function is gnutls_ext_get_name() Author: Nikos Mavrogiannopoulos Date: Mon May 30 10:45:46 2016 +0200 x509/output: print the extension name of TLSFeatures Author: Tim Kosse Date: Thu Jan 7 11:27:13 2016 +0100 Implement setting the TLS features extension on certificates via certtool's template file. Author: Nikos Mavrogiannopoulos Date: Mon May 30 10:20:00 2016 +0200 libgnutls.map: exported the tlsfeatures-related functions Author: Tim Kosse Date: Fri Jan 15 11:34:31 2016 +0100 Add functions to get/set the tlsfeatures to certificate requests. Author: Tim Kosse Date: Mon May 30 09:57:42 2016 +0200 Added gnutls_x509_crt_set_tlsfeatures Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Kosse Date: Mon May 30 09:52:15 2016 +0200 Added functions to add features and convert tlsfeatures back to DER That adds: gnutls_x509_ext_export_tlsfeatures gnutls_x509_tlsfeatures_add Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Kosse Date: Fri Jan 15 13:48:10 2016 +0100 Move call to terminate() until after printing the error message. Author: Tim Kosse Date: Fri Jan 15 12:04:00 2016 +0100 Fix the description of two testcases. Author: Tim Kosse Date: Mon May 30 09:45:29 2016 +0200 Added functions to parse the TLSFeatures X.509 extension. In addition provide function to enumerate the features it lists, and output information with the output functions. This adds: gnutls_x509_tlsfeatures_init gnutls_x509_tlsfeatures_deinit gnutls_x509_tlsfeatures_get gnutls_x509_ext_import_tlsfeatures gnutls_x509_crt_get_tlsfeatures Signed-off-by: Nikos Mavrogiannopoulos Author: Andreas Metzler Date: Sun May 29 11:53:22 2016 +0200 Typo fix: auxilary -> auxiliary [ci skip] Author: Nikos Mavrogiannopoulos Date: Sat May 28 22:26:48 2016 +0200 tests: added DTLS 0.9 check with AES-128-GCM Author: Nikos Mavrogiannopoulos Date: Sat May 28 19:57:09 2016 +0200 gl: secure_getenv() will behave as getenv on windows Author: Nikos Mavrogiannopoulos Date: Sat May 28 19:32:12 2016 +0200 tests: corrected definition of CryptSignHash in mock crypt32 Author: Nikos Mavrogiannopoulos Date: Sat May 28 09:55:53 2016 +0200 Rely on gnulib's secure_getenv() Author: Nikos Mavrogiannopoulos Date: Sat May 28 09:55:07 2016 +0200 x86-common: use secure_getenv() Author: Nikos Mavrogiannopoulos Date: Fri May 27 22:48:48 2016 +0200 configure.ac: check for secure_getenv where available and always enable system extensions Author: Nikos Mavrogiannopoulos Date: Fri May 27 22:34:53 2016 +0200 tests: keylog-env will check for SSLKEYLOGFILE as well Author: Nikos Mavrogiannopoulos Date: Fri May 27 22:26:02 2016 +0200 env: use secure_getenv when reading environment variables Author: Nikos Mavrogiannopoulos Date: Fri May 27 22:21:50 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri May 27 22:19:40 2016 +0200 Append keys on keylogfile Also consider the SSLKEYLOGFILE variable, since the format is identical and we are always appending keys. Author: Nikos Mavrogiannopoulos Date: Thu May 26 11:05:40 2016 +0200 tests: ssl2-hello check is made conditional It is only run if ENABLE_SSL2 is defined. Author: Nikos Mavrogiannopoulos Date: Thu May 26 11:04:27 2016 +0200 .gitignore: more files to ignore Author: Nikos Mavrogiannopoulos Date: Thu May 26 11:02:34 2016 +0200 tests: added SSL2.0 client hello parsing check Author: Nikos Mavrogiannopoulos Date: Thu May 26 10:58:19 2016 +0200 tests: added small text clarifying the purpose of the cert-common.h header Author: Nikos Mavrogiannopoulos Date: Tue May 24 13:45:32 2016 +0200 tests: add an upper limit in the run of compat tests This allows the test suite to recover from the case of DTLS implementations that do not properly retransmit and block on lost packets. Author: Nikos Mavrogiannopoulos Date: Tue May 24 13:27:12 2016 +0200 doc: advise against using the TPM-specific API It is restricted to TPM 1.2, and there are fine PKCS#11 wrappers that will provide identifical functionality. Relates #101 Author: Nikos Mavrogiannopoulos Date: Tue May 24 10:08:14 2016 +0200 .gitlab-ci.yml: corrected typo preventing the no-SSL 3.0 test part to be properly run Also test the --disable-ssl2-support option. Author: Nikos Mavrogiannopoulos Date: Tue May 24 09:58:12 2016 +0200 Amend the "Allow for conditional compilation of SSL 3.0 protocol patch" That is fix bug introduced by an incorrect #ifdef, and unconditionally provide access to certificate callbacks. This amends 89faab9e9e9123f39e8c0c6f8da1f67de423254a Author: Nikos Mavrogiannopoulos Date: Tue May 24 09:17:53 2016 +0200 doc: updated text on priority strings Refer to RFC7685 for the TLS padding extension (%DUMBFW), and mention the default behavior for the TLS client hello record version. Author: Nikos Mavrogiannopoulos Date: Mon May 23 11:33:53 2016 +0200 pkcs11: added sanity check to find_obj_url_cb() for object validity Also avoid unnecessary recursion. Author: Nikos Mavrogiannopoulos Date: Sat May 21 06:24:47 2016 +0200 tests: run compatibility checks in parallel for various modifiers That is, the various %NO_ETM, %COMPAT, ... modifiers are checked in parallel in the testcompat suite, reducing the overall running time significantly. Author: Nikos Mavrogiannopoulos Date: Sat May 21 05:39:21 2016 +0200 tests: enhance TLS version checks with DTLS That is we check whether DTLS-1.0 and DTLS-1.2 can be negotiated using the NORMAL priority string. We also add a custom check for DTLS-0.9 as this is not fully supported for negotiation. Author: Nikos Mavrogiannopoulos Date: Fri May 20 17:44:46 2016 +0200 tests: use /bin/bash in tests which require common.sh Author: Nikos Mavrogiannopoulos Date: Fri May 20 15:04:22 2016 +0200 .gitlab-ci.yml: minimal build disables SSL2 client hello Author: Nikos Mavrogiannopoulos Date: Fri May 20 15:03:41 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri May 20 15:01:49 2016 +0200 Allow for conditional compilation of SSL 2.0 client hello support This allows to completely remove SSL 2.0 support by calling configure with the '--disable-ssl2-support' option. Relates #97 Author: Nikos Mavrogiannopoulos Date: Fri May 20 14:54:38 2016 +0200 Amend: Allow for conditional compilation of SSL 3.0 protocol This patch makes conditional several more SSL 3.0-only parts of codebase. Author: Nikos Mavrogiannopoulos Date: Fri May 20 14:47:27 2016 +0200 CONTRIBUTING.md: link to milestones instead of all issues Author: Nikos Mavrogiannopoulos Date: Fri May 20 14:42:12 2016 +0200 tests: mini-x509-cas: use cert-common.h Author: Nikos Mavrogiannopoulos Date: Fri May 20 14:41:08 2016 +0200 CONTRIBUTING.md: doc update Author: Nikos Mavrogiannopoulos Date: Fri May 20 12:07:57 2016 +0200 tests: do not use pkglib to generate libpkcs11mock1.so This resulted in the test library being installed. Install we use noinst for the library, but pass -rpath to LDFLAGS as a hack to for libtool to generate the shared version. Author: Nikos Mavrogiannopoulos Date: Thu May 19 12:08:13 2016 +0200 configure.ac: increased stack size usage to reduce warnings Also remove gcc flags from the banned list that no longer pose and issue. Author: Nikos Mavrogiannopoulos Date: Fri May 20 07:45:46 2016 +0200 announce.txt: updated list email address Author: Nikos Mavrogiannopoulos Date: Thu May 19 10:56:52 2016 +0200 priority: CCM ciphersuites was promoted over the CBC ones Also make explicit the prioritization rules for the default set of ciphers. Author: Nikos Mavrogiannopoulos Date: Thu May 19 09:24:13 2016 +0200 gnutls-cli: allow operation with stdin input That is once commands from stdin are given, they are not only sent to server, but we also wait for a response prior to exiting. Resolves #96 Author: Nikos Mavrogiannopoulos Date: Wed May 18 14:00:06 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed May 18 22:24:33 2016 +0200 tests: ocsp-tls-connection: use /bin/bash since we rely on the $RANDOM variable Author: Nikos Mavrogiannopoulos Date: Wed May 18 22:20:47 2016 +0200 tests: use _putenv() for setting environment on windows Author: Nikos Mavrogiannopoulos Date: Wed May 18 21:15:38 2016 +0200 tests: added check to verify that keylog file is being written Author: Nikos Mavrogiannopoulos Date: Wed May 18 16:38:13 2016 +0200 doc: documented the GNUTLS_KEYLOGFILE environment variable Author: Nikos Mavrogiannopoulos Date: Wed May 18 16:31:28 2016 +0200 Write session keys into a file when GNUTLS_KEYLOGFILE is exported That is the file pointed from the variable is written to, and contain the session parameters in the following format (identical to NSS key log format): CLIENT_RANDOM <64 bytes of hex encoded client_random> <96 bytes of hex encoded master secret> and for the old RSA ciphersuites also in the format: RSA <16 bytes of hex encoded encrypted pre master secret> <96 bytes of hex encoded master secret> Resolves #64 Author: Nikos Mavrogiannopoulos Date: Wed May 18 13:39:06 2016 +0200 systemkey: corrected help output Author: Nikos Mavrogiannopoulos Date: Wed May 18 13:36:11 2016 +0200 doc: document the systems supported via systemkeys API Author: Nikos Mavrogiannopoulos Date: Tue May 17 14:13:26 2016 +0200 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue May 17 10:35:39 2016 +0200 gnutls-cli: corrected check for OCSP verification success Author: Thomas Klute Date: Fri Apr 29 02:50:31 2016 +0200 Test case for gnutls-cli --ocsp This new test case checks if gnutls-cli accepts OCSP responses for a valid and a revoked server certificate when establishing TLS connections. Uses the OpenSSL OCSP responder. Signed-off-by: Thomas Klute Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue May 17 09:23:22 2016 +0200 INSTALL.md: no longer reference libgcrypt Author: Nikos Mavrogiannopoulos Date: Tue May 17 09:16:32 2016 +0200 doc: updated README files This makes the names a bit more reasonable, drops the very generic INSTALL file, and also allows the github repository to print the correct README file. README -> INSTALL.md README-alpha.md -> README.md Author: Nikos Mavrogiannopoulos Date: Tue May 17 08:56:59 2016 +0200 tests: renamed cert-callback checks for simplicity Author: Nikos Mavrogiannopoulos Date: Tue May 17 08:55:50 2016 +0200 tests: added check with the legacy cert verification callback Author: Nikos Mavrogiannopoulos Date: Tue May 17 08:54:43 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue May 17 08:43:58 2016 +0200 tests: cert-callbacks check now checks the server-side callback operation as well Author: Nikos Mavrogiannopoulos Date: Mon May 16 18:08:27 2016 +0200 tests: dtls-stress: fix debug argument accounting It was not being considered when it was not the last argument. Author: Nikos Mavrogiannopoulos Date: Mon May 16 18:05:34 2016 +0200 tests: re-disabled dtls-nb check; it had random failures This was disabled for quite long time already, and needs to be investigated. Author: Nikos Mavrogiannopoulos Date: Mon May 16 13:47:23 2016 +0200 tests: added DTLS test suite when in session resumption While there is already a test suite for DTLS lost packets/rearranges it does not cover the session resumption flights. This patch enhances the test suite with these checks. Author: Nikos Mavrogiannopoulos Date: Sun May 15 10:44:42 2016 +0200 dtls-stress: added session resumption option This allows to perform tests on DTLS resumed sessions for retransmitions due to lost packets. Author: Nikos Mavrogiannopoulos Date: Sun May 15 11:34:32 2016 +0200 tests: dtls: removed excessive debugging output from test Author: Nikos Mavrogiannopoulos Date: Sun May 15 11:08:57 2016 +0200 tests: dtls-stress: corrected parsing of -d option Author: Nikos Mavrogiannopoulos Date: Sun May 15 10:49:42 2016 +0200 record.c: removed superfluous debugging Author: Nikos Mavrogiannopoulos Date: Sun May 15 10:40:38 2016 +0200 gnutls_assert_val: corrected regression from 78ee98e06c7862df38131b12083adc1a0c5eea4a Author: Nikos Mavrogiannopoulos Date: Sun May 15 09:30:02 2016 +0200 gnutls_assert_val: was modified to be in line with gnutls_assert() Author: Nikos Mavrogiannopoulos Date: Sat May 14 13:03:27 2016 +0200 .gitlab-ci.yml: added new build target without SSL 3.0 Also disable SSL3.0 in the minimal library compilation. Author: Nikos Mavrogiannopoulos Date: Sat May 14 11:58:27 2016 +0200 .gitignore: more files to ignore Author: Nikos Mavrogiannopoulos Date: Sat May 14 11:57:47 2016 +0200 tests: added key exchange checks for all DTLS protocols Author: Nikos Mavrogiannopoulos Date: Sat May 14 11:48:45 2016 +0200 doc: prefer the usage of VERS-ALL in documentation Author: Nikos Mavrogiannopoulos Date: Sat May 14 11:47:18 2016 +0200 ext master secret: don't enable when SSL 3.0 is the only protocol That is on server side only. On client side this logic was already present. Author: Nikos Mavrogiannopoulos Date: Sat May 14 11:18:44 2016 +0200 tests: separated the key exchange checks That is introduce separate checks for each key exchange on every TLS version. Author: Nikos Mavrogiannopoulos Date: Sat May 14 11:12:56 2016 +0200 doc: mention the TLS 1.2 restriction of sign algo functions Author: Nikos Mavrogiannopoulos Date: Sat May 14 10:28:49 2016 +0200 Allow for conditional compilation of SSL 3.0 protocol This allows to completely remove SSL 3.0 support by calling configure with the '--disable-ssl3' option. Resolves #93 Author: Nikos Mavrogiannopoulos Date: Sat May 14 08:03:48 2016 +0200 Makefile.am: include renamed files into distribution Author: Nikos Mavrogiannopoulos Date: Sat May 14 00:39:23 2016 +0200 README-alpha.md: refer to CONTRIBUTING.md [ci skip] Author: Nikos Mavrogiannopoulos Date: Sat May 14 00:38:59 2016 +0200 LICENSE: mention that documentation is under GNU FDL Author: Nikos Mavrogiannopoulos Date: Sat May 14 00:35:45 2016 +0200 Leave only LICENSE in the root directory and move licenses to doc/ Author: Nikos Mavrogiannopoulos Date: Sat May 14 00:13:44 2016 +0200 Added a LICENSE file [ci skip] Author: Nikos Mavrogiannopoulos Date: Sat May 14 00:31:43 2016 +0200 Moved coding style and contribution guide to CONTRIBUTION.md This aligns with gitlab's web interface. Author: Nikos Mavrogiannopoulos Date: Fri May 13 20:39:11 2016 +0200 tests: include unistd.h in tests which call _exit() Author: Nikos Mavrogiannopoulos Date: Fri May 13 13:41:53 2016 +0200 tests: simplified server launching process Also attempt to use a new port on every started server and added a waiting period for the port to become re-usable. Author: Nikos Mavrogiannopoulos Date: Fri May 13 11:28:51 2016 +0200 tests: avoid calling exit() from signal handlers Author: Nikos Mavrogiannopoulos Date: Fri May 13 11:16:58 2016 +0200 memmem.m4: don't call exit() from signal handler Author: Nikos Mavrogiannopoulos Date: Thu May 12 11:24:03 2016 +0200 tests: enhance SNI checking with invalid UTF8 and embedded NULL case Author: Nikos Mavrogiannopoulos Date: Thu May 12 11:22:51 2016 +0200 Introduce _gnutls_server_name_set_raw This is an internal function intended for testing, which performs the same as gnutls_server_name_set() but without any UTF8 conversions or other checks in the input. It is intended to be used with raw data. Author: Nikos Mavrogiannopoulos Date: Thu May 12 11:21:16 2016 +0200 errors: include GNUTLS_E_IDNA_ERROR to the list Author: Nikos Mavrogiannopoulos Date: Thu May 12 10:58:58 2016 +0200 server_name: only save the supported server names in the session Invalid server names with embedded nulls and unsupported types are not saved. Author: Nikos Mavrogiannopoulos Date: Thu May 12 10:37:56 2016 +0200 gnutls_server_name_get: mention GNUTLS_E_IDNA_ERROR being returned Author: Nikos Mavrogiannopoulos Date: Thu May 12 09:24:23 2016 +0200 doc: clarify that 'hmac' in the name of functions is only for legacy reasons Author: Nikos Mavrogiannopoulos Date: Wed May 11 13:23:33 2016 +0200 tests: introduce delay between server restarts in testsrn.sh This is to reduce test suite random failures on CI. Author: Nikos Mavrogiannopoulos Date: Wed May 11 09:31:28 2016 +0200 tests: CRL test will separate stderr output from stdout This addresses CI failures due to "Merge mismatch for function" messages from gcov being inserted into stdout output and messing the base64 encoding. Author: Nikos Mavrogiannopoulos Date: Wed May 11 09:28:55 2016 +0200 Revert "tests: CRL test will not push stderr into output files" This reverts commit bf1ee75f78cd81ea8309bdfb50f63ed0ab61a23a. Author: Nikos Mavrogiannopoulos Date: Wed May 11 09:27:32 2016 +0200 gnutls_pkcs7_print: avoid warning for signed/unsigned comparison by making everything signed Author: Nikos Mavrogiannopoulos Date: Wed May 11 08:17:37 2016 +0200 tests: CRL test will not push stderr into output files This addresses CI failures due to "Merge mismatch for function" messages from gcov being inserted into output and messing the base64 encoding. Author: Nikos Mavrogiannopoulos Date: Tue May 10 22:46:34 2016 +0200 pack_srp_auth_info: corrected check for uninitialized username Author: Nikos Mavrogiannopoulos Date: Tue May 10 22:48:56 2016 +0200 call_get_cert_callback: removed dead code Author: Nikos Mavrogiannopoulos Date: Tue May 10 22:11:52 2016 +0200 pkcs11: added error check in _gnutls_buffer_append_data() Author: Nikos Mavrogiannopoulos Date: Tue May 10 22:08:23 2016 +0200 gnutls_pubkey_verify_data2: simplified return logic Author: Nikos Mavrogiannopoulos Date: Tue May 10 22:02:54 2016 +0200 gnutls_pkcs7_print: corrected type of unsigned count variable Author: Nikos Mavrogiannopoulos Date: Tue May 10 21:55:07 2016 +0200 _gnutls_krb5_der_to_principal: fixed invalid deinitialization on cleanup Author: Nikos Mavrogiannopoulos Date: Tue May 10 20:57:08 2016 +0200 tests: don't run hash-large on freebsd Author: Nikos Mavrogiannopoulos Date: Tue May 10 20:06:03 2016 +0200 tests: fix mmap usage of hash-large to correctly detect failures Author: Nikos Mavrogiannopoulos Date: Tue May 10 15:23:11 2016 +0200 doc: updated documentation for gnutls_x509_crt_get_*_dn Author: Nikos Mavrogiannopoulos Date: Tue May 10 15:20:09 2016 +0200 certtool: handle empty CNs on verification That is, handle GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if returned from gnutls_x509_crt_get_dn() on the end certificate. Author: Nikos Mavrogiannopoulos Date: Tue May 10 15:17:18 2016 +0200 Revert "x509: allow empty DNs on parsing for subject DNs" This reverts commit 1641ea943079765d601cf418dc2c89c1c93f0ecf. Author: Nikos Mavrogiannopoulos Date: Tue May 10 11:40:43 2016 +0200 cert cred: add the CN to the list of known hostnames only if no dns_names That is, follow rfc6125 and support CN as a fallback only. Author: Nikos Mavrogiannopoulos Date: Tue May 10 11:23:02 2016 +0200 tests: enhanced set_x509*_key to verify that connections succeed with creds That is the tests no only verify that credentials are set as expected but also whether sessions are established with the credentials provided. Author: Nikos Mavrogiannopoulos Date: Tue May 10 11:15:53 2016 +0200 gnutls_certificate_set_key: import the DNS names of the certificates That is, only when no (NULL) names are provided. Author: Nikos Mavrogiannopoulos Date: Tue May 10 11:12:33 2016 +0200 reset the global time func on init/deinit Author: Nikos Mavrogiannopoulos Date: Tue May 10 11:05:03 2016 +0200 auth/cert: log the server name requested by client Author: Nikos Mavrogiannopoulos Date: Tue May 10 11:00:02 2016 +0200 improved output of gnutls_assert() Author: Nikos Mavrogiannopoulos Date: Tue May 10 10:44:57 2016 +0200 x509: allow empty DNs on parsing for subject DNs Author: Alon Bar-Lev Date: Mon May 9 20:57:36 2016 +0300 build: tests/windows/cng-windows.c: fix implicit decleration of exit Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Tue May 10 09:15:29 2016 +0200 .gitlab-ci.yml: enable openssl compat library in minimal build Author: Nikos Mavrogiannopoulos Date: Tue May 10 09:12:51 2016 +0200 openssl_compat: removed unneeded headers These headers have been renamed, but they were not necessary for this module's compilation. Report/Patch by Andreas Metzler. Author: Nikos Mavrogiannopoulos Date: Mon May 9 21:47:14 2016 +0200 .gitlab-ci.yml: added build for windows DLLs This creates the windows DLLs on every tagged release. Author: Nikos Mavrogiannopoulos Date: Mon May 9 08:03:24 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon May 9 07:52:14 2016 +0200 bumped soversion Author: Nikos Mavrogiannopoulos Date: Mon May 9 07:51:05 2016 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Sat May 7 13:34:34 2016 +0200 x509: use the modified flag in gnutls_x509_crt_t That will avoid re-encoding or decoding in common operations. Author: Nikos Mavrogiannopoulos Date: Sat May 7 13:18:20 2016 +0200 x509: added flag to indicate modification in gnutls_x509_crt_t Author: Nikos Mavrogiannopoulos Date: Fri May 6 16:55:48 2016 +0200 gnutls_x509_crt_equals*: modified to allow operation with certificates that are not imported This allows it operating with certificates that are generated from scratch. Author: Nikos Mavrogiannopoulos Date: Fri May 6 16:04:31 2016 +0200 tests: added checks for certificate generation APIs Author: Nikos Mavrogiannopoulos Date: Fri May 6 15:40:14 2016 +0200 doc: fixed documentation of gnutls_x509_crt_set_subject_alternative_name The previous version could not be parsed by gdoc. Author: Hubert Kario Date: Fri May 6 11:12:29 2016 +0200 gnutls-serv: sending alerts on mismatched SNI names Extend serv utility to be able to send alerts when the name advertised by client does not match the name expected by server. Author: Hubert Kario Date: Fri May 6 11:05:10 2016 +0200 Add support for sending unrecognized name alerts To better test support for server_name extension in TLS, it's necessary to be able to differentiate between name being rejected because it is unknown to the server and it being malformed. Author: Nikos Mavrogiannopoulos Date: Fri May 6 11:41:12 2016 +0200 doc: TODO list references to gitlab Author: Nikos Mavrogiannopoulos Date: Thu May 5 11:10:38 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu May 5 11:01:29 2016 +0200 priorities: when without AES acceleration prefer stream ciphers (i.e., CHACHA20) Author: Nikos Mavrogiannopoulos Date: Thu May 5 22:49:50 2016 +0200 doc: updated documentation on rehandshake and GNUTLS_ALLOW_ID_CHANGE [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed May 4 09:13:50 2016 +0200 tests: use the 'b' modifier for writing binary data in set_x509_key_file_der This allows the test to operate properly on windows systems. Author: Nikos Mavrogiannopoulos Date: Wed May 4 08:07:37 2016 +0200 tests: avoid the usage of tmpnam() Use a simpler version which is confined within the testsuite build directories. Author: Nikos Mavrogiannopoulos Date: Wed May 4 07:48:37 2016 +0200 tests: disable checks with tmpnam() on windows Author: Nikos Mavrogiannopoulos Date: Tue May 3 20:14:37 2016 +0200 tests: fixed 64-bit check for time_t in mini-x509 Author: Nikos Mavrogiannopoulos Date: Tue May 3 15:26:52 2016 +0200 tests: added check for gnutls_certificate_set_x509_simple_pkcs12_file Author: Nikos Mavrogiannopoulos Date: Tue May 3 15:12:47 2016 +0200 .gitignore: more files to ignore Author: Nikos Mavrogiannopoulos Date: Tue May 3 15:12:00 2016 +0200 tests: added check of gnutls_certificate_set_x509_key_file2 with DER input Author: Nikos Mavrogiannopoulos Date: Tue May 3 14:54:31 2016 +0200 tests: enhanced set_x509_key_file check That now verifies that the input is the same as the data stored in the credentials as well checks for valid operation. Author: Nikos Mavrogiannopoulos Date: Tue May 3 14:29:35 2016 +0200 tests: mini-x509: include the legacy verification functions into the check Author: Nikos Mavrogiannopoulos Date: Tue May 3 14:28:44 2016 +0200 tests: added check for gnutls_certificate_set_key() Author: Nikos Mavrogiannopoulos Date: Tue May 3 14:24:08 2016 +0200 gnutls_certificate_set_key: duplicate the provided memory That is, do not assume that a heap allocated value is provided. Author: Nikos Mavrogiannopoulos Date: Tue May 3 11:54:04 2016 +0200 .gitlab-ci.yml: enabled coverage run in the x86 build Author: Nikos Mavrogiannopoulos Date: Tue May 3 11:49:09 2016 +0200 tests: do not block server errors in testdsa from being printed out Also added a delay prior to launching next server instance. Author: Nikos Mavrogiannopoulos Date: Tue May 3 11:43:48 2016 +0200 .gitignore: more test files to ignore Author: Nikos Mavrogiannopoulos Date: Tue May 3 11:26:04 2016 +0200 pkcs11: find_ext_cb: eliminated memory leak Author: Nikos Mavrogiannopoulos Date: Tue May 3 10:56:44 2016 +0200 pkcs11: find_cert_cb: do not use C_FindObjectsInit() when another is already running While some modules implicitly terminated the previous run, this is not something that PKCS#11 modules are expected to typically do. Author: Nikos Mavrogiannopoulos Date: Tue May 3 09:28:36 2016 +0200 pkcs11: the flag GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be respected by imported certificates That is, certificates imported with gnutls_pkcs11_obj_import_url() or gnutls_x509_crt_import_url() will be able to be extracted with their extensions overriden. Previously that was available only on gnutls_pkcs11_get_raw_issuer() and friends. Author: Nikos Mavrogiannopoulos Date: Mon May 2 15:36:56 2016 +0200 tests: added a basic PKCS#11 mock module This is used to test gnutls_pkcs11_obj_get_exts(), gnutls_x509_crt_import_url(), and gnutls_pkcs11_get_raw_issuer() with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Author: Nikos Mavrogiannopoulos Date: Mon May 2 13:13:10 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon May 2 13:12:00 2016 +0200 _gnutls_x509_crt_cpy: optimized and simplified Author: Nikos Mavrogiannopoulos Date: Mon May 2 12:53:54 2016 +0200 exported gnutls_x509_crt_equals() and gnutls_x509_crt_equals2() These functions provide a way to compare parsed certificates. They were used internally and they are quite useful to be made available. Author: Nikos Mavrogiannopoulos Date: Mon May 2 15:36:37 2016 +0200 gnutls_pkcs11_obj_get_exts: updated documentation Author: Nikos Mavrogiannopoulos Date: Mon May 2 12:09:03 2016 +0200 gnutls_x509_crt_import_url: updated documentation for new function name Author: Nikos Mavrogiannopoulos Date: Mon May 2 12:05:48 2016 +0200 gnutls_pkcs11_add_provider: clarified params description Author: Nikos Mavrogiannopoulos Date: Mon May 2 08:38:32 2016 +0200 tests: added checks on PKCS#1 digest info encoding/decoding Author: Nikos Mavrogiannopoulos Date: Mon May 2 08:37:45 2016 +0200 gnutls_decode_ber_digest_info: return more precise error code on unknown hash That is instead of returning GNUTLS_E_UNKNOWN_ALGORITHM on unknown hash, return GNUTLS_E_UNKNOWN_HASH_ALGORITHM. Author: Nikos Mavrogiannopoulos Date: Mon May 2 08:35:58 2016 +0200 errors.h: removed terminating colon on gnutls_assert() output Author: Nikos Mavrogiannopoulos Date: Sun May 1 12:13:26 2016 +0200 doc: updated PKCS #11 documentation Author: Nikos Mavrogiannopoulos Date: Sat Apr 30 18:09:18 2016 +0200 gnutls_certificate_get_crt_raw: doc update Author: Nikos Mavrogiannopoulos Date: Sat Apr 30 18:06:51 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Apr 30 17:50:45 2016 +0200 doc: mention the version after which gnutls_pem_base64_en/decode2() are available Author: Nikos Mavrogiannopoulos Date: Sat Apr 30 08:26:37 2016 +0200 tests: use one-time files in crl Author: Nikos Mavrogiannopoulos Date: Sat Apr 30 07:14:13 2016 +0200 tests: check whether the randomly generate port is used Author: Nikos Mavrogiannopoulos Date: Sat Apr 30 07:05:46 2016 +0200 .gitlab-ci.yml: enabled the code coverage checks in the valgrind and ubsan targets Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 19:38:44 2016 +0200 tests: enhanced the key-import-export tests This check now includes the abstract privkey import/export interfaces. Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 19:38:01 2016 +0200 corrected import issue in gnutls_privkey_import_ecc_raw Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 19:31:48 2016 +0200 x509/privkey: in raw import functions set the parameter's algorithm type Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 19:03:11 2016 +0200 srp base64: return proper gnutls errors codes on error rather than -1 Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 19:02:45 2016 +0200 tests: added checks for base64 functions Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 18:04:50 2016 +0200 .gitlab-ci.yml: added code coverage run This enhances a test to print the code coverage of the test suite, which in turn is being used/reported by gitlab CI interface. Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 14:53:40 2016 +0200 ax_code_coverage.m4: updated to latest version Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 13:12:36 2016 +0200 libtasn1: updated to latest version Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 12:57:23 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 12:56:24 2016 +0200 errors.h: gnutls_assert() will log the function name in addition to filename/line This is quite necessary after the filenames were simplified and we have filenames with identical names in the directory structure. Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 12:34:43 2016 +0200 tests: added check for SRP ID change during rehandshake The tests make sure that username changes are allowed if the flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise. Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 11:47:58 2016 +0200 tests: added check for PSK ID change during rehandshake The tests make sure that username changes are allowed if the flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise. Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 10:23:45 2016 +0200 handshake: enhance same certificate checks to apply to PSK/SRP username That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake clients will not be allowed to present another certificate than the original, or change their username for PSK or SRP ciphersuites. Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 09:39:13 2016 +0200 tests: added 'PFS' and 'SUITEB128' into the list of checked priority strings Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 09:29:45 2016 +0200 tests: fail() function will also print function and line information Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 09:36:02 2016 +0200 _gnutls_hex2bin: refuse to decode odd-sized hex data Author: Nikos Mavrogiannopoulos Date: Fri Apr 29 09:32:52 2016 +0200 tests: added unit tests on the HEX encoding/decoding functions Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 18:08:56 2016 +0200 certtool: eliminated memory leaks in DH parameter printing/generation. Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 17:42:49 2016 +0200 certtool: combined all the seed decoding methods to a single one That not only simplifies the code, but also allows decoding hex strings which contain not hex chars (and that allows decoding hex of the form XX:XX:XX) Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 17:31:24 2016 +0200 Revert "tests: ensure the seed is provided in plain hex" This reverts commit 0ea7206e12f52f6ed50c4a76ea0a23f5470115b2. Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 16:41:26 2016 +0200 tests: check certtool dh-parameter generation with --provable option Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 16:38:16 2016 +0200 tests: ensure the seed is provided in plain hex Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 16:34:29 2016 +0200 certtool: allow specifying seed size when generating provable DH parameters Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 14:34:17 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 14:26:19 2016 +0200 tests: simplified custom-urls check Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 14:22:44 2016 +0200 tests: added check on whether builtin URLs cannot be overriden Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 14:09:44 2016 +0200 keys: custom URLs take precedence over pre-defined URLs This allows applications to define the own 'system:' or 'pkcs11:' URLs. Resolves #89 Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 16:45:44 2016 +0200 x25519: ensure that a valid private key is present on key derivation Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 10:33:47 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 10:32:51 2016 +0200 tests: added check for GNUTLS_FORCE_CLIENT_CERT init flag Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 10:31:50 2016 +0200 instead of assigning a variable per flag use the init flags directly That is store the flags provided in gnutls_init() in the session structure and use these flags directly when required. Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 09:28:54 2016 +0200 added flag in session to force sending a client certificate This handles the use case of a client connecting to a server which incorrectly lists the CA certificates it supports. Without that change the only option was to avoid using the "automatic" client certificate functions, but rather utilize callbacks. With that approach this use case is handled by the "automatic" certificate selection functions. Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 13:28:50 2016 +0200 .gitlab-ci.yml: do not load submodules on CI since they are not used This reduces the CI running time. Author: Nikos Mavrogiannopoulos Date: Thu Apr 28 09:27:24 2016 +0200 tests: check client behavior of sending CA certificates Author: Nikos Mavrogiannopoulos Date: Wed Apr 27 08:18:45 2016 +0200 doc: removed news about feature already backported in 3.4.6 Author: Nikos Mavrogiannopoulos Date: Wed Apr 27 08:17:45 2016 +0200 examples: introduced basic error checking in more examples Author: Nikos Mavrogiannopoulos Date: Wed Apr 27 07:55:50 2016 +0200 examples: simplified the basic client example Author: Nikos Mavrogiannopoulos Date: Wed Apr 27 07:50:20 2016 +0200 examples: introduced basic error checking in main client examples Author: Nikos Mavrogiannopoulos Date: Wed Apr 27 07:38:47 2016 +0200 examples: corrected the required version of example Author: Nikos Mavrogiannopoulos Date: Tue Apr 26 15:03:08 2016 +0200 tests: enhanced dane testing with offline verification checks Author: Nikos Mavrogiannopoulos Date: Tue Apr 26 14:34:26 2016 +0200 dane: verification will not fail if a CA entry is encountered but cannot be verified That addresses the issue of verifying a single certificate against a list of TLSA entries that contain an entry with CA usage (cert usage 0). With the previous behavior verification would have failed, while now this entry will be skipped. Author: Nikos Mavrogiannopoulos Date: Tue Apr 26 13:54:17 2016 +0200 doc: improved documentation on certificate and DANE verification functions Author: Nikos Mavrogiannopoulos Date: Tue Apr 26 13:35:35 2016 +0200 dane: updated documentation of dane_verify_crt_raw Author: Nikos Mavrogiannopoulos Date: Tue Apr 26 13:00:46 2016 +0200 doc: added clarifications on documentation for dane_state_t Author: Nikos Mavrogiannopoulos Date: Tue Apr 26 12:56:35 2016 +0200 manpages: include the dane functions into the distributed pages Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 15:35:20 2016 +0200 ecdhe: eliminated unneeded checks for zero of public parameters There were not required by either draft-ietf-tls-rfc4492bis-07 or rfc7748. Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 15:22:55 2016 +0200 doc: added example client application utilizing the 3.1.x APIs Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 15:13:42 2016 +0200 examples: added explicit 3.5.0 dependency in ex-client-x509 Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 15:11:00 2016 +0200 examples: added error checks and updated verify_certificate_chain() Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 14:30:07 2016 +0200 .gitlab-ci.yml: made the linux tag explicit for our runners Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 14:15:04 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 14:13:11 2016 +0200 doc: document curve X25519 Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 14:12:46 2016 +0200 doc: clarify what catch all means in all scenarios Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 11:07:46 2016 +0200 gnutls-cli-debug: added tests for supported curves Author: Nikos Mavrogiannopoulos Date: Sat Apr 23 15:20:21 2016 +0200 tests: include self tests with CURVE-X25519 Author: Nikos Mavrogiannopoulos Date: Fri Apr 22 13:17:38 2016 +0200 gnutls-cli: enhanced KX benchmark with X25519 Author: Nikos Mavrogiannopoulos Date: Fri Apr 22 12:25:59 2016 +0200 handshake: added support for ECDH with curve X25519 This follows draft-ietf-tls-rfc4492bis-07 and rfc7748 Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 12:11:48 2016 +0200 tests: updated the openssl compat check to make explicit the used curves Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 11:12:29 2016 +0200 ecdhe: print the received curve from the server on debug mode Author: Nikos Mavrogiannopoulos Date: Sun Apr 24 10:54:54 2016 +0200 gnutls-cli-debug: added CHACHA20-POLY1305 detection Author: Nikos Mavrogiannopoulos Date: Sat Apr 23 22:25:35 2016 +0200 tests: on out of memory conditions do not fail the hash-large test This test may require a large amount of memory which some CI systems cannot provide. When an out-of-memory-error is detected skip the test instead of failing. Author: Nikos Mavrogiannopoulos Date: Sat Apr 23 15:15:50 2016 +0200 session: removed unused parameters from RSA-EXPORT era Author: Nikos Mavrogiannopoulos Date: Sat Apr 23 14:52:03 2016 +0200 README-alpha.md: updated badges with the new gitlab URLs Author: Nikos Mavrogiannopoulos Date: Fri Apr 22 09:26:55 2016 +0200 doc: document the TPM 1.2 limitation Author: Nikos Mavrogiannopoulos Date: Thu Apr 21 16:50:46 2016 +0200 doc: tpm: include short instructions on initializing the TPM chip Author: Nikos Mavrogiannopoulos Date: Wed Apr 20 16:19:32 2016 +0200 tests: hash-large: use private mmap() This reduces the memory usage of the test significantly on Linux. Author: Nikos Mavrogiannopoulos Date: Wed Apr 20 12:04:09 2016 +0200 tests: use mmap() for large memory allocations in systems that support it That allows the hash-large test to run on systems which its calloc() is attempting to allocate an impossible amount of memory. Author: Nikos Mavrogiannopoulos Date: Wed Apr 20 11:28:21 2016 +0200 tests: use /bin/bash for tests that use bashisms Author: Nikos Mavrogiannopoulos Date: Wed Apr 20 11:02:10 2016 +0200 tests: don't run danetool.sh if danetool is not present That prevents test suite failure in systems without libunbound. Author: Nikos Mavrogiannopoulos Date: Wed Apr 20 10:08:23 2016 +0200 gnutls_int.h: allow compiling with system (gnutls) headers Author: Nikos Mavrogiannopoulos Date: Wed Apr 20 13:44:59 2016 +0200 .gitlab-ci.yml: added build rule on freebsd Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 23:11:13 2016 +0200 certtool: document sha3 functions in manpage [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 23:06:24 2016 +0200 doc: added missing @end example in danetool documentation Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 22:50:52 2016 +0200 doc: updated documentation on false start Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 22:37:22 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 19:25:08 2016 +0200 gnutls-cli-debug: enable socket verbosity when --verbose is given Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 19:23:23 2016 +0200 tools: explicitly initialize socket struct to zero That resolves issue where verbose was enabled by default. Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 19:18:05 2016 +0200 tools: avoid extracting the value of the app-proto alias Instead always extract the starttls-proto value, as it seems that libopts doesn't report any value for the former. This corrects the starttls capability of danetool and gnutls-cli-debug. Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 19:12:51 2016 +0200 tools: document the starttls capability Author: Nikos Mavrogiannopoulos Date: Tue Apr 19 09:20:04 2016 +0200 tests: do not run danetool.sh on windows The test fails due to CRLF. Author: Nikos Mavrogiannopoulos Date: Mon Apr 18 16:24:34 2016 +0200 tools: avoid relying on static buffers for service name Author: Nikos Mavrogiannopoulos Date: Mon Apr 18 16:16:59 2016 +0200 tests: added basic check on danetool --tlsa-rr option Author: Nikos Mavrogiannopoulos Date: Mon Apr 18 16:03:37 2016 +0200 danetool: Allow specifying a service name into port option This makes the tool similar to gnutls-cli. Author: Kevin Cernekee Date: Mon Apr 18 15:15:32 2016 +0200 Fix library build on Chrome Native Client (NaCl) Some supported toolchains define DT_UNKNOWN but do not define _DIRENT_HAVE_D_TYPE (and do not have the d_type field). On other platforms GnuTLS may need to second-guess what the library is reporting, but on NaCl this is unsafe. Author: Nikos Mavrogiannopoulos Date: Mon Apr 18 12:03:05 2016 +0200 gnutls-serv: don't send closure messages in failed handshakes Author: Nikos Mavrogiannopoulos Date: Mon Apr 18 11:46:39 2016 +0200 client key exchange: fail if the client KX message is padded with additional bytes Author: Nikos Mavrogiannopoulos Date: Mon Apr 18 11:18:04 2016 +0200 _wrap_nettle_pk_derive: reject values of public key that are over the prime That is do not canonicalise the value we get from the network, but rather check it for validity. This saves a modular reduction on handshake and performs a sanity check on the peer's (client) parameters. Reported by Hubert Kario. Resolves #84 Author: Nikos Mavrogiannopoulos Date: Fri Apr 15 10:17:32 2016 +0200 tests: suite: disable any openssl cpu optimizations This prevents from valgrind failures on softhsm usage due to any new instruction optimizations which are not supported by valgrind. Author: Nikos Mavrogiannopoulos Date: Fri Apr 15 10:14:22 2016 +0200 doc: further updated documentation on false start [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Apr 14 19:32:22 2016 +0200 doc: updated documentation on false start Author: Nikos Mavrogiannopoulos Date: Thu Apr 14 19:23:13 2016 +0200 tests: enhanced the false start checks These now check whether sending and receiving is performed as expected after handshake, DTLS, as well as test explicit handshake called by the application. Author: Nikos Mavrogiannopoulos Date: Thu Apr 14 19:20:36 2016 +0200 Updated false start support to be transparent to applications. That is, an additional flag GNUTLS_ENABLE_FALSE_START is introduced for gnutls_init(), and that enables support for false start. At this point false start will be performed by the handshake if possible, and gnutls_record_recv() will handle handshake completion. Author: Nikos Mavrogiannopoulos Date: Thu Apr 14 11:11:01 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Apr 14 11:02:59 2016 +0200 doc: updated docs related to private key generation Author: Nikos Mavrogiannopoulos Date: Thu Apr 14 10:54:49 2016 +0200 certtool: do not allow combining --provable with --ecc in key generation There is no such support in the library. Author: Nikos Mavrogiannopoulos Date: Thu Apr 14 10:33:55 2016 +0200 updated auto-generated files for new APIs Author: Nikos Mavrogiannopoulos Date: Thu Apr 14 10:28:36 2016 +0200 doc: added tlsproxy example reference into documentation Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 15:55:56 2016 +0200 tests: pem-decoding: fixed issue preventing out-of-tree checks Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 15:48:58 2016 +0200 tests: pem-decoding: use unique temp files Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 14:06:02 2016 +0200 tests: enhanced mini-x509-kx with ECDHE-ECDSA ciphersuite testing Also renamed it to cert-key-exchange for easier tracking. Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 13:59:02 2016 +0200 handshake: do not overwrite the server's signature algorithm That is, correct a bug under which a client sending a certificate would overwrite the server's idea about the used signature algorithm. Reported by Hubert Kario. Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 13:50:59 2016 +0200 tests: enhanced mini-x509-kx with client auth scenarios Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 13:39:38 2016 +0200 tests: verify that the output of gnutls_sign_algorithm_get() is the expected one Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 13:06:23 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 11:43:56 2016 +0200 ocsp: increased the preallocated space in check_ocsp_purpose to account for null terminator This relates to gnutls_x509_crt_get_key_purpose_oid() change to return null-terminated OIDs. Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 11:28:13 2016 +0200 tests: enhanced and simplified SHA3 tests Included checks about SHA3-224 and SHA3-384. Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 11:05:19 2016 +0200 tests: added check of GOST cert decoding/printing This verifies whether our printing functions print the OID on unknown/unsupported algorithms. Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 11:04:12 2016 +0200 x509 output: print the OID of certificates/CRLs/CRQs with unknown algorithms That is, if any unknown signature or subject public key algorithm is encountered the OID will be printed instead. Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 10:27:14 2016 +0200 tests: added basic tests for CSR parsing This mainly includes tests on the new gnutls_x509_crq_get_signature_oid() and gnutls_x509_crt_get_algorithm_oid(). Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 10:16:29 2016 +0200 tests: added basic tests on CRL parsing That includes testing on the new gnutls_x509_crl_get_signature_oid() Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 09:51:46 2016 +0200 tests: added basic functionality tests for gnutls_x509_crt_get_*_oid Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 09:43:31 2016 +0200 Added gnutls_x509_crl_get_signature_oid Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 09:39:21 2016 +0200 Added gnutls_x509_crq_get_signature_oid and gnutls_x509_crq_get_pk_oid Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 09:17:08 2016 +0200 Added gnutls_x509_crt_get_signature_oid and gnutls_x509_crt_get_pk_oid These functions can directly provide the textual object identifier of their corresponding fields. Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 09:03:56 2016 +0200 gnutls_x509_crt_get_key_purpose_oid: copy the OID as a null-terminated string Author: Nikos Mavrogiannopoulos Date: Wed Apr 13 08:53:23 2016 +0200 sign: corrected digest in SHA3-224 OID mapping Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 22:53:57 2016 +0200 configure: corrected regression which prevented the build of tests/suite This regression was introduced at 8b97662c40c67a6d4087ce6e1f0c6fb6ea4a8b2c Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 22:25:06 2016 +0200 gnutls_x509_ext_import_policies: initialize value to avoid compiler warnings Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 22:21:02 2016 +0200 README: removed inexistent package Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 22:16:22 2016 +0200 common.mk: corrected typo on LDFLAGS for coverage Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 19:25:18 2016 +0200 danetool: corrected typo in manual [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 16:07:41 2016 +0200 gnutls_packet_get: avoid null pointer dereference on NULL input That is, still allow the function to handle a NULL packet input but reset the data contents. Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 16:04:24 2016 +0200 gnutls_x509_privkey_verify_seed: corrected typo that made the function always return true Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 16:02:20 2016 +0200 _gnutls_asn2err: declared as constant function Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 15:37:38 2016 +0200 load_dir_certs: use readdir() in all platforms According to glibc documentation readdir_r() is deprecated and the use of readdir() is recommended. As such we switch to it on all platforms. Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 15:26:42 2016 +0200 tests: combined the resume checks for Anonymous and PSK ciphersuites In addition enhanced it to check the resumption on the certificate ciphersuites as well. Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 14:21:04 2016 +0200 configure: Add a code coverage option Configure with: ./configure --enable-code-coverage Show coverage output with: make && make check && make code-coverage-capture Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 14:17:26 2016 +0200 Makefile.am: moved common rules (AM_CFLAGS) to common.mk Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 12:12:40 2016 +0200 gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable That is because this field is not optional, and a failure on its parsing is always fatal. Reported by Yuan Jochen Kang. Author: Nikos Mavrogiannopoulos Date: Tue Apr 12 12:08:35 2016 +0200 gnutls_x509_privkey_import2: document an intentional fall through Author: Nikos Mavrogiannopoulos Date: Mon Apr 11 16:48:46 2016 +0200 README: add abi-compliance-checker into install instructions Author: Nikos Mavrogiannopoulos Date: Mon Apr 11 08:49:11 2016 +0200 gnutls_x509_crt_get_key_usage: ensure that its returned value is properly handled Reported by Yuan Jochen Kang. Author: Nikos Mavrogiannopoulos Date: Sun Apr 10 10:54:29 2016 +0200 tests: do not enable valgrind in non-git builds Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 13:38:47 2016 +0200 hash: corrected the textual description of hashes Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 13:34:39 2016 +0200 corrected SHA3-224 OID Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 13:31:54 2016 +0200 x509 output: don't warn about insecure algorithm when unknown Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 12:43:22 2016 +0200 tests: remove any system specific code of ecore This was causing issues with certain builds and was not used for the purpose of testing. Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 11:51:34 2016 +0200 tests: disable unsupported curves from compatibility checks This allows running make check even when compiling with disable-suiteb-curves. Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 11:49:07 2016 +0200 tests: removed unused scripts Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 11:46:27 2016 +0200 .gitlab-ci.yml: combined C99 and undefined sanitizer builds Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 09:46:06 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 09:43:49 2016 +0200 crywrap: was removed from gnutls tools Its inclusion did not increase the attention paid to this tool, not provided any significant advantage to gnutls' users thus it was unbundled from the main library. The tool can be found at https://github.com/nmav/crywrap Author: Nikos Mavrogiannopoulos Date: Sat Apr 9 08:17:53 2016 +0200 minitasn1: updated to latest git version Author: Nikos Mavrogiannopoulos Date: Fri Apr 8 19:46:36 2016 +0200 doc: Replace references to select with poll and other fixes Author: Nikos Mavrogiannopoulos Date: Fri Apr 8 19:40:28 2016 +0200 doc: replace inaccurate sentence with reference to gnutls_record_discard_queued [ci skip] Author: Nikos Mavrogiannopoulos Date: Fri Apr 8 15:40:06 2016 +0200 gnutls_record_get_direction: doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Fri Apr 8 14:13:26 2016 +0200 tests: reduce the number of loops in x509sign-verify2 This enables running the test in reasonable time under valgrind. Author: Nikos Mavrogiannopoulos Date: Fri Apr 8 13:36:44 2016 +0200 pkix.asn: corrected byKey definition OCSP is defined in an EXPLICIT tags module, and as such we must tag explicitly all of its tags. Author: Nikos Mavrogiannopoulos Date: Tue Apr 5 13:22:29 2016 +0200 tests: check the generation of IP name constraints with certtool Author: Nikos Mavrogiannopoulos Date: Tue Apr 5 13:21:53 2016 +0200 certtool: allow generating IP name constraints Relates #83 Author: Nikos Mavrogiannopoulos Date: Tue Apr 5 13:16:07 2016 +0200 _gnutls_parse_general_name2: allow parsing empty names This allows parsing empty general names such as an empty DNSname used in name constraints. Author: Nikos Mavrogiannopoulos Date: Tue Apr 5 11:54:50 2016 +0200 name constraints: enforce the rules for IP constraints when adding This will prevent gnutls from generating badly formed certificates. Author: Nikos Mavrogiannopoulos Date: Tue Apr 5 10:36:05 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 5 10:33:18 2016 +0200 .gitignore: more files to ignore Author: Daiki Ueno Date: Wed Mar 16 14:21:41 2016 +0900 name constraints: compute permitted set strictly RFC 5280 6.1.4. states that the permitted_subtrees variable is constructed as an intersection of its previous value. Co-authored-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 5 09:08:14 2016 +0200 .gitlab-ci.yml: added C99 target for the library This compiles the library using gcc options for the C99 standard. Author: Nikos Mavrogiannopoulos Date: Tue Apr 5 08:44:34 2016 +0200 README: updated libtasn1 URL [ci skip] Author: Nikos Mavrogiannopoulos Date: Sun Apr 3 09:46:24 2016 +0200 x86-common: increase the size of _gnutls_x86_cpuid_s to match the size of assembly files This resolves issue on certain platforms (e.g., windows) where ld would simply fail, instead of allocate the largest size of the variable. Author: Nikos Mavrogiannopoulos Date: Sat Apr 2 12:56:45 2016 +0200 ocsptool: use HTTP/1.0 for requests This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute. Author: Nikos Mavrogiannopoulos Date: Sat Apr 2 12:02:08 2016 +0200 gnutls_init(): refer to gnutls_init_flags_t for the documentation of available flags Author: Nikos Mavrogiannopoulos Date: Sat Apr 2 11:16:19 2016 +0200 README.CODING_STYLE: set C99 as the C dialect of choice Author: Nikos Mavrogiannopoulos Date: Fri Apr 1 11:10:56 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Apr 1 11:08:38 2016 +0200 tests: added check for system priority file loading and parsing This checks whether the file is properly loaded and its contents are parsed as expected. Author: Nikos Mavrogiannopoulos Date: Fri Apr 1 10:46:12 2016 +0200 priorities: preload the system priorities on library loading time This allows to rely on the system priorities even in the case of applications that chroot(). This also introduces the environment variable GNUTLS_SYSTEM_PRIORITY_FILE which can be used to override the global priority file. Author: Nikos Mavrogiannopoulos Date: Thu Mar 31 17:25:45 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Mar 31 17:24:37 2016 +0200 tests: added check of verification using MD5 with and without --verify-allow-broken This tests certtool and whether it fails verification of MD5 chains with no --verify-allow-broken, or whether it succeeds if given. Author: Nikos Mavrogiannopoulos Date: Thu Mar 31 17:15:34 2016 +0200 tests: added PKCS #7 signing/verification test with broken sigs (MD5) This tests whether we can sign structures using broken algorithms (MD5), and verify structures signed with broken algoritms if --verify-allow-broken is given to certtool. Author: Nikos Mavrogiannopoulos Date: Thu Mar 31 16:58:37 2016 +0200 certtool: added flag to allow verification using broken algorithms Author: Nikos Mavrogiannopoulos Date: Thu Mar 31 09:46:44 2016 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Mar 31 10:29:59 2016 +0200 tests: check whether resumption data from resumed session work Author: Nikos Mavrogiannopoulos Date: Thu Mar 31 09:40:09 2016 +0200 session resumption: lift the limitation of calling gnutls_session_get_data*() on non-resumed sessions This allows of obtaining the session data required for proper session resumption from any available session. This brings the API in par with expectations of its users. Resolves #79 Author: Nikos Mavrogiannopoulos Date: Thu Mar 31 09:45:43 2016 +0200 dtls: added missing dtls.h to state.c Author: Nikos Mavrogiannopoulos Date: Wed Mar 30 12:24:09 2016 +0200 tests: added check for gnutls_record_set_state() under DTLS Author: Nikos Mavrogiannopoulos Date: Wed Mar 30 11:37:49 2016 +0200 dtls: reset the record number sliding window on gnutls_record_set_state() This addresses issue where gnutls_record_set_state() was called with a new state but the sliding window information was not updated, thus blocking any incoming packets. Resolves #82 Author: Nikos Mavrogiannopoulos Date: Wed Mar 30 10:13:18 2016 +0200 x509/output: simplified cidr_to_string() Author: Nikos Mavrogiannopoulos Date: Tue Mar 29 16:14:15 2016 +0200 .gitignore: more files to ignore Author: Nikos Mavrogiannopoulos Date: Tue Mar 29 16:11:36 2016 +0200 tests: check gnutls_record_get_state() with DTLS Since in DTLS we relied on a sliding window to keep track of the sequence numbers we didn't provide a sensible value to application via gnutls_record_get_state(). This test makes sure that we report the "correct" value when asked. Correct being the next number after the last received packet. Author: Nikos Mavrogiannopoulos Date: Tue Mar 29 15:52:59 2016 +0200 DTLS: save last valid record sequence number This will allow to report a valid number to gnutls_record_get_state() callers in case of DTLS. Reported by Fridolin Pokorny. Author: Nikos Mavrogiannopoulos Date: Tue Mar 29 15:34:37 2016 +0200 tests: delete outfile in certtool-long-cn Author: Nikos Mavrogiannopoulos Date: Tue Mar 29 15:33:27 2016 +0200 tests: verify the output of name constraints IP decoding Author: Nikos Mavrogiannopoulos Date: Tue Mar 29 15:04:11 2016 +0200 x509/output: print RFC5280 CIDRs in name constraints Author: Nikos Mavrogiannopoulos Date: Tue Mar 29 14:11:56 2016 +0200 tests: check the sequence numbers produced by gnutls_record_get_state() Author: Nikos Mavrogiannopoulos Date: Tue Mar 29 14:08:58 2016 +0200 gnutls_record_get_state: Allow for NULL parameters Author: Nikos Mavrogiannopoulos Date: Thu Mar 24 07:13:59 2016 +0100 ocsptool: eliminated memory leaks in verify-response option Author: Nikos Mavrogiannopoulos Date: Thu Mar 24 07:12:34 2016 +0100 ocsptool: don't exit with error code on verification failures when --ignore-errors is given Author: Nikos Mavrogiannopoulos Date: Wed Mar 23 23:15:24 2016 +0100 tests: added OCSP related checks Author: Nikos Mavrogiannopoulos Date: Wed Mar 23 23:14:01 2016 +0100 ocsptool: exit with error on verification failures Author: Nikos Mavrogiannopoulos Date: Wed Mar 23 23:00:53 2016 +0100 ocsp: gnutls_ocsp_resp_verify_direct will skip additional checks for certificates matching issuer That eliminates issue with ocsptool rejecting OCSP responses signed by the same CA that signed the certificate. Reported by Thomas Klute. Author: Nikos Mavrogiannopoulos Date: Wed Mar 23 22:46:16 2016 +0100 ocsptool: Allow saving responses even if verification fails In addition do not enter a spurious newline to responses. Author: Maya Rashish Date: Wed Mar 23 18:04:07 2016 +0200 Avoid using strerror in dtls stress test Using it results in build failure on NetBSD: undefined reference to `rpl_strerror' Author: Maya Rashish Date: Wed Mar 23 16:08:02 2016 +0200 Add missing header to testsuite This causes a problem for NetBSD+clang tests, because SIGTERM and kill are undefined. Resolves #80 Signed-off-by: Maya Rashish Author: Nikos Mavrogiannopoulos Date: Wed Mar 23 10:39:59 2016 +0100 session tickets: avoid GCM for session tickets and rely on CBC and HMAC The latter is more resilient against non-key renewal. Author: Jaak Ristioja Date: Mon Feb 15 12:14:52 2016 +0200 Broke apart _gnutls_recv_int() to the packet and non-packet cases. Only gnutls_record_recv_packet() called _gnutls_recv_int() with (packet != NULL). I refactored this logic directly downstream into gnutls_record_recv_packet(). The _gnutls_recv_int() function now only handles non-packet specific logic. The check_session_status() function was created to deduplicate common code which would otherwise have ended up in both functions. The rationale behind this change is to optimize what were previously calls of _gnutls_recv_int(). First of all _gnutls_recv_int() now has only 6 parameters, which according to the x86_64 System V Application Binary Interface should now fit into CPU registers and no longer use the stack. Secondly this change avoids a number of branching checks for both packet and non-packet cases. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Mar 21 11:29:08 2016 +0100 gnutls-cli: corrected usage of gnutls_session_get_data() This is no longer called on resumed sessions, allowing more than one resumption in servers which use tickets and don't resend the ticket on subsequent connections. Author: Nikos Mavrogiannopoulos Date: Fri Mar 18 13:10:40 2016 +0100 testcompat-openssl: enable TLS 1.2 tests with openssl 1.0.1+ Author: Nikos Mavrogiannopoulos Date: Fri Mar 18 11:21:35 2016 +0100 tests: verify that the post-client-hello callback has access to ALPN data Author: Nikos Mavrogiannopoulos Date: Fri Mar 18 10:35:46 2016 +0100 .gitlab-ci.yml: don't use git submodule update, not needed for our testsuite Author: Yuriy M. Kaminskiy Date: Tue Mar 15 18:21:32 2016 +0300 alpn: ALPN state is per-connection, it should not be saved with session data In addition the extension was moved to the mandatory to parse to ensure it is always parsed when sessions are resumed. rfc7301: Unlike many other TLS extensions, this extension does not establish properties of the session, only of the connection. When session resumption or session tickets [RFC5077] are used, the previous contents of this extension are irrelevant, and only the values in the new handshake messages are considered. Signed-off-by: Yuriy M. Kaminskiy Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Mar 18 09:44:40 2016 +0100 tests: added checks for session resumption and ALPN This checks whether the ALPN extension is re-read on resumption and is negotiated. Author: Nikos Mavrogiannopoulos Date: Wed Mar 16 10:00:17 2016 +0100 x86-common: CPUID override will only work if CPU has already the capability present This resolves test suite failure on CPUs with limited capabilities. Reported by Andreas Metzler. Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 17:35:12 2016 +0100 Introduced GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING This error code is returned when an embedded NULL is detected in a string. Author: Nikos Mavrogiannopoulos Date: Wed Mar 16 21:03:54 2016 +0100 gnutls_server_name_set: accept non-null terminated hostnames The introduction of IDNA support introduced a regression and this function does not operate correctly when given non-null terminated strings. Reported by Tim Ruehsen. Relates #78 Author: Nikos Mavrogiannopoulos Date: Wed Mar 16 20:57:31 2016 +0100 tests: added check for non-null terminated server name This checks whether a non-null terminated server name, but with correct length is correctly accepted by gnutls_server_name_set(). Relates #78 Author: Nikos Mavrogiannopoulos Date: Tue Mar 15 12:00:39 2016 +0100 tests: template-test was updated for OCSP key purpose reordering Author: Ludovic Courtès Date: Mon Mar 14 10:44:08 2016 +0100 guile: doc: Mention bytevectors. * doc/gnutls-guile.texi (Representation of Binary Data): Mention bytevectors. (Input and Output): Likewise. Author: Ludovic Courtès Date: Mon Mar 14 10:44:07 2016 +0100 guile: doc: Explain "Application Data" packets and 'session-record-port'. * doc/gnutls-guile.texi (Input and Output): Mention "Application Data" packets and buffering. Author: Nikos Mavrogiannopoulos Date: Tue Mar 15 11:20:16 2016 +0100 certtool: do not require a CA for OCSP signing This follows the recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP signing to another certificate without requiring it to be a CA. Reported by Thomas Klute. Author: Nikos Mavrogiannopoulos Date: Mon Mar 14 14:06:01 2016 +0100 doc: updated text for gnutls_ocsp_status_request_is_checked() Relates #75 Author: Nikos Mavrogiannopoulos Date: Mon Mar 14 13:56:17 2016 +0100 doc: clarified expectations on gnutls_datum_t Relates #77 Author: Nikos Mavrogiannopoulos Date: Sun Mar 13 20:55:02 2016 +0100 doc update: gnutls_handshake_set_false_start_function() [ci skip] Author: Nikos Mavrogiannopoulos Date: Sun Mar 13 11:39:22 2016 +0100 abi-check: corrected type of gnutls_x509_crl_get_issuer_dn That will avoid any accidental ABI breakage on that symbol. Author: Nikos Mavrogiannopoulos Date: Fri Mar 11 14:45:02 2016 +0100 .gitlab-ci.yml: added abi-checker rule This allows to test ABI incompatibilities as soon as possible. Author: Nikos Mavrogiannopoulos Date: Fri Mar 11 14:36:39 2016 +0100 Makefile: made abi-checks self-contained That is, they no longer assume a given directory structure to exist outside git. It now includes a static dump of the symbols in 3.4.0 for x86_64 and we compare with it. Author: Nikos Mavrogiannopoulos Date: Fri Mar 11 11:52:17 2016 +0100 certtool: better error handling in file_size() Author: Nikos Mavrogiannopoulos Date: Fri Mar 11 11:47:12 2016 +0100 gnutls-cli: fix invalid initialization in cert_verify_ocsp() Author: Nikos Mavrogiannopoulos Date: Fri Mar 11 11:45:23 2016 +0100 gnutls-serv: human_addr always returns a non-null argument This addresses issue with libc's which don't support printf() with a NULL argument. Author: Nikos Mavrogiannopoulos Date: Tue Mar 8 15:10:07 2016 +0100 tests: testpkcs11: the test will always fail in code path failures Author: Nikos Mavrogiannopoulos Date: Tue Mar 8 10:12:22 2016 +0100 README: list the main branches build status [ci skip] Author: Nikos Mavrogiannopoulos Date: Mon Mar 7 11:50:34 2016 +0100 gnutls_system_recv_timeout: restore poll on EINTR Author: Nikos Mavrogiannopoulos Date: Mon Mar 7 10:47:43 2016 +0100 doc: corrected typo [ci skip] Author: Nikos Mavrogiannopoulos Date: Mon Mar 7 10:42:14 2016 +0100 gnutls_ocsp_status_request_is_checked: document the version the flag was introduced at Relates: #75 Author: Nikos Mavrogiannopoulos Date: Mon Mar 7 10:25:57 2016 +0100 doc: generate manpages for all functions That addresses issue where certain manpages were created empty. See https://bugzilla.redhat.com/show_bug.cgi?id=1306800 Author: Nikos Mavrogiannopoulos Date: Mon Mar 7 10:11:37 2016 +0100 doc: mention gnutls_certificate_set_x509_trust_dir() It was not mentioned in the "Client or server certificate verification" section. Resolves #76 Author: Nikos Mavrogiannopoulos Date: Mon Mar 7 09:30:44 2016 +0100 tests: mini-loss-time: improved timeout detection Author: Nikos Mavrogiannopoulos Date: Fri Mar 4 10:16:51 2016 +0100 corrected typo in comment [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Mar 1 16:23:55 2016 +0100 configure: silence clang's warnings Author: Nikos Mavrogiannopoulos Date: Thu Mar 3 14:24:13 2016 +0100 tests: added check for version negotiation default prio string That verifies whether the support versions are negotiated. Author: Nikos Mavrogiannopoulos Date: Thu Mar 3 09:05:32 2016 +0100 tests: include test-hash-large into dist Author: Nikos Mavrogiannopoulos Date: Thu Mar 3 08:50:48 2016 +0100 Sync with TP [ci skip] Author: Ludovic Courtès Date: Wed Mar 2 09:59:19 2016 +0100 Update NEWS. Author: Nikos Mavrogiannopoulos Date: Tue Mar 1 14:50:42 2016 +0100 Disable weak symbols for _gnutls_global_init_skip() under windows That is to avoid an issue with running gnutls under windows; that renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows. Relates #74 Author: Nikos Mavrogiannopoulos Date: Tue Mar 1 13:19:29 2016 +0100 .gitlab-ci.yml: asan, clang and valgrind builds were made arch-independent Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 20:49:09 2016 +0100 tests: pkcs12: allow multiple in-place builds Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 19:41:33 2016 +0100 tests: pkcs1-pad,rsa-md5-collision: allow multiple in-place builds Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 17:12:49 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 17:06:12 2016 +0100 gnutls-cli: fail if gnutls is not compiled with DANE support and --dane is provided Suggested by Bjorn Jacke. Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 13:23:25 2016 +0100 tests: always used the slow (portable) version of get16bits This prevents issues with misaligned addresses and undefined sanitizer. Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 12:46:47 2016 +0100 timespec_sub_ms: fixed operation in 32-bit systems Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 10:23:20 2016 +0100 .gitlab-ci.yml: don't use the internal libtasn1 when compiling with libubsan This prevents build failures due to issues in libtasn1 Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 10:22:13 2016 +0100 tests: Fixes to prevent undefined behavior (found with libubsan) Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 10:18:58 2016 +0100 pkcs11: Fixes to prevent undefined behavior (found with libubsan) Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 09:58:40 2016 +0100 cipher.c: Fixes to prevent undefined behavior (found with libubsan) Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 09:57:40 2016 +0100 ecc: optimized extension parsing Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 09:48:12 2016 +0100 opencdk: Fixes to prevent undefined behavior (found with libubsan) Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 09:48:02 2016 +0100 gnutls.h: Fixes to prevent undefined behavior (found with libubsan) Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 09:43:32 2016 +0100 x509: Fixes to prevent undefined behavior (found with libubsan) Author: Nikos Mavrogiannopoulos Date: Mon Feb 29 09:27:23 2016 +0100 x509: cleanup in privkey.c Author: Andreas Metzler Date: Sun Feb 28 15:35:01 2016 +0100 Let p11tool --provider option accept filenames. Drop 'file-exists = yes;' to allow specifying either an absolute pathname or a file in P11_MODULE_PATH. Author: Nikos Mavrogiannopoulos Date: Sun Feb 28 13:01:11 2016 +0100 .gitlab-ci.yml: abort on ubsan errors Author: Nikos Mavrogiannopoulos Date: Sun Feb 28 12:12:09 2016 +0100 p11tool: addressed memory leaks Author: Nikos Mavrogiannopoulos Date: Sun Feb 28 10:45:02 2016 +0100 tests: use 'datefudge -s' to avoid loops This avoids repeated loops of the same test as well as random failures in the test suite. Author: Nikos Mavrogiannopoulos Date: Sat Feb 27 22:37:21 2016 +0100 tests: krb5-test: increased the number of loops This should prevent random failures in the test suite. Author: Nikos Mavrogiannopoulos Date: Sat Feb 27 22:23:34 2016 +0100 .gitlab-ci.yml: asan and ubsan include the suite/ Author: Nikos Mavrogiannopoulos Date: Tue Feb 23 10:35:14 2016 +0100 .gitignore: more files to ignore Author: Nikos Mavrogiannopoulos Date: Tue Feb 23 10:33:18 2016 +0100 doc: documented false start functionality Author: Nikos Mavrogiannopoulos Date: Tue Feb 23 10:23:57 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Feb 23 10:14:53 2016 +0100 tests: Added checks for false start operation Author: Nikos Mavrogiannopoulos Date: Tue Feb 23 09:40:26 2016 +0100 Added gnutls_handshake_set_false_start_function() This function allows to use TLS False-start, by using the provided function to send data just after finished message. Author: Nikos Mavrogiannopoulos Date: Sat Feb 27 21:54:51 2016 +0100 tests: enable softhsmv2 test suite by default Also do not fatally fail with known softhsmv2 bugs. Author: Jan Vcelak Date: Fri Feb 26 16:17:48 2016 +0100 pkcs11: tests for RSA, ECC, DSA private key import Signed-off-by: Jan Vcelak Author: Jan Vcelak Date: Fri Feb 26 16:17:47 2016 +0100 pkcs11: tests for DSA key generating Signed-off-by: Jan Vcelak Author: Nikos Mavrogiannopoulos Date: Sat Feb 27 17:56:36 2016 +0100 added getpid() to the list of system calls used Author: Nikos Mavrogiannopoulos Date: Fri Feb 26 14:41:12 2016 +0100 .gitlab-ci.yml: added compilation rule with libubsan Author: Jan Vcelak Date: Thu Feb 25 16:43:36 2016 +0100 gnutls_x509_privkey_import: add missing algorithm setting for DSA keys The algorithm number was set only in the private key structure, not in the nested structure with parameters. This made certain operations to fail (e.g., copying the key into a PKCS #11 token). Signed-off-by: Jan Vcelak Author: Jan Vcelak Date: Thu Feb 25 15:21:30 2016 +0100 pkcs11: implement correct DSA key pair generating Signed-off-by: Jan Vcelak Author: Jan Vcelak Date: Thu Feb 25 15:21:29 2016 +0100 pkcs11: add interface for C_GenerateKey Signed-off-by: Jan Vcelak Author: Nikos Mavrogiannopoulos Date: Fri Feb 26 12:00:55 2016 +0100 better match with unknown_tls_aid Author: Nikos Mavrogiannopoulos Date: Fri Feb 26 11:54:05 2016 +0100 x509: moved time-specific functions to time.c Author: Sebastian Dröge Date: Wed Feb 24 12:42:26 2016 +0200 configure: Android is ELF too Without this, compiling Android for x86 or x86-64 fails because the assembly optimizations are not compiled in. Author: Nikos Mavrogiannopoulos Date: Thu Feb 25 15:45:04 2016 +0100 mentioned the public git URL for cloning [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed Feb 24 15:12:23 2016 +0100 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Wed Feb 24 14:55:19 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Feb 24 14:53:59 2016 +0100 tests: check functions which export session parameters That is gnutls_session_get_random() and gnutls_session_get_master_secret(). Author: Nikos Mavrogiannopoulos Date: Wed Feb 24 14:43:17 2016 +0100 Added gnutls_session_get_master_secret This provides the ability to export all session parameters in various formats. Resolves #64 Author: Nikos Mavrogiannopoulos Date: Mon Feb 22 15:51:11 2016 +0100 tests: gnutls_session_get_flags() is checked for extended master secret Author: Nikos Mavrogiannopoulos Date: Mon Feb 22 15:49:25 2016 +0100 tests: check gnutls_session_get_flags() for EtM Author: Nikos Mavrogiannopoulos Date: Mon Feb 22 15:46:33 2016 +0100 tests: check gnutls_session_get_flags() for safe renegotiation Author: Nikos Mavrogiannopoulos Date: Mon Feb 22 15:26:46 2016 +0100 Added gnutls_session_get_flags() This function would allow to simplify handling of future flags which we may want to indicate, and would not require API additions for new flags. Author: Nikos Mavrogiannopoulos Date: Mon Feb 22 11:57:30 2016 +0100 Revert ".gitlab-ci.yml: disable guile tests" This reverts commit 50ce516eebaf011f041002ecbfdb61b113159282. Author: Ludovic Courtès Date: Sun Feb 21 18:58:35 2016 +0100 guile: Fix out-of-tree builds. This fixes a regression introduced in 3045a96. * guile/Makefile.am (.in.scm): Make the parent directory of $@. Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 17:04:24 2016 +0100 Improved documentation in _gnutls_sort_clist Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 16:43:51 2016 +0100 gnutls_x509_crt_list_import: corrected memory leak This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was specified and a failure occurred. Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 15:59:31 2016 +0100 _gnutls_sort_clist: fixed issues when used with func option This function would incorrectly call func() on elements that were included in the list, and would not call func() if the size of the final chain was one. Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 15:10:54 2016 +0100 tests: added tests for gnutls_pcert_list_import_x509_raw() Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 14:29:20 2016 +0100 ext master secret: ensure we disable ext master secret if requested That is, on rehandshakes, as on the standard handshakes it is disabled by default. Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 14:18:04 2016 +0100 tests: verify that we do not allow rehandshakes without ext master That is, if we have an initial session which uses the extended master secret do not allow subsequent rehandshakes to skip it. Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 11:53:20 2016 +0100 tests: sha3-test: use different dates for generation and validation Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 10:55:32 2016 +0100 certtool: eliminated memory leaks Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 10:28:33 2016 +0100 bumped the version of max algorithm num to account for new signing algorithms Author: Nikos Mavrogiannopoulos Date: Thu Feb 18 09:17:17 2016 +0100 src: added systemkey-args to BUILT_SOURCES Author: Nikos Mavrogiannopoulos Date: Wed Feb 17 15:19:08 2016 +0100 tests: simplified sha3-test Author: Nikos Mavrogiannopoulos Date: Wed Feb 17 05:43:24 2016 +0100 cross.mk: updated for gnutls 3.4.9, nettle 3.2, gmp 6.1.0 and p11-kit 0.23.2 [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Feb 16 16:46:54 2016 +0100 .gitlab-ci.yml: disable guile tests This prevents the test suite from failing. Author: Nikos Mavrogiannopoulos Date: Tue Feb 16 16:40:09 2016 +0100 doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 16:18:00 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 16:13:12 2016 +0100 tests: resume: check whether the server does not resume in ext master secret mismatch Relates #69 Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 16:10:31 2016 +0100 Ensure that session resumption does not occur when ext master secret status changes That is we make sure the server doesn't resume when: 1. Original session had extended master secret but not advertised in resumed 2. Original session did not have extended master secret but is advertised in resumed Relates #69 Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 14:45:40 2016 +0100 tests: resume: simplified structure assignment using C99 syntax Author: Nikos Mavrogiannopoulos Date: Mon Feb 15 10:52:55 2016 +0100 tests: added certification generation tests with SHA-3 tests Author: Nikos Mavrogiannopoulos Date: Mon Feb 15 10:37:57 2016 +0100 Added NIST's OIDs for SHA3 signature algorithms This allows to generate certificates signed with SHA3. Author: Ludovic Courtès Date: Thu Feb 11 23:04:38 2016 +0100 guile: Work around lack of 'eval-when' on 1.8. * guile/modules/gnutls.in (eval-when) [!guile-2]: New macro. Author: Ludovic Courtès Date: Thu Feb 11 23:04:37 2016 +0100 guile: Install modules in versioned directory by default. * configure.ac: Change default 'GUILE_SITE' value to include $guile_effective_version. Author: Ludovic Courtès Date: Thu Feb 11 23:04:36 2016 +0100 guile: build: Make silent rules actually quiet. * guile/Makefile.am (.in.scm): Use $(AM_V_GEN) and $(AM_V_at). * guile/src/Makefile.am (enums.h, enum-map.i.c) (smobs.h, smob-types.i.c, %.x): Likewise. Author: Ludovic Courtès Date: Thu Feb 11 23:04:35 2016 +0100 guile: Build and install .go files on Guile 2.x. * configure.ac: Check for 'guild' and substitute 'GUILD'. Define 'HAVE_GUILD'. Substitute 'guileobjectdir'. Don't output guile/modules/Makefile and guile/tests/Makefile. * guile/modules/Makefile.am, guile/tests/Makefile.am: Remove. Move contents to... * guile/Makefile.am: ... here. (SUBDIRS): Remove 'modules' and 'tests'. Author: Ludovic Courtès Date: Thu Feb 11 23:04:34 2016 +0100 guile: doc: Change prompt in examples. * doc/gnutls-guile.texi (Guile Preparations): Use the prompt found in 2.0. Change "libguile-gnutls-v-0" to "guile-gnutls-v-2". Author: Ludovic Courtès Date: Thu Feb 11 23:04:33 2016 +0100 guile: tests: Add Guile 2.2 compatibility layer. This allows tests to run with Guile 2.1/2.2. * guile/modules/gnutls/build/tests.scm (define-replacement) [guile-2]: New macro. (uniform-vector-read!, uniform-vector-write) [guile-2]: New procedures. * doc/gnutls-guile.texi (Guile Preparations): Mention 2.2. Author: Ludovic Courtès Date: Thu Feb 11 23:04:32 2016 +0100 guile: tests: Make sure no processes are left behind. Before that, child processes would be left behind and become zombies. * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm, guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: Add (waitpid pid) call on the server side. Author: Ludovic Courtès Date: Thu Feb 11 23:04:31 2016 +0100 guile: tests: Add 'with-child-process'. This makes sure that child processes always exit no matter what. * guile/modules/gnutls/build/tests.scm (define-syntax-rule) [!guile-2]: New macro. (call-with-child-process): New procedure. (with-child-process): New macro. * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm, guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: Use it instead of an explicit 'primitive-fork' call. * guile/.dir-locals.el: New file. * guile/Makefile.am (EXTRA_DIST): New variable. Author: Nikos Mavrogiannopoulos Date: Mon Feb 15 09:52:10 2016 +0100 tests: mini-loss-time: ensure client timeouts after the server is This addresses issue with the server detecting the client disconnection prior to its timeout. Reported by Steven Chamberlain, Andreas Metzler. Author: Jaak Ristioja Date: Fri Feb 12 16:59:31 2016 +0200 Removed the invariant htype parameter of _gnutls_recv_int() All uses of _gnutls_recv_int() passed -1 as the htype argument of type gnutls_handshake_description_t, which had been used for SSLv2 client hellos. Introduced in 2001 with dc1122e7b6. Author: Nikos Mavrogiannopoulos Date: Sun Feb 14 18:41:01 2016 +0100 provable RSA key generation: adjust the seed size based on N size Author: Nikos Mavrogiannopoulos Date: Sun Feb 14 18:18:38 2016 +0100 provable RSA key generation: allow non-2048 and non-3072 keys That is enforce the 2048 and 3072-bit limit to FIPS when in FIPS140-2 mode. Author: Nikos Mavrogiannopoulos Date: Sat Feb 13 18:21:08 2016 +0100 DH/DSA: allow the generation of larger than 15360 bit parameters Author: Nikos Mavrogiannopoulos Date: Sat Feb 13 14:50:19 2016 +0100 tests: eliminated mem leak in hash-large Author: Nikos Mavrogiannopoulos Date: Fri Feb 12 15:16:55 2016 +0100 tests: check whether large buffer hashes and MAC work as expected Author: Nikos Mavrogiannopoulos Date: Fri Feb 12 10:48:12 2016 +0100 nettle: use the correct type for hash and MAC functions Author: Nikos Mavrogiannopoulos Date: Sat Feb 6 22:44:37 2016 +0100 provable prime generation: arbitrary seed lengths are accepted in non-FIPS mode Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 12:10:57 2016 +0100 gnutls-cli: improved indentation in benchmark output Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 11:43:27 2016 +0100 certtool: removed unused variable Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 11:00:15 2016 +0100 certtool: the --generate-dh-params option can be combined with --provable This however, will generate provable DSA parameters and import them as DH parameters. Resolves #72 Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 10:42:34 2016 +0100 certtool: the --dh-info option will retrieve DH parameters from DSA keys Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 10:34:52 2016 +0100 tests: added check for gnutls_dh_params_import_dsa Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 10:05:58 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Thu Feb 11 10:05:13 2016 +0100 Added gnutls_dh_params_import_dsa() which allows to import DSA parameters into DH ones This simplifies importing DSA private keys into DH parameters. Author: Nikos Mavrogiannopoulos Date: Wed Feb 10 14:29:47 2016 +0100 tests: set_pkcs12_cred: existing tests are disabled when in FIPS140-2 mode The tests require access to the RC4 cipher which is not available. Author: Attila Molnar Date: Wed Feb 10 10:55:15 2016 +0100 Fix memory leak in gnutls_certificate_set_ocsp_status_request_file() Signed-off-by: Attila Molnar Author: Attila Molnar Date: Sat Feb 6 18:16:59 2016 +0100 doc: Update description of credential alloc/dealloc functions Get rid of "This structure is complex enough to manipulate directly..." text which suggests that these functions are optional, "helper" functions when in fact their usage is required for encapsulation reasons. Author: Nikos Mavrogiannopoulos Date: Wed Feb 10 10:11:00 2016 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Feb 8 11:23:33 2016 +0100 ALPN: added the GNUTLS_ALPN_SERVER_PRECEDENCE flag This allows the server to set precedence on the protocols it supports, rather than following the client's order. Resolves #71 Author: Andreas Metzler Date: Tue Feb 9 13:37:49 2016 +0100 improve doc on special keywords in priority string Special keywords in priority strings like %COMPAT may not be prefixed with +, - or !, "NORMAL:+%COMPAT is invalid. Author: Attila Molnar Date: Sat Feb 6 18:01:33 2016 +0100 doc: Fix some typos Author: Attila Molnar Date: Sat Feb 6 17:50:05 2016 +0100 Remove remaining RSA-EXPORT support leftovers from doc and messages Author: Nikos Mavrogiannopoulos Date: Wed Feb 3 09:20:05 2016 +0100 tests: pkcs11-pubkey-import-ecdsa will only work under softhsmv2 Author: Andreas Metzler Date: Sun Jan 31 17:59:37 2016 +0100 Fix some more typos. certifcate, funtion, withing, missmatch Author: Nikos Mavrogiannopoulos Date: Sat Jan 30 12:18:55 2016 +0100 tests: updated check to account for revert in 7d3caedb8df9d04eee9513cb5b3b417ae29927f5 Author: Nikos Mavrogiannopoulos Date: Sat Jan 30 12:15:07 2016 +0100 Revert "tests: updated to account for cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix" This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b. Author: Nikos Mavrogiannopoulos Date: Sat Jan 30 11:15:13 2016 +0100 Revert "Fix out-of-bounds read in gnutls_x509_ext_export_key_usage" This was not really an out-of-bounds check. Added documentation to make that clear. This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d. Author: Nikos Mavrogiannopoulos Date: Thu Jan 28 13:14:14 2016 +0100 certtool: corrected email escaping in texinfo Author: Nikos Mavrogiannopoulos Date: Thu Jan 28 10:45:17 2016 +0100 Replaced select() system call with poll() on POSIX systems This allows to use the default gnutls functions with file descriptors over the maximum supported by select. Author: Nikos Mavrogiannopoulos Date: Mon Jan 25 11:08:21 2016 +0100 tests: windows: fixed check-output call Author: Nikos Mavrogiannopoulos Date: Fri Jan 22 16:34:29 2016 +0100 tests: added dummy functions used by CAPI32 implementation Author: Nikos Mavrogiannopoulos Date: Fri Jan 22 16:33:48 2016 +0100 tests: better checking for failure in windows cng check Author: Nikos Mavrogiannopoulos Date: Fri Jan 22 12:59:47 2016 +0100 system-key-win: call CertFreeCertificateContext() Author: Bjørn Christensen Date: Fri Jan 22 11:52:21 2016 +0100 system-key-win: added interface to CAPI, old style crypto api on windows Author: Nikos Mavrogiannopoulos Date: Thu Jan 21 14:45:56 2016 +0100 certtool: corrected texinfo output for krb5_principal Author: Nikos Mavrogiannopoulos Date: Thu Jan 21 12:58:56 2016 +0100 tests: priorities: account for the addition of CHACHA20-POLY1305 Author: Nikos Mavrogiannopoulos Date: Thu Jan 21 12:00:33 2016 +0100 CHACHA20_POLY1305 was added to the default priority strings That is the NORMAL and PERFORMANCE priority strings now will enable CHACHA20-POLY1305 by default. Author: Nikos Mavrogiannopoulos Date: Mon Jan 18 18:38:36 2016 +0100 gnutls_global_init: log gnutls' version on initialization Author: Nikos Mavrogiannopoulos Date: Mon Jan 18 15:56:02 2016 +0100 doc: corrected typo [ci skip] Author: Nikos Mavrogiannopoulos Date: Sat Jan 16 20:54:20 2016 +0100 README: added trousers to list of dependencies [ci skip] Author: Nikos Mavrogiannopoulos Date: Sat Jan 16 20:43:42 2016 +0100 tests: added check for KRB5Principal output Resolves #67 Author: Nikos Mavrogiannopoulos Date: Thu Jan 14 17:16:00 2016 +0100 README.md -> README-alpha.md Author: Nikos Mavrogiannopoulos Date: Thu Jan 14 17:09:23 2016 +0100 updated copyright info Author: Nikos Mavrogiannopoulos Date: Thu Jan 14 17:04:54 2016 +0100 README: auto-generated from README-install.md Author: Nikos Mavrogiannopoulos Date: Thu Jan 14 14:50:34 2016 +0100 gnutls_int.h: increased MAX_SERVER_NAME_SIZE to 256 bytes Author: Nikos Mavrogiannopoulos Date: Wed Jan 13 13:14:55 2016 +0100 gnutls_pubkey_import_x509_raw: fixed memory leak Author: Nikos Mavrogiannopoulos Date: Fri Jan 8 16:26:21 2016 +0100 tests: added check for the krb5_principal template option Author: Nikos Mavrogiannopoulos Date: Mon Jan 11 15:11:41 2016 +0100 certtool: introduced the krb5_principal template option Author: Nikos Mavrogiannopoulos Date: Mon Jan 11 15:09:23 2016 +0100 x509: introduced GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL That allows to print and write KRB5PrincipalName othernames in subject alternative name. Author: Nikos Mavrogiannopoulos Date: Mon Jan 11 15:19:24 2016 +0100 x509: place newline when printing unsupported othernames Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 16:05:41 2016 +0100 x509: moved virtual subject alternative name othername support to virt-san.c Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 14:46:16 2016 +0100 gnutls_x509_crt_set_subject_alt_name: documented the version after which GNUTLS_SAN_OTHERNAME_XMPP is available Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 14:45:03 2016 +0100 tests: added check for XMPP othername generation Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 14:39:14 2016 +0100 certtool: allow writing xmpp_name Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 14:30:56 2016 +0100 Allow assigning 'virtual' SAN types via *_set_subject_alt_name() Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 13:47:38 2016 +0100 NEWS: document newly added functions Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 08:17:51 2016 +0100 alpn: when parsing the list of protocols return at the first mutually common That resolves an issue where the server wouldn't select the first mutually supported. Resolves #63 Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 08:17:07 2016 +0100 tests: mini-alpn: corrected protocol selection order Author: Nikos Mavrogiannopoulos Date: Sun Jan 10 08:04:29 2016 +0100 tests: alpn: enhance the testing of ALPN negotiation Author: Nikos Mavrogiannopoulos Date: Sat Jan 9 21:42:11 2016 +0100 alpn: document how the selected protocol is selected [ci skip] Author: Nikos Mavrogiannopoulos Date: Sat Jan 9 21:20:00 2016 +0100 tests: verify that the selected ALPN protocol is the first advertised Author: Nikos Mavrogiannopoulos Date: Fri Jan 8 16:52:44 2016 +0100 gnutls_aead_cipher_decrypt: removed misleading text Reported by Fridolin Pokorny. Author: Nikos Mavrogiannopoulos Date: Fri Jan 8 12:16:29 2016 +0100 tests: added check for certtool's othername writing functionality Author: Nikos Mavrogiannopoulos Date: Fri Jan 8 11:16:58 2016 +0100 certtool: added ability to generate othernames via template files Relates #62 Author: Nikos Mavrogiannopoulos Date: Fri Jan 8 12:05:18 2016 +0100 x509: added flags to enable the encoding of othername data Author: Nikos Mavrogiannopoulos Date: Fri Jan 8 11:05:36 2016 +0100 x509: introduced functions to set an othername alternative name That is, added, gnutls_x509_crt_set_subject_alt_othername, gnutls_x509_crt_set_issuer_alt_othername, gnutls_x509_crq_set_subject_alt_othername Relates #62 Author: Nikos Mavrogiannopoulos Date: Thu Jan 7 14:35:59 2016 +0100 trust_list_get_issuer_by_dn: fixed check for DN or SPKI Author: Nikos Mavrogiannopoulos Date: Thu Jan 7 14:02:24 2016 +0100 configure: no longer distribute lzip tarballs Author: Nikos Mavrogiannopoulos Date: Thu Jan 7 14:14:21 2016 +0100 symbols.last: don't include internal symbols into exported list Author: Nikos Mavrogiannopoulos Date: Tue Jan 5 11:21:43 2016 +0100 tests: updated to account for cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix Author: Tim Kosse Date: Mon Jan 4 16:40:26 2016 +0100 Fix out-of-bounds read in gnutls_x509_ext_export_key_usage Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 20:16:37 2015 +0200 .gitlab-ci.yml: optimized build process That is, in slow asan and valgrind builds don't check the full test suite. Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 14:35:45 2015 +0200 gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private key Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 13:38:34 2015 +0200 tests: pkcs11-pubkey-import will check both RSA and ECDSA keys Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 13:35:30 2015 +0200 gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written object Previously only RSA objects were correctly written. Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 13:10:37 2015 +0200 tests: added ECDSA key in cert-common.h Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 12:20:41 2015 +0200 pkcs11: moved default RSA public exponent out of stack Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 12:17:21 2015 +0200 pkcs11: import public keys from any available object That is, load public keys from the public key object, or the certificate object if they are present. That affects non-RSA public keys which do not contain all required fields on the private key object. Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 01:02:30 2015 +0200 session DB: made the magic number depending on gnutls' version That will make sure that sessions not stored by this version of gnutls will not be resumed by another (which may be incompatible). Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 00:46:12 2015 +0200 ui.c -> fingerprint.c Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 00:45:43 2015 +0200 split OCSP functionality from ui.c Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 00:39:19 2015 +0200 split anon credentials functionality from ui.c Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 00:38:31 2015 +0200 split psk functionality from ui.c Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 00:37:22 2015 +0200 split session info functions from ui.c Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 00:34:25 2015 +0200 split certificate credentials functions from ui.c Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 00:32:20 2015 +0200 split dh API functions from ui.c Author: Nikos Mavrogiannopoulos Date: Thu Dec 31 00:28:46 2015 +0200 split randomart functionality from ui.c Author: Nikos Mavrogiannopoulos Date: Wed Dec 30 23:18:32 2015 +0200 helper.c -> file.c Author: Nikos Mavrogiannopoulos Date: Wed Dec 30 11:26:30 2015 +0200 certtool: doc update [skip ci] Author: Andreas Metzler Date: Sat Dec 26 18:24:56 2015 +0100 Fix some typos [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Dec 24 11:54:21 2015 +0200 NEWS: doc update [ci skip] Author: Nikos Mavrogiannopoulos Date: Thu Dec 24 11:44:00 2015 +0200 respect the max-record extension under DTLS This resolves issue with max-record being negotiated but ignored. Resolves #61 Author: Nikos Mavrogiannopoulos Date: Thu Dec 24 11:42:58 2015 +0200 tests: added check for max-record extension in TLS Author: Nikos Mavrogiannopoulos Date: Thu Dec 24 11:18:57 2015 +0200 tests: check whether the max-record extension is usable with DTLS Author: Nikos Mavrogiannopoulos Date: Thu Dec 24 11:13:28 2015 +0200 dtls: print the MTU in debugging messages Author: Nikos Mavrogiannopoulos Date: Tue Dec 22 17:14:02 2015 +0200 updated documentation on supported algorithms [ci skip] Author: Nikos Mavrogiannopoulos Date: Tue Dec 22 11:30:52 2015 +0200 Added SHA384 to the list of TLS support MAC algorithms Author: Nikos Mavrogiannopoulos Date: Mon Dec 21 12:46:09 2015 +0200 documented the gitlab ci runner tags Author: Nikos Mavrogiannopoulos Date: Sun Dec 20 11:11:38 2015 +0200 tests: added timeout in long-running checks Author: Nikos Mavrogiannopoulos Date: Sun Dec 20 11:01:48 2015 +0200 certtool: eliminated various memory leaks Author: Nikos Mavrogiannopoulos Date: Sun Dec 20 10:48:27 2015 +0200 certtool: prevented memory leak in pkcs8-info cmd Author: Nikos Mavrogiannopoulos Date: Sat Dec 19 16:58:03 2015 +0200 certtool: do not use signal() under win32 Author: Alon Bar-Lev Date: Fri Dec 18 17:34:01 2015 +0200 build: configure.ac: manpages cleanups Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Fri Dec 18 12:14:08 2015 +0200 build: allow installing man(1) even with --disable-doc Currently these man pages are installed only if --enable-doc is provided, while these are not actually docs, do not require any special dependency, nor consume large space. This adds --enable-manpages to enable/disable manpages installation, and install the man(1) regardless of --disable-doc. Signed-off-by: Alon Bar-Lev Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Dec 18 14:32:25 2015 +0100 certtool: ignore sigpipe This signal was observed under certain cirquimstances Author: Nikos Mavrogiannopoulos Date: Fri Dec 18 14:29:05 2015 +0100 certtool: don't close stdout on exit Author: Nikos Mavrogiannopoulos Date: Fri Dec 18 14:24:23 2015 +0100 pkcs7: eliminated leak in gnutls_pkcs7_print Author: Nikos Mavrogiannopoulos Date: Fri Dec 18 13:56:31 2015 +0100 gnutls_pubkey_import_privkey: document that this operation is not possible in certain keys Author: Nikos Mavrogiannopoulos Date: Fri Dec 18 11:40:59 2015 +0100 doc: replace writev with sendmsg in the list of system calls Author: Nikos Mavrogiannopoulos Date: Fri Dec 18 10:23:22 2015 +0100 tests: don't run the no-signal test in systems which MSG_NOSIGNAL is not available Author: Nikos Mavrogiannopoulos Date: Fri Dec 18 10:15:10 2015 +0100 Reduce the number of used syscalls by using sendmsg() instead of writev() We relied on sendmsg() anyway for the MSG_NO_SIGNAL version of the calls, thus it is a good idea to avoid calling writev() and use sendmsg(). That way we reduce the number of calls required for seccomp. Author: Alon Bar-Lev Date: Thu Dec 17 19:57:53 2015 +0200 doc: manpages: remove generated tpmtool.1 page Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Thu Dec 17 19:57:52 2015 +0200 .gitignore: add m4/extern-inline.m4 Author: Nikos Mavrogiannopoulos Date: Thu Dec 17 14:19:04 2015 +0100 tests: added check to verify that the PKCS#7 embedded data are recovered as expected Author: Nikos Mavrogiannopoulos Date: Thu Dec 17 14:18:17 2015 +0100 certtool: introduced the --p7-show-data option This option allows printing the embedded data in a PKCS#7 signed structure. Author: Nikos Mavrogiannopoulos Date: Thu Dec 17 14:17:23 2015 +0100 gnutls_pkcs7_get_embedded_data: added function This function allows extracting the embedded data from a PKCS#7 signed structure. Author: Nikos Mavrogiannopoulos Date: Wed Dec 16 16:13:41 2015 +0100 tests: updated pkcs7-gen to account for content-type attribute Author: Nikos Mavrogiannopoulos Date: Wed Dec 16 14:52:39 2015 +0100 tests: check whether the content-type attribute is set if we sign using time Author: Nikos Mavrogiannopoulos Date: Wed Dec 16 14:28:23 2015 +0100 pkcs7: set by default the content type attribute That is a requirement of rfc5652. Relates #59 Author: Nikos Mavrogiannopoulos Date: Wed Dec 16 14:02:56 2015 +0100 pkcs7: use the PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7 structures That is because there are implementations which cannot cope with the normal RSA signature OIDs. Relates #59 Author: Nikos Mavrogiannopoulos Date: Wed Dec 16 10:10:20 2015 +0100 pkcs7: Disable the optional fields prior to generating the PKCS#7 structure This resolves issue with our PKCS#7 structures not being parsed by MacOSX' tools. Relates #59 Author: Nikos Mavrogiannopoulos Date: Tue Dec 15 22:28:55 2015 +0100 certtool: corrected invalid free Author: Nikos Mavrogiannopoulos Date: Tue Dec 15 22:27:50 2015 +0100 certtool: warn if an ECDSA key is marked for encryption Author: Nikos Mavrogiannopoulos Date: Tue Dec 15 20:36:29 2015 +0100 build: fix make distclean by including src/gl only once Author: Nikos Mavrogiannopoulos Date: Tue Dec 15 13:52:20 2015 +0100 make sure gnutls_assert is present at the cases where GNUTLS_E_INTERNAL_ERROR is returned Author: Gustavo Zacarias Date: Mon Dec 14 15:20:25 2015 -0300 configure: really make --disable-crywrap work The crywrap variable is set regardless of the state of enable_crywrap, hence --disable-crywrap never works. Just put the tests for crywrap deps inside the enable_crywrap conditional. Signed-off-by: Gustavo Zacarias Author: Nikos Mavrogiannopoulos Date: Tue Dec 15 11:29:09 2015 +0100 certtool: the --p7-time option was made an enable/disable option It remains disabled by default. Author: Nikos Mavrogiannopoulos Date: Mon Dec 14 15:19:59 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Dec 14 15:03:23 2015 +0100 tests: check whether server returns the correct error code if presented with invalid versions That is gnutls_handshake() will return GNUTLS_E_UNSUPPORTED_VERSION_PACKET in server side, if the client presents a very old TLS version which is not supported. Relates #42 Author: Nikos Mavrogiannopoulos Date: Mon Dec 14 14:34:04 2015 +0100 handshake: when receiving a TLS version which is too low fail That is, don't treat all unsupported version as being to high. Treat versions which are not known and lower than the highest as a protocol error. Resolves #42 Author: Nikos Mavrogiannopoulos Date: Sun Dec 13 12:34:47 2015 +0100 .gitlab-ci.yml: valgrind build was moved at the end as it is the slowest build Author: Nikos Mavrogiannopoulos Date: Sun Dec 13 12:24:44 2015 +0100 certtool: the --p7-include-cert option is enabled by default This allows to generate PKCS#7 structures by default that can be read by iOS. Author: sskaje Date: Sun Dec 13 16:31:19 2015 +0800 #56 Feature: certtool --p7-sign support GNUTLS_PKCS7_INCLUDE_CERT Author: Nikos Mavrogiannopoulos Date: Thu Dec 10 09:35:59 2015 +0100 gnutls-cli-debug: rephrased inappropriate fallback test description to match the rest Author: Nikos Mavrogiannopoulos Date: Tue Dec 8 10:59:02 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Dec 8 10:52:43 2015 +0100 Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA This prevents the reading of the public key when non-RSA keys are available. This is a much cleaner approach than 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0. Author: Nikos Mavrogiannopoulos Date: Tue Dec 8 10:48:13 2015 +0100 Revert "Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA" This reverts commit 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0. Author: Nikos Mavrogiannopoulos Date: Tue Dec 8 10:44:30 2015 +0100 tests: check whether a peer changing certificate is detected Author: Nikos Mavrogiannopoulos Date: Tue Dec 8 10:20:34 2015 +0100 tests: doc update Author: Nikos Mavrogiannopoulos Date: Tue Dec 8 10:17:49 2015 +0100 Do not allow certificate change during a rehandshake That is require that the certificate of the peer remains the same and return GNUTLS_E_SESSION_CERTIFICATE_CHANGED otherwise. To revert to the previous behavior the GNUTLS_ALLOW_CERT_CHANGE flag was introduced. Author: Nikos Mavrogiannopoulos Date: Sun Dec 6 12:00:46 2015 +0100 tests: check whether gnutls_pubkey_import_privkey() operates well for PKCS#11 RSA keys Author: Nikos Mavrogiannopoulos Date: Sun Dec 6 11:35:57 2015 +0100 Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA That is, because they do not contain all the required parameters for a direct import. Reported by Jan Vcelak. Author: Nikos Mavrogiannopoulos Date: Sun Dec 6 10:58:45 2015 +0100 pkcs11: avoid setting a variable which isn't used Author: Nikos Mavrogiannopoulos Date: Sun Dec 6 10:57:48 2015 +0100 MAX_PK_PARAM_SIZE was moved to gnutls_int.h Author: Nikos Mavrogiannopoulos Date: Sun Dec 6 10:54:37 2015 +0100 pkcs11: deinitialize gnutls_pkcs11_obj_t's pubkey on deinit Author: Jan Vcelak Date: Sun Dec 6 00:46:39 2015 +0100 pkcs11: fix passing of incorrect variable in privkey_get_pubkey The code worked for RSA because the content of the variables matched. But it doesn't match for ECC. CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0) CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) Signed-off-by: Jan Vcelak Author: Nikos Mavrogiannopoulos Date: Wed Dec 2 18:40:28 2015 +0100 gnutls-cli: don't use RSA ciphersuites to test chacha20 as they are not defined Author: Nikos Mavrogiannopoulos Date: Wed Dec 2 16:15:03 2015 +0100 documented bug in gnutls_x509_crt_get_*_unique_id() Author: Nikos Mavrogiannopoulos Date: Tue Dec 1 10:40:23 2015 +0100 tools: don't compile tpmtool if PKCS11 is disabled That is because GnuTLS' TPM code makes use of the PKCS11 PIN callbacks. Author: Nikos Mavrogiannopoulos Date: Mon Nov 30 10:34:03 2015 +0100 Amend "When decoding extensions do not ignore decoding errors" Do not treat an error the fact that no extensions field is present. Author: Nikos Mavrogiannopoulos Date: Mon Nov 30 09:49:08 2015 +0100 allow specifying NULL buffer in gnutls_x509_crt_get_*_unique_id() Author: Nikos Mavrogiannopoulos Date: Thu Nov 26 12:46:02 2015 +0100 NEWS: removed functions that were part of 3.4.x releases Author: Nikos Mavrogiannopoulos Date: Sun Nov 29 10:37:53 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sun Nov 29 10:30:01 2015 +0100 tests: added check for TLS extension decoding error propagation Relates #40 Author: Nikos Mavrogiannopoulos Date: Sun Nov 29 09:24:12 2015 +0100 When decoding extensions do not ignore decoding errors That is, move from a parsing error tolerance to a more strict decoding approach. Relates #40 Author: Nikos Mavrogiannopoulos Date: Sat Nov 28 10:43:31 2015 +0100 .gitignore: more files to ignore Author: Nikos Mavrogiannopoulos Date: Sat Nov 28 10:11:52 2015 +0100 ocsp_output: when next update is not present don't print error message That is because this field is optional. Resolves #53 Author: Nikos Mavrogiannopoulos Date: Thu Nov 26 11:23:15 2015 +0100 tests: override-ciphers will not run mac tests on windows There is some issue with symbols for self tests not being exported. Author: Nikos Mavrogiannopoulos Date: Thu Nov 26 09:37:02 2015 +0100 .gitlab-ci.yml: removed separate builddir build from x86-64 targets to reduce builds Author: Nikos Mavrogiannopoulos Date: Thu Nov 26 09:32:25 2015 +0100 tests: updates for certtool test to run under windows Author: Nikos Mavrogiannopoulos Date: Thu Nov 26 09:25:48 2015 +0100 .gitlab-ci.yml: minimal library no longer requires x86-64 for compilation Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 19:24:15 2015 +0100 .gitlab-ci.yml: in windows build skip the gnulib tests Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 11:57:31 2015 +0100 .gitlab-ci.yml: added windows build Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 11:56:49 2015 +0100 tests: changes for running tests under windows Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 11:56:06 2015 +0100 tests: cipher-test will forward the prog exit code as the script exit code Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 11:25:07 2015 +0100 README: added information for windows build Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 10:53:51 2015 +0100 libopts: use the O_BINARY flag in windows for files Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 10:49:30 2015 +0100 libopts: updated to 5.18.6 Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 10:25:08 2015 +0100 use consistent terms in system.c and system-keys-win.c Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 10:21:46 2015 +0100 tests: added basic functionality testing for system-keys in windows Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 09:49:03 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Nov 25 09:46:26 2015 +0100 Added gnutls_encode_ber_digest_info and gnutls_decode_ber_digest_info Author: Nikos Mavrogiannopoulos Date: Tue Nov 24 13:27:13 2015 +0100 cross.mk: allow building with mingw64 Author: Nikos Mavrogiannopoulos Date: Tue Nov 24 13:09:40 2015 +0100 tests: use gnulib where needed Author: Nikos Mavrogiannopoulos Date: Tue Nov 24 13:04:28 2015 +0100 cross.mk: updated windows cross compile makefile Author: Nikos Mavrogiannopoulos Date: Tue Nov 24 13:03:15 2015 +0100 tests: disable global-init-override test in windows Gcc does not support weak symbols on this platform. Author: Nikos Mavrogiannopoulos Date: Tue Nov 24 12:54:32 2015 +0100 tools: don't call endservent in windows Author: Nikos Mavrogiannopoulos Date: Sun Nov 22 13:27:14 2015 +0100 added cast to silence gcc warning Author: Nikos Mavrogiannopoulos Date: Sat Nov 21 13:33:42 2015 +0100 tests: added check for multiple extension registering Author: Nikos Mavrogiannopoulos Date: Sat Nov 21 13:25:20 2015 +0100 statically initialize extensions instead of using the lib constructor Author: Nikos Mavrogiannopoulos Date: Sat Nov 21 13:09:19 2015 +0100 marked all extensions structures as constant Author: Nikos Mavrogiannopoulos Date: Sat Nov 21 11:33:45 2015 +0100 system-keys-win: allow reinitialization of the library after a deinitialization Author: Nikos Mavrogiannopoulos Date: Sat Nov 21 01:05:37 2015 +0100 getfuncs.pl: don't consider functions with _gnutls prefix Author: Nikos Mavrogiannopoulos Date: Sat Nov 21 00:52:51 2015 +0100 gnutls_global_init_skip: prefixed with an underscore Author: Nikos Mavrogiannopoulos Date: Fri Nov 20 13:57:09 2015 +0100 .gitlab-ci.yml: added clang compilation target Author: Nikos Mavrogiannopoulos Date: Fri Nov 20 10:11:29 2015 +0100 certtool: check fread_file() for errors in all situations This caused certtool to crash on invalid input on stdin. Reported by Christoph Biedl. Author: Nikos Mavrogiannopoulos Date: Thu Nov 19 11:46:39 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Nov 18 21:44:54 2015 +0100 gnutls_certificate_set_flags: Added since Author: Nikos Mavrogiannopoulos Date: Wed Nov 18 20:16:38 2015 +0100 tests: check gnutls_certificate_flags Author: Nikos Mavrogiannopoulos Date: Wed Nov 18 20:13:07 2015 +0100 Added gnutls_certificate_flags() and GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH That allows a user of the credentials to disable the certificate matching action. That is, to disable the calls to sign and verify on initialization. Author: Nikos Mavrogiannopoulos Date: Wed Nov 18 16:39:36 2015 +0100 link with libdl when trousers is enabled; reported by Andreas Schneider Author: Nikos Mavrogiannopoulos Date: Wed Nov 18 16:30:24 2015 +0100 enhanced cipher selftests with variable key sizes on arcfour Author: Nikos Mavrogiannopoulos Date: Wed Nov 18 15:55:19 2015 +0100 Do not enforce a maximum key size on ARCFOUR That makes the library consistent with the behavior of previous versions (3.3.x) Author: Nikos Mavrogiannopoulos Date: Wed Nov 18 10:22:31 2015 +0100 gnutls-cli-debug: make TLS 1.6 fallback check more reliable Author: Nikos Mavrogiannopoulos Date: Wed Nov 18 09:24:18 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Nov 17 07:09:05 2015 +0100 README: added non-interactive versions of commands Author: Nikos Mavrogiannopoulos Date: Mon Nov 16 18:52:48 2015 +0100 .gitlab-ci.yml: disable non-suiteb curves in all systems as we have multiple which are fedoras Author: Nikos Mavrogiannopoulos Date: Mon Nov 16 17:28:49 2015 +0100 tests: corrected copyright info Author: Nikos Mavrogiannopoulos Date: Mon Nov 16 16:32:04 2015 +0100 documented GNUTLS_SKIP_GLOBAL_INIT macro Author: Nikos Mavrogiannopoulos Date: Mon Nov 16 16:30:37 2015 +0100 tests: added check for overriding global initialization Author: Nikos Mavrogiannopoulos Date: Mon Nov 16 16:25:31 2015 +0100 Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skip implicit global initialization Author: Nikos Mavrogiannopoulos Date: Mon Nov 16 15:02:48 2015 +0100 tests: utils.c: simplify windows check Author: Nikos Mavrogiannopoulos Date: Mon Nov 16 12:40:14 2015 +0100 .gitlab-ci.yml: added build and check in FIPS140-2 mode Author: Nikos Mavrogiannopoulos Date: Sun Nov 15 20:35:18 2015 +0100 tests: made seccomp tests more reliable by waiting for each side to terminate Author: Nikos Mavrogiannopoulos Date: Sun Nov 15 17:06:18 2015 +0100 doc: document how to use gnutls with seccomp Author: Nikos Mavrogiannopoulos Date: Sun Nov 15 16:32:47 2015 +0100 .gitlab-ci.yml: reorganized and added a simple build and check on x86-64 rule The latter also enables the seccomp checks. Author: Nikos Mavrogiannopoulos Date: Sun Nov 15 15:51:14 2015 +0100 tests: check operation of TLS and DTLS under seccomp when configured with --enable-seccomp-tests Author: Nikos Mavrogiannopoulos Date: Fri Nov 13 16:39:24 2015 +0100 gnutls_x509_crt_set_subject/issuer_unique_id: added Since in doc Author: Nikos Mavrogiannopoulos Date: Fri Nov 13 14:40:20 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 13 11:00:10 2015 +0100 Added documentation on PKCS #7 signing Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 16:38:02 2015 +0100 updated chacha20 ciphers to conform to latest draft Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 15:03:10 2015 +0100 tests: suite: more shell scripts were given the .sh suffix and simplified makefile Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 12:04:04 2015 +0100 tests: verify that unique IDs are generated as expected Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 12:03:14 2015 +0100 certtool: Allow writing unique IDs in generated certificates Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 11:43:52 2015 +0100 Added gnutls_x509_crt_set_issuer_unique_id() and gnutls_x509_crt_set_subject_unique_id() Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 11:10:08 2015 +0100 properly indent unique IDs Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 09:48:27 2015 +0100 tests: added check with the various X.509 key exchanges Author: Nikos Mavrogiannopoulos Date: Thu Nov 12 09:29:43 2015 +0100 tests: check rehandshake from anon to DHE Author: Nikos Mavrogiannopoulos Date: Wed Nov 11 11:37:30 2015 +0100 documented the GNUTLS_NO_EXPLICIT_INIT environment variable Author: Nikos Mavrogiannopoulos Date: Wed Nov 11 11:29:21 2015 +0100 crypto-api: doc update Author: Nikos Mavrogiannopoulos Date: Wed Nov 11 11:15:51 2015 +0100 Allow switching a ciphersuite to DHE and ECDHE on a rehandshake Author: Nikos Mavrogiannopoulos Date: Wed Nov 11 10:49:31 2015 +0100 tests: added check for ciphersuite switch from anonymous to certificate Author: Nikos Mavrogiannopoulos Date: Tue Nov 10 13:31:16 2015 +0100 .gitlab-ci.yml: disable guile in asan builds Author: Nikos Mavrogiannopoulos Date: Tue Nov 10 10:34:56 2015 +0100 tests: suite: don't run shell scripts with valgrind Author: Nikos Mavrogiannopoulos Date: Tue Nov 10 10:24:44 2015 +0100 tests: testsrn: output errors on stderr Author: Nikos Mavrogiannopoulos Date: Tue Nov 10 10:13:35 2015 +0100 deinitialize all handshake keys when handshake is over Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 23:53:25 2015 +0100 testdane: improved error detection in sites Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 23:34:03 2015 +0100 tests: suite: eliminate many leaks in the tests and run them under valgrind Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 23:27:47 2015 +0100 certtool: eliminate leaks in _verify_x509_mem() Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 23:04:48 2015 +0100 tests: openpgp-certs: use valgrind Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 23:04:03 2015 +0100 openpgp: eliminate leaks in gnutls_openpgp_keyring_import() Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 22:48:47 2015 +0100 tests: eliminate leaks in mini-eagain2.c Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 22:48:25 2015 +0100 certtool: eliminate memory leaks in certificate generation Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 22:45:44 2015 +0100 tests: key-tests: use valgrind Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 22:45:13 2015 +0100 gnutls_x509_crt_set_pubkey: clarify usage Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 21:54:54 2015 +0100 pkcs12: correctly set salt size in gnutls_pkcs12_mac_info Also eliminate leaks in PKCS #12 parsing. Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 21:54:09 2015 +0100 tests: run the PKCS #12 tests under valgrind Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 18:43:03 2015 +0100 certtool: make sure that pkcs12 structures are deinitialized Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 16:01:55 2015 +0100 tests: provable-privkey: fixed DSA test on FIPS140 enabled systems Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 15:51:17 2015 +0100 nettle: be more specific in seed size mismatches Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 15:43:20 2015 +0100 crypto-backend: ensure there are no leaks on deinitialization Author: Nikos Mavrogiannopoulos Date: Mon Nov 9 14:29:48 2015 +0100 Require TLS 1.2 for all the ciphersuites which are defined for it only This solves an interoperability issue with openssl. Reported by Viktor Dukhovni. Author: Nikos Mavrogiannopoulos Date: Sun Nov 8 09:30:39 2015 +0100 p11tool: introduced --only-urls option This option allows printing a compact listing containing only of URLs. Author: Nikos Mavrogiannopoulos Date: Sat Nov 7 21:51:56 2015 +0100 Modified the CHACHA20 cipher to conform to draft-ietf-tls-chacha20-poly1305-02 Author: Nikos Mavrogiannopoulos Date: Fri Nov 6 15:02:51 2015 +0100 .gitlab-ci.yml: use static libasan This prevents issues with tests which use LD_PRELOAD. Author: Nikos Mavrogiannopoulos Date: Fri Nov 6 10:40:39 2015 +0100 .gitlab-ci.yml: disable non-suiteb curves on build on Fedora system Author: Nikos Mavrogiannopoulos Date: Thu Nov 5 11:11:29 2015 +0100 tools: better ftp auth tls negotiation Author: Nikos Mavrogiannopoulos Date: Wed Nov 4 09:49:47 2015 +0100 tests: added check for gnutls_priority_set_default Author: Nikos Mavrogiannopoulos Date: Tue Nov 3 10:46:17 2015 +0100 tools: only check for status code in FTP starttls negotiation Author: Nikos Mavrogiannopoulos Date: Tue Nov 3 10:45:44 2015 +0100 tools: print more info in starttls negotiation when --verbose is given Author: Nikos Mavrogiannopoulos Date: Tue Nov 3 09:40:39 2015 +0100 gnutls.pc: don't use the libtool version of the link options Reported by Dan Kegel. Resolves #49 Author: Nikos Mavrogiannopoulos Date: Sun Nov 1 01:53:43 2015 +0100 tests: simplified mini-dtls-hello-verify-48 Author: Nikos Mavrogiannopoulos Date: Fri Oct 30 13:38:36 2015 +0100 tests: added check for blocking on invalid DTLS cookie Relates to #48 Author: Nikos Mavrogiannopoulos Date: Thu Oct 29 09:28:59 2015 +0100 removed inacurate text Author: Nikos Mavrogiannopoulos Date: Fri Oct 23 15:46:33 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Oct 23 15:44:27 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Oct 23 14:17:23 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Oct 22 13:04:32 2015 +0200 doc: document the sign function requirements in gnutls_privkey_import_ext Author: Nikos Mavrogiannopoulos Date: Wed Oct 21 19:57:39 2015 +0200 Mention key protection through isolation in crypto backend section Author: Nikos Mavrogiannopoulos Date: Wed Oct 21 19:48:22 2015 +0200 doc: updated supplemental data documentation Author: Nikos Mavrogiannopoulos Date: Wed Oct 21 09:13:56 2015 +0200 tests: testdane will not check hosts which are unreachable Author: Andreas Metzler Date: Tue Oct 20 19:02:25 2015 +0200 Documentation update The new simple verification functions were backported to 3.4.6, correct "Since:" to reflect this. Author: Nikos Mavrogiannopoulos Date: Tue Oct 20 09:40:56 2015 +0200 doc: documented future level Author: Nikos Mavrogiannopoulos Date: Tue Oct 20 09:24:36 2015 +0200 pkcs11.h: relocated gnutls_pkcs11_copy_pubkey to allow discovery by buggy doc scripts Author: Nikos Mavrogiannopoulos Date: Tue Oct 20 09:16:20 2015 +0200 bumped version to distinguish from 3.4 branch Author: Nikos Mavrogiannopoulos Date: Tue Oct 20 09:03:25 2015 +0200 ext master secret: extension is marked as mandatory This forces the extension to be sent even where resuming sessions. Resolves #45 Author: Nikos Mavrogiannopoulos Date: Tue Oct 20 08:44:04 2015 +0200 tests: Check whether a resumed session contains the ext master secret extension Relates #45 Author: Nikos Mavrogiannopoulos Date: Sat Oct 17 09:22:28 2015 +0200 alpn: avoid warning on signed/unsigned Author: Nikos Mavrogiannopoulos Date: Sat Oct 17 09:20:52 2015 +0200 README: updated CI link Author: Nikos Mavrogiannopoulos Date: Sat Oct 17 09:12:09 2015 +0200 doc: set a path which includes new binaries when running autogen That makes sure that autogen will discover the binaries to obtain the --help output. Author: Nikos Mavrogiannopoulos Date: Sat Oct 17 08:57:02 2015 +0200 gnutls-cli-debug: updated doc Author: Nikos Mavrogiannopoulos Date: Fri Oct 16 22:58:54 2015 +0200 tools: when the starttls-proto is specified automatically detect the port if not given Author: Nikos Mavrogiannopoulos Date: Fri Oct 16 15:05:09 2015 +0200 tests: verify that public keys are properly written Also disable parts of the suite that softhsm2 cannot properly work with, to allow running parts of the suite even with broken softhsm. Author: Nikos Mavrogiannopoulos Date: Fri Oct 16 15:39:05 2015 +0200 cleanup in gnutls_pubkey_import_rsa_raw Author: Nikos Mavrogiannopoulos Date: Fri Oct 16 15:33:21 2015 +0200 pkcs11_read_pubkey: make input type more clear Author: Nikos Mavrogiannopoulos Date: Fri Oct 16 14:13:47 2015 +0200 p11tool: Allow writing a PKCS #11 pubkey object Author: Nikos Mavrogiannopoulos Date: Fri Oct 16 13:16:36 2015 +0200 tools: allow importing a pubkey from a certificate Author: Nikos Mavrogiannopoulos Date: Fri Oct 16 13:03:57 2015 +0200 pkcs11: introduced gnutls_pkcs11_copy_pubkey That allows copying a public key to a PKCS #11 module. Author: Nikos Mavrogiannopoulos Date: Thu Oct 15 21:23:44 2015 +0200 .gitlab-ci.yml: combined the slow build with the separate build dir Author: Nikos Mavrogiannopoulos Date: Thu Oct 15 21:16:52 2015 +0200 Disable the NULL cipher on runtime when FIPS140 mode is enabled instead of statically That way the NULL cipher can be used when not in FIPS140 mode. Author: Nikos Mavrogiannopoulos Date: Thu Oct 15 21:09:06 2015 +0200 re-enable NULL ciphersuites They were accidentally disabled by b237b37d4d17ee4f98629aae9d72aec87f434cb8 Author: Nikos Mavrogiannopoulos Date: Thu Oct 15 18:35:44 2015 +0200 tests: check whether the RSA-EXPORT and ARCFOUR-40 legacy strings are accepted Author: Nikos Mavrogiannopoulos Date: Thu Oct 15 18:20:38 2015 +0200 Tolerate priority strings with names of legacy ciphers and key exchanges That enables better backwards compatibility with old applications which disable or enable algorithms which no longer are supported. Relates #44 Author: Nikos Mavrogiannopoulos Date: Thu Oct 15 16:21:43 2015 +0200 pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate That allows NSS to read and use the written certificate. Relates #43 Author: Nikos Mavrogiannopoulos Date: Tue Oct 13 04:01:04 2015 +0200 tests: enhanced sec-params check to account for future sec-param Author: Nikos Mavrogiannopoulos Date: Mon Oct 12 22:11:16 2015 +0200 certtool: recognize the future sec-param Author: Nikos Mavrogiannopoulos Date: Mon Oct 12 22:10:25 2015 +0200 Introduced the security parameter future (256) and switched ultra to 192 bits For ultra, this was its documented strength, and now follows RFC3766 recommendations for sizes. Author: Nikos Mavrogiannopoulos Date: Mon Oct 12 21:54:09 2015 +0200 certtool: be more specific on the help message for --sec-param when --bits are given Author: Nikos Mavrogiannopoulos Date: Mon Oct 12 14:54:04 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Oct 12 14:15:28 2015 +0200 tests: added test case for record timeout values Author: Nikos Mavrogiannopoulos Date: Mon Oct 12 13:52:03 2015 +0200 Introduced GNUTLS_INDEFINITE_TIMEOUT This allows to specify an indefinite timeout to gnutls_record_set_timeout(). In addition this flag is accepted by gnutls_handshake_set_timeout() and cancels out a previously set timeout. Resolves #41 Author: Nikos Mavrogiannopoulos Date: Wed Oct 7 10:38:25 2015 +0200 tests: better detection of softhsm library Author: Nikos Mavrogiannopoulos Date: Mon Oct 5 14:31:53 2015 +0200 added text on _gnutls_dh_compute_key Author: Nikos Mavrogiannopoulos Date: Mon Oct 5 17:11:37 2015 +0200 gnutls_record_recv: simplified text on GNUTLS_E_REHANDSHAKE Author: Nikos Mavrogiannopoulos Date: Tue Sep 22 14:31:00 2015 +0200 certtool: print 16-bytes of hex values per line Also avoid a colon on the end of the line. Author: Nikos Mavrogiannopoulos Date: Tue Sep 22 08:31:04 2015 +0200 fips140: set the key via a configure argument Author: Nikos Mavrogiannopoulos Date: Sat Sep 19 12:37:51 2015 +0200 tests: disable cipher-test on windows platform; they don't seem to work Author: Nikos Mavrogiannopoulos Date: Mon Sep 21 14:47:41 2015 +0200 README.md: added build instructions for Fedora/RHEL Author: Nikos Mavrogiannopoulos Date: Mon Sep 21 14:25:12 2015 +0200 priorities: sort algorithms by security strength unless performance is requested That is prioritize 256-bit ciphers over 128-bit ciphers. This would protect secrecy of current data even after a PQ future. Author: Nikos Mavrogiannopoulos Date: Sat Sep 19 12:12:18 2015 +0200 .gitlab-ci.yml: reduce the number of CPUs used in slow on make check Author: Nikos Mavrogiannopoulos Date: Sat Sep 19 11:36:48 2015 +0200 use time_t for internal type to avoid warnings on signed/unsigned comparison Author: Nikos Mavrogiannopoulos Date: Sat Sep 19 11:30:39 2015 +0200 DSA FIPS186-4 key generation: print the required seed length on mismatch Author: Nikos Mavrogiannopoulos Date: Sat Sep 19 11:22:04 2015 +0200 certtool: added more friendly error on seed_size mismatch That prints more useful information when generating provable private keys. Author: Nikos Mavrogiannopoulos Date: Sat Sep 19 11:14:29 2015 +0200 tests: use the corrected seed for default provable private key Author: Nikos Mavrogiannopoulos Date: Sat Sep 19 06:52:13 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Sep 19 06:50:45 2015 +0200 certtool: switched the default level to HIGH for key generation That requires 3072 bits for RSA and DSA keys. Author: Nikos Mavrogiannopoulos Date: Fri Sep 18 23:49:46 2015 +0200 tools: added xmpp into the starttls-proto options Author: Nikos Mavrogiannopoulos Date: Fri Sep 18 15:57:14 2015 +0200 tools: added ldap into the starttls-proto options Author: Nikos Mavrogiannopoulos Date: Thu Sep 17 14:52:27 2015 +0200 system.c: simplify gnutls_system_recv_timeout Author: Nikos Mavrogiannopoulos Date: Thu Sep 17 13:15:54 2015 +0200 gnutls-cli-debug: use RFC7627 instead of draft-ietf-tls-session-hash Author: Nikos Mavrogiannopoulos Date: Thu Sep 17 10:45:30 2015 +0200 updated documentation on gnutls_vdata_types_t based on DKG's suggestions Author: Nikos Mavrogiannopoulos Date: Thu Sep 17 10:10:47 2015 +0200 doc update Author: Daniel Kahn Gillmor Date: Wed Sep 16 19:59:12 2015 -0400 improve docs for gnutls_certificate_verify_peers*() The gnutls_certificate_verify_peers{,2,3}() functions all return GNUTLS_E_SUCCESS (0) even in situations when the peer's certificate was not verified. This is explained in the first paragraphs ("i.e. failure to trust a certificate does not imply a negative return value"), but the Returns: line isn't comparably clear. Author: Nikos Mavrogiannopoulos Date: Mon Sep 14 21:36:24 2015 +0200 certtool: increased seed size to allow for DSA seeds Author: Nikos Mavrogiannopoulos Date: Mon Sep 14 21:32:05 2015 +0200 _gnutls_hex2bin: avoid overrun in the provided buffer Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 19:29:41 2015 +0200 certtool: don't output PKCS #8 on key-info option Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 13:57:26 2015 +0200 better error checking in seed decoding Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 13:52:30 2015 +0200 gnutls_x509_privkey_verify_seed: fail on keys without seed information Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 13:39:13 2015 +0200 certtool: on provable keys always print the legacy format Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 13:27:12 2015 +0200 Use separate PEM headers for provable private keys Also introduce GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT to allow exporting provable private keys in the old compatibility format. Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 11:06:39 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 11:06:00 2015 +0200 certtool: provable key generation was moved to a separate flag that can be combined with --generate-privkey Also enhanced the test suite with DSA provable key generation/verification. Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 10:57:39 2015 +0200 Allow verifying and generating provable DSA keys Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 09:51:25 2015 +0200 tests: added checks for provable key generation and verification Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 09:36:46 2015 +0200 certtool: added provable key verification Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 09:32:32 2015 +0200 Made the new key generation API flexible to allow extensions in the future Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 09:06:12 2015 +0200 Added API to verify private keys generated with seed Author: Nikos Mavrogiannopoulos Date: Sun Sep 13 09:01:41 2015 +0200 gnutls_asn1_tab: updated auto-generated file Author: Nikos Mavrogiannopoulos Date: Sat Sep 12 16:20:13 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Sep 12 16:18:10 2015 +0200 certtool: allow the generation of "provable" private keys Relates to #34 Author: Nikos Mavrogiannopoulos Date: Sat Sep 12 15:47:38 2015 +0200 Added API to generate private keys from a given seed Currently it is restricted to RSA and FIPS 186-4 key generation with SHA384. Relates to #34 Author: Nikos Mavrogiannopoulos Date: Sat Sep 12 14:47:02 2015 +0200 properly generate asn1_tab.c Author: Nikos Mavrogiannopoulos Date: Fri Sep 11 15:44:06 2015 +0200 Don't use formatted output for fixed strings Resolves #35 Author: Nikos Mavrogiannopoulos Date: Wed Sep 9 22:24:27 2015 +0200 README.md: updated information Author: Nikos Mavrogiannopoulos Date: Sat Sep 5 06:20:58 2015 +0200 renamed the auto-verification functions The names are more consistent with the rest of the library. Author: Nikos Mavrogiannopoulos Date: Fri Sep 4 14:05:02 2015 +0200 pkcs11: when storing public keys, make sure they are marked as not private Author: Nikos Mavrogiannopoulos Date: Mon Aug 31 14:22:02 2015 +0200 README.md: mention the testsuite Author: Nikos Mavrogiannopoulos Date: Sun Aug 30 23:41:11 2015 +0200 README.md: print build status Author: Nikos Mavrogiannopoulos Date: Sun Aug 30 23:31:06 2015 +0200 README.md: refer to files using markdown Author: Nikos Mavrogiannopoulos Date: Sun Aug 30 23:26:27 2015 +0200 Updated coding style Author: Nikos Mavrogiannopoulos Date: Fri Aug 28 16:54:47 2015 +0200 gnutls-cli-debug: corrected typo in inappropriate fallback check Author: Nikos Mavrogiannopoulos Date: Fri Aug 28 16:51:35 2015 +0200 .gitlab-ci.yml: use the same number of CPUs in all the checks Author: Nikos Mavrogiannopoulos Date: Fri Aug 28 12:05:02 2015 +0200 gnutls-cli-debug: added check for inappropriate fallback support Author: Nikos Mavrogiannopoulos Date: Thu Aug 27 22:12:55 2015 +0200 Introduced GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR to be returned by the auto-verification functions Author: Nikos Mavrogiannopoulos Date: Wed Aug 26 19:39:22 2015 +0200 nettle: simplified SHA3 checks for nettle nettle 3.1 doesn't have the functions nettle for runtime version checking. Author: Nikos Mavrogiannopoulos Date: Wed Aug 26 19:34:59 2015 +0200 export _gnutls_digest_exists for self tests Author: Nikos Mavrogiannopoulos Date: Wed Aug 26 11:51:09 2015 +0200 x509: tolerate missing subject or issuer fields Author: Nikos Mavrogiannopoulos Date: Wed Aug 26 11:42:01 2015 +0200 certtool: added support for sha3 Author: Nikos Mavrogiannopoulos Date: Wed Aug 26 11:37:13 2015 +0200 gnutls_oid_to_digest(): don't return supported but disabled algorithms Author: Nikos Mavrogiannopoulos Date: Wed Aug 26 11:02:39 2015 +0200 Added support for the SHA3 digest algorithm Author: Nikos Mavrogiannopoulos Date: Wed Aug 26 09:13:52 2015 +0200 corrected typo in ex-server-anon Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 14:13:24 2015 +0200 Define more precisely the auto verification function semantics. Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 13:59:21 2015 +0200 Allow overriding the verification flags from the auto-verification functions Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 13:43:09 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 13:39:33 2015 +0200 Document the new verification functions Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 13:19:51 2015 +0200 examples: simplify the X.509 client example by using the new verification API Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 13:13:57 2015 +0200 tests: check the auto-verification functionality Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 12:00:10 2015 +0200 Added simpler verification functions for clients The major use-case for the TLS protocol is verification of PKIX certificates. However, certificate verification support while is similar for almost all projects it requires around 100 lines of code (a callback) to be duplicated to all applications. That patch set gets rid of the callback and simplifies certificate verification support, by introducing a very simple API; one that would accept the session and the hostname only. Resolves #27 Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 11:10:26 2015 +0200 tests: added test for gnutls_session_set_verify_function Author: Nikos Mavrogiannopoulos Date: Mon Aug 24 11:03:09 2015 +0200 Added gnutls_session_set_verify_function That allows to set a verification callback per session rather than only globally on the credentials structure. Author: Nikos Mavrogiannopoulos Date: Sun Aug 23 22:54:22 2015 +0200 getfuncs.pl: ignore defines in headers Author: Nikos Mavrogiannopoulos Date: Sun Aug 23 22:33:59 2015 +0200 Makefiles: updated for new filenames Author: Nikos Mavrogiannopoulos Date: Sun Aug 23 19:28:09 2015 +0200 Moved pk_* functions to pk.c Author: Nikos Mavrogiannopoulos Date: Sun Aug 23 19:19:45 2015 +0200 Removed the 'gnutls_' prefix from files to simplify file naming Author: Nikos Mavrogiannopoulos Date: Sun Aug 23 18:44:26 2015 +0200 Moved the PRF functions to prf.c Author: Nikos Mavrogiannopoulos Date: Sun Aug 23 14:19:17 2015 +0200 hex decoding: more reasonable error codes That is, return GNUTLS_E_PARSING_ERROR instead of base64 decoding error, and document that fact. Author: Nikos Mavrogiannopoulos Date: Fri Aug 21 15:10:46 2015 +0200 tests: Added resumption tests for PSK ciphersuites Author: Nikos Mavrogiannopoulos Date: Fri Aug 21 14:35:09 2015 +0200 Set the extended master secret status based on resumption data only That is, don't require a new negotiation with extensions. Author: Nikos Mavrogiannopoulos Date: Fri Aug 21 14:23:38 2015 +0200 tests: corrected resumption tests to disable tickets when needed That is, perform the tests that require no tickets, with tickets disabled. Author: Nikos Mavrogiannopoulos Date: Fri Aug 21 14:06:51 2015 +0200 session packing: corrected issue in PSK session unpack Author: Nikos Mavrogiannopoulos Date: Fri Aug 21 13:54:41 2015 +0200 PSK: save the username in client side in the auth structure Author: Nikos Mavrogiannopoulos Date: Fri Aug 21 13:26:08 2015 +0200 _gnutls_hash() returns error code if any. Ideally we would like to eliminate any return codes from that function. However, since that's on exported API we cannot easily do without breaking the ABI. Reported by Benedikt Klotz. Resolves #28 Author: Nikos Mavrogiannopoulos Date: Fri Aug 21 13:15:11 2015 +0200 x509: when appending CRLs to a trust list ensure that we don't have duplicates That is, overwrite CRLs if they have been obsoleted. Author: Nikos Mavrogiannopoulos Date: Fri Aug 21 11:34:39 2015 +0200 certtool: allow exporting very long CRLs Author: Nikos Mavrogiannopoulos Date: Fri Aug 14 12:15:16 2015 +0200 tests: verify that a key usage violation is detected That is that the certificate key usage flags are respected by either the client side or the server side. Author: Nikos Mavrogiannopoulos Date: Fri Aug 14 12:14:55 2015 +0200 Enable key usage checks in the client side of RSA ciphersuites Author: Nikos Mavrogiannopoulos Date: Fri Aug 14 12:14:08 2015 +0200 priorities: Added internal option to allow key usage violations in server side Author: Nikos Mavrogiannopoulos Date: Fri Aug 14 11:55:04 2015 +0200 fix typo in comment Author: Nikos Mavrogiannopoulos Date: Fri Aug 14 11:27:50 2015 +0200 Re-enable the certificate key usage checks for compliance with ciphersuite There is a new attack on the TLS protocol which relies on using certificates for ECDSA as certificates for ECDH ciphersuites. That attack while it doesn't affect gnutls, which doesn't support static ECDH, assumes that implementations ignore the key usage bits in the certificate. We have done it since 3.1.0 for compatibility reasons (see http://www.gnutls.org/faq.html#key-usage-violation), but that clearly opens the door for real attacks in the future. For this reason the key usage bits will no longer be ignored. Resolves #24 Author: Nikos Mavrogiannopoulos Date: Thu Aug 13 12:10:59 2015 +0200 tests: verify whether CRL date setting works as expected Author: Nikos Mavrogiannopoulos Date: Thu Aug 13 12:05:35 2015 +0200 certtool: Allow specifying CRL dates as fixed dates Author: Nikos Mavrogiannopoulos Date: Thu Aug 13 11:48:15 2015 +0200 tests: verify CRL appending effectiveness Author: Nikos Mavrogiannopoulos Date: Thu Aug 13 11:45:50 2015 +0200 gnutls_x509_crl_set_authority_key_id, gnutls_x509_crl_set_number allow overwritting That allows them to overwrite values which were previously set (e.g., on an imported CRL). Author: Nikos Mavrogiannopoulos Date: Thu Aug 13 11:36:17 2015 +0200 certtool: allow appending certificates to a CRL Author: Nikos Mavrogiannopoulos Date: Wed Aug 12 23:03:20 2015 +0200 certtool: removed limit on maximum imported certificates in the -i option Author: Nikos Mavrogiannopoulos Date: Wed Aug 12 22:49:15 2015 +0200 tests: check whether the CRL generation code works as expected Author: Nikos Mavrogiannopoulos Date: Wed Aug 12 22:48:45 2015 +0200 certtool: eliminated memory leaks due to new cert loading code Author: Nikos Mavrogiannopoulos Date: Wed Aug 12 22:22:55 2015 +0200 certtool: lifted limits on file size to load Author: Nikos Mavrogiannopoulos Date: Mon Aug 10 16:43:28 2015 +0200 before dist ensure that included libopts matches autogen Author: Nikos Mavrogiannopoulos Date: Mon Aug 10 16:12:05 2015 +0200 configure: use ':' instead of /bin/true for programs not found Author: Nikos Mavrogiannopoulos Date: Sun Aug 9 21:20:33 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sun Aug 9 20:58:40 2015 +0200 tests: include all cert-tests into dist Author: Nikos Mavrogiannopoulos Date: Fri Aug 7 16:59:18 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Aug 7 16:13:12 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Aug 7 16:04:12 2015 +0200 tests: check gnutls_check_version_numeric() Author: Nikos Mavrogiannopoulos Date: Fri Aug 7 15:45:21 2015 +0200 gnutls.h: added macro gnutls_check_version_numeric This simplifies version checking, and allows the compiler to optimize out. It can only accept numerals. Patch by David Woodhouse. Author: Nikos Mavrogiannopoulos Date: Fri Aug 7 15:19:33 2015 +0200 use pure and const gcc attributes in headers Author: Nikos Mavrogiannopoulos Date: Fri Aug 7 14:14:44 2015 +0200 mention version macro Author: Nikos Mavrogiannopoulos Date: Thu Aug 6 10:37:15 2015 +0200 p11tool: test-sign will not fail if a pubkey is not found Author: Nikos Mavrogiannopoulos Date: Tue Aug 4 20:32:25 2015 +0200 key decoding: set key to null for consistency Author: Nikos Mavrogiannopoulos Date: Tue Aug 4 14:08:37 2015 +0200 key decoding: simplify decoding logic by removing the fallback Author: Nikos Mavrogiannopoulos Date: Tue Aug 4 13:56:41 2015 +0200 key decoding: corrected regression with PKCS #8 key decoding Reported by Daniel Berrange. Author: Nikos Mavrogiannopoulos Date: Tue Aug 4 13:55:56 2015 +0200 tests: added check for decoding of a PKCS #8 key as fallback Author: Nikos Mavrogiannopoulos Date: Mon Aug 3 14:17:16 2015 +0200 pkcs11: set the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag, to simulate the previous behavior. Author: Nikos Mavrogiannopoulos Date: Sat Aug 1 17:03:33 2015 +0200 tests: added check for the fallback SCSV Author: Nikos Mavrogiannopoulos Date: Sat Aug 1 17:02:00 2015 +0200 handshake: check inappropriate fallback against the configured max version That allows to operate on a server which is explicitly configured to utilize earlier than TLS 1.2 versions. Author: Nikos Mavrogiannopoulos Date: Sat Aug 1 17:01:36 2015 +0200 corrected GNUTLS_E_INAPPROPRIATE_FALLBACK error code Author: Nikos Mavrogiannopoulos Date: Sat Aug 1 16:44:13 2015 +0200 DCO: added Alessandro Ghedini Author: Nikos Mavrogiannopoulos Date: Sat Aug 1 14:21:59 2015 +0200 copy_ciphersuites: use definition for reserved ciphersuites Author: Alessandro Ghedini Date: Sat Aug 1 00:38:10 2015 +0200 handshake: add FALLBACK_SCSV priority option This allows clients to enable the TLS_FALLBACK_SCSV mechanism during the handshake, as defined in RFC7507. Author: Alessandro Ghedini Date: Sat Aug 1 00:04:16 2015 +0200 handshake: check for TLS_FALLBACK_SCSV If TLS_FALLBACK_SCSV was sent by the client during the handshake, and the advertised protocol version is lower than GNUTLS_TLS_VERSION_MAX, send the "Inappropriate fallback" fatal alert and abort the handshake. This mechanism was defined in RFC7507. Author: Nikos Mavrogiannopoulos Date: Sat Aug 1 09:10:53 2015 +0200 cfg.mk: fix order of arguments in gnulib-tool Author: Nikos Mavrogiannopoulos Date: Sat Aug 1 08:38:50 2015 +0200 use gettext-h gnulib module Author: Nikos Mavrogiannopoulos Date: Sat Aug 1 00:12:25 2015 +0200 tests: added missing certtool-long-cn Author: Nikos Mavrogiannopoulos Date: Fri Jul 31 22:42:42 2015 +0200 safe renegotiation: simulate receiving the extension on receival of SCSV Author: Nikos Mavrogiannopoulos Date: Fri Jul 31 22:00:53 2015 +0200 made data2hex() safer, and eliminated mem leak Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 22:17:17 2015 +0200 tests: added check for proper handling of very long CNs Author: Nikos Mavrogiannopoulos Date: Fri Jul 31 21:26:25 2015 +0200 updated the required gettext version to match the macros from gnulib Author: Nikos Mavrogiannopoulos Date: Fri Jul 31 16:03:25 2015 +0200 safe renegotiation: handle case where client didn't send any extension That was affected by the "don't try to send extensions we didn't receive". Author: Nikos Mavrogiannopoulos Date: Fri Jul 31 15:02:01 2015 +0200 tpm: avoid warning Author: Nikos Mavrogiannopoulos Date: Fri Jul 31 14:57:33 2015 +0200 As server don't try to send extensions we didn't receive. Author: Nikos Mavrogiannopoulos Date: Fri Jul 31 14:33:00 2015 +0200 tests: added check for server sending (or not) status request messages Author: Nikos Mavrogiannopoulos Date: Fri Jul 31 14:30:00 2015 +0200 fips140: corrected hex decoding Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 11:48:51 2015 +0200 bumped version Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 11:45:51 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 10:30:20 2015 +0200 verify-tofu: use nettle's base64 functions Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 10:24:39 2015 +0200 gnulib: removed base64 implementation Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 10:20:40 2015 +0200 openpgp: use nettle's base64 functions Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 10:11:48 2015 +0200 x509_b64: switch to nettle's base64 functions Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 08:57:52 2015 +0200 tests: added check for PSK file parsing Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 08:37:34 2015 +0200 fips: use gnutls_hex_decode for MAC decoding Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 08:36:32 2015 +0200 tpm: use gnutls_hex_decode for uuid decoding Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 08:36:14 2015 +0200 psk: use gnutls_hex_decode2 for key decoding Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 08:35:47 2015 +0200 system-keys-win: use gnutls_hex_decode for ID decoding Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 08:35:11 2015 +0200 openpgp: use gnutls_hex_decode for keyid decoding Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 08:34:52 2015 +0200 DN decoding: use gnutls_hex_encode Author: Nikos Mavrogiannopoulos Date: Tue Jul 21 08:19:17 2015 +0200 Introduced gnutls_hex_encode2() and gnutls_hex_decode2() These also use safer hex decoding functions which don't skip invalid input. Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 22:37:40 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 22:09:28 2015 +0200 x509: simplified data to hex conversion in unknown DN names Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 21:26:36 2015 +0200 gnutls_prf_rfc5705: Allow for non-null context and zero context length Author: Nikos Mavrogiannopoulos Date: Mon Jul 13 20:19:28 2015 +0200 bumped version Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 15:42:21 2015 +0200 tests: added cross-check between gnutls_prf_rfc5705() and gnutls_prf() Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 15:07:05 2015 +0200 removed legacy libgcrypt flags Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 14:59:37 2015 +0200 gnutls_prf_rfc5705: optimize in the common use case, by avoiding malloc Also don't handle specially the case of non-NULL context and context_size of zero. Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 14:03:34 2015 +0200 ignore more files Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 14:03:22 2015 +0200 p11tool: fix documentation for --generate-ecc and generate-dsa Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 10:49:48 2015 +0200 gnutls_prf_rfc5705: mention the version it was introduced at Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 10:39:37 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 10:35:08 2015 +0200 tests: added check for gnutls_prf() and gnutls_prf_rfc5705 Author: Nikos Mavrogiannopoulos Date: Mon Jul 20 10:03:37 2015 +0200 gnutls_prf_rfc5705: added That includes support for RFC5705 when the context field is used. Initial patch by Rick van Rein. Author: Nikos Mavrogiannopoulos Date: Fri Jul 17 11:38:17 2015 +0200 doc update: explain more about PKCS #11 and fork Author: Nikos Mavrogiannopoulos Date: Tue Jul 14 09:55:50 2015 +0200 configure: print the trousers lib only when set Author: Nikos Mavrogiannopoulos Date: Tue Jul 14 09:44:30 2015 +0200 tpmtool: Added --test-sign parameter Author: Nikos Mavrogiannopoulos Date: Mon Jul 13 20:04:41 2015 +0200 Deinitialize the TPM subsystem only when trousers support is enabled Author: Nikos Mavrogiannopoulos Date: Mon Jul 13 16:25:16 2015 +0200 TPM: don't link to trousers, use dlopen() That introduces --with-trousers-lib which can be used to specify the library to dlopen(). Resolves #18 Author: Nikos Mavrogiannopoulos Date: Sun Jul 12 15:21:13 2015 +0200 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Sun Jul 12 15:15:00 2015 +0200 bumped version Author: Nikos Mavrogiannopoulos Date: Sat Jul 11 12:05:56 2015 +0200 pkcs11: mention the version GNUTLS_PKCS11_TOKEN_MODNAME is available from Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 21:20:23 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 21:17:48 2015 +0200 PSK: set the hint in DHE-PSK and ECDHE-PSK ciphersuites Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 19:17:23 2015 +0200 tests: updated pskself to check the hint in all PSK ciphersuites Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 16:57:19 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 16:55:48 2015 +0200 p11tool: be more compact in token URL printing Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 16:52:57 2015 +0200 p11tool: group the provided options for readability Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 16:31:02 2015 +0200 p11tool: keep backwards compatibility by introducing --list-token-urls That is, the output of --list-tokens remains the same. Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 16:25:48 2015 +0200 p11tool: print the module name of a token in verbose mode Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 16:24:11 2015 +0200 Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info That allows to obtain the shared module name of a token URL. Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 13:36:51 2015 +0200 pkcs11.h: doc update Author: Nikos Mavrogiannopoulos Date: Fri Jul 10 13:12:00 2015 +0200 p11tool: less verbose output in --list-tokens unless --verbose is specified Author: Nikos Mavrogiannopoulos Date: Thu Jul 9 14:10:23 2015 +0200 tests: added suppression for bash mem leak Author: Nikos Mavrogiannopoulos Date: Thu Jul 9 22:50:11 2015 +0200 tests: don't run certtool-utf8 when libidn is 1.30 or less This avoids test suite failures due to libidn. Author: Nikos Mavrogiannopoulos Date: Thu Jul 9 13:45:58 2015 +0200 gnutls-cli: doc update Author: Nikos Mavrogiannopoulos Date: Thu Jul 9 13:26:14 2015 +0200 dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert. Author: Nikos Mavrogiannopoulos Date: Wed Jul 8 09:47:52 2015 +0200 gl: use /bin/true to run valgrind during configure Bash has memory leaks, which prevents the valgrind check to operate using the SHELL variable. Author: Nikos Mavrogiannopoulos Date: Wed Jul 8 09:38:37 2015 +0200 tests: added check for invalid UTF8 encoded string Author: Nikos Mavrogiannopoulos Date: Wed Jul 8 09:19:00 2015 +0200 Revert "libidn support is disabled by default" This reverts commit 5fdffb2c177cb990480fb8b93c9257ccc5dfcaad. Author: Daniel Kahn Gillmor Date: Thu Jul 2 14:28:32 2015 -0400 certtool --outder should not emit signature verification status When emitting binary-formatted output, send signature verification status to stderr, since it is not binary-formatted output. A simpler version of this patch would be to always send signature verification to stderr, but that would change the text-formatted output. Author: Nikos Mavrogiannopoulos Date: Wed Jul 1 21:13:23 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Jul 1 15:25:30 2015 +0200 DSA: the numeric number of bits returned from public key should depend on P not Y That allows to do the proper evaluation to check certificate strength. Reported by Hubert Kario. Author: Nikos Mavrogiannopoulos Date: Wed Jul 1 15:36:20 2015 +0200 tests: check whether we print the prime size in DSA keys Author: Nikos Mavrogiannopoulos Date: Wed Jul 1 11:15:38 2015 +0200 name constraints: simplified gnutls_x509_name_constraints_check_crt() Author: Nikos Mavrogiannopoulos Date: Wed Jul 1 11:08:11 2015 +0200 tests: verify that unsupported name constraints are properly handled Author: Nikos Mavrogiannopoulos Date: Wed Jul 1 11:01:20 2015 +0200 name constraints: don't reject certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS constraints, and the end certificate doesn't have an IPaddress name or a URI set. Author: Nikos Mavrogiannopoulos Date: Mon Jun 29 19:52:15 2015 +0200 Sync with TP. Author: Nikos Mavrogiannopoulos Date: Sun Jun 28 13:09:42 2015 +0200 libidn support is disabled by default That is until the issues with libidn get resolves. Relates #10 Author: Nikos Mavrogiannopoulos Date: Sat Jun 27 08:05:10 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Jun 27 07:57:21 2015 +0200 tests: added a test for the fork detection interface Author: Nikos Mavrogiannopoulos Date: Sat Jun 27 07:51:05 2015 +0200 tests: resume-dtls: increased timeouts Author: Nikos Mavrogiannopoulos Date: Fri Jun 26 16:31:21 2015 +0200 Don't use pthread_atfork(), it is not safe to use with dlopen() http://austingroupbugs.net/view.php?id=851 Author: Nikos Mavrogiannopoulos Date: Fri Jun 26 14:47:39 2015 +0200 atfork: added underscore to gnutls_forkid Author: Nikos Mavrogiannopoulos Date: Fri Jun 26 09:08:20 2015 +0200 simplified fork detection Author: Nikos Mavrogiannopoulos Date: Fri Jun 26 08:07:01 2015 +0200 enhanced header matching code for private keys to skip unrelated data Author: Nikos Mavrogiannopoulos Date: Fri Jun 26 08:00:24 2015 +0200 tests: added private key import checks Author: Nikos Mavrogiannopoulos Date: Thu Jun 25 15:08:54 2015 +0200 gnutls_x509_privkey_import: optimized private key loading Author: Nikos Mavrogiannopoulos Date: Thu Jun 25 15:01:17 2015 +0200 gnutls_x509_privkey_import2: better behavior when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to trying all encrypted options. Author: Nikos Mavrogiannopoulos Date: Thu Jun 25 14:47:52 2015 +0200 tests: added check to verify that gnutls_x509_privkey_import2 works for plain keys That is, when a password is provided and the key is non encrypted. Author: Nikos Mavrogiannopoulos Date: Thu Jun 25 11:08:19 2015 +0200 _gnutls_get_asn_mpis() will release any data on failure Resolves #15 Author: Alon Bar-Lev Date: Sun Jun 21 20:42:12 2015 +0300 tests: tab indent + minor style changes Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Tue Jun 23 11:53:23 2015 +0200 tests: modified test-ciphersuite-names to work with cpp 5.1.1 Author: Nikos Mavrogiannopoulos Date: Mon Jun 22 23:49:32 2015 +0200 tests: test-ciphersuite-names: create any needed dirs Author: Nikos Mavrogiannopoulos Date: Mon Jun 22 21:24:55 2015 +0200 tests: moved test-ciphersuites.sh one level up That simplifies running the script outside make check. Author: Alon Bar-Lev Date: Sun Jun 21 20:43:34 2015 +0300 tests: suite: ciphersuite: fixups fix separate builddir issue, without modifying locations, quite ugly. re-indent using tab. fix shebang. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Sun Jun 21 03:00:05 2015 +0300 tests: enforce UTC timezone in datefudge tests Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Sun Jun 21 03:00:04 2015 +0300 tests: misc: shell cleanup leftovers minor sync. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Sun Jun 21 03:00:03 2015 +0300 tests: suite: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup indentation to be consistent with other tests. Fix separate builddir issues. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Sun Jun 21 03:00:02 2015 +0300 tests: misc: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup indentation to be consistent with other tests. Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Sat Jun 20 18:38:24 2015 +0200 tests: fixed includes Author: Nikos Mavrogiannopoulos Date: Sat Jun 20 12:27:54 2015 +0200 move all gettext definitions in gnutls_str.h Author: Nikos Mavrogiannopoulos Date: Sat Jun 20 12:23:40 2015 +0200 cross.mk: updated for 3.4.2 Author: Nikos Mavrogiannopoulos Date: Sat Jun 20 12:18:26 2015 +0200 gnutls_str: include gettext.h when dgettext is available Author: Nikos Mavrogiannopoulos Date: Sat Jun 20 12:09:14 2015 +0200 tests: don't depend on gnulib That dependency unfortunately causes many portability problems on platforms where it should have worked out of the box. Author: Nikos Mavrogiannopoulos Date: Sat Jun 20 10:43:12 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Jun 20 10:31:27 2015 +0200 use the same shebang for perl Author: Nikos Mavrogiannopoulos Date: Fri Jun 19 22:55:04 2015 +0200 tests: added a verify-chain test case Author: Nikos Mavrogiannopoulos Date: Fri Jun 19 21:53:27 2015 +0200 tests: don't quote provider in common.sh That caused testpkcs11 to fail. Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 22:50:18 2015 +0200 tests: don't enforce alignment rules for caller buffers Author: Alon Bar-Lev Date: Wed Jun 17 14:05:54 2015 +0300 tests: cert-tests: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 16:20:50 2015 +0200 Added gitlab-ci.yml Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 15:52:39 2015 +0200 reduced the exported functions to the minimum needed Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 15:49:39 2015 +0200 _gnutls_ext_register was made static Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 15:49:06 2015 +0200 libgnutls.map: use a 3.4 related name for private functions This eliminates any collisions with functions from 3.3.x Author: Alon Bar-Lev Date: Thu Jun 18 09:41:54 2015 +0300 tests: nist-pkits: cleanup shell/perl usage Add quotes for most usages of variables. Added ${} for variables. Consistent indent. Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 14:15:18 2015 +0200 tests: force link with nettle of mini-alignment Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 14:11:08 2015 +0200 tests: Check the OID functions Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 14:01:42 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 13:59:57 2015 +0200 Exported functions to convert from and to OIDs Author: Saurav Babu Date: Thu Jun 18 12:50:32 2015 +0530 gnutls-cli: Fixed Possible Memory Leak This patch fixes possible memory leak in psk_callback() function, rawkey is allocated memory by gnutls_malloc() and is not freed when gnutls_hex_decode() returns with error Signed-off-by: Saurav Babu Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 11:19:37 2015 +0200 pkcs7: corrected write_signer_id() when GNUTLS_PKCS7_WRITE_SPKI was used Author: Alon Bar-Lev Date: Thu Jun 18 09:41:55 2015 +0300 tests: openpgp-certs: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Thu Jun 18 09:41:53 2015 +0300 tests: key-tests: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Thu Jun 18 09:41:52 2015 +0300 tests: ecdsa: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Thu Jun 18 00:57:04 2015 +0300 tests: dsa: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Removal of unneeded ';'. Minor fix in tests/scripts/common.sh at trap to pass message and avoid killing. Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 10:51:09 2015 +0200 indentation fix Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 10:46:13 2015 +0200 Always align in 16-byte boundary our input to crypto That allows faster operations in almost all instruction sets. Author: Nikos Mavrogiannopoulos Date: Thu Jun 18 10:44:45 2015 +0200 tests: added check for memory alignment Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 22:26:51 2015 +0200 tests: only run test with long dates in 64-bit systems Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 17:17:10 2015 +0200 tests: regenerate the results in template-test using UTC times Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 16:48:36 2015 +0200 ensure that gnutls_pubkey_verify_data2 returns 0 on success Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 16:40:15 2015 +0200 Added gnutls_pkcs7_get_signature_count Author: Alon Bar-Lev Date: Wed Jun 17 11:59:55 2015 +0300 tests: suite: run testpkcs11 if PKCS#11 is enabled Signed-off-by: Alon Bar-Lev Author: Alon Bar-Lev Date: Wed Jun 17 11:59:56 2015 +0300 tests: remove bash usage Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 11:34:46 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 11:19:10 2015 +0200 tests: verify that we generate dates with UTCTime prior to 2050 Also that we generate dates with GeneralizedTime format after 2050. Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 11:12:03 2015 +0200 When writing the Time ASN.1 structure follow the RFC5280 recommendations Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 11:03:29 2015 +0200 Set time in PKCS #7 structures properly (in UTCTime format). Author: Nikos Mavrogiannopoulos Date: Wed Jun 17 10:42:54 2015 +0200 doc update Author: Alon Bar-Lev Date: Tue Jun 16 23:48:58 2015 +0300 tests: cert-tests: pkcs7: support separate builddir Signed-off-by: Alon Bar-Lev Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 22:00:41 2015 +0200 account new symbols Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 22:00:01 2015 +0200 updated makefiles for the new functions Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 21:53:29 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 21:47:37 2015 +0200 use common base for pkcs7 files Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 21:41:42 2015 +0200 added missing symbol Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 21:34:30 2015 +0200 released 3.4.2 Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 17:18:51 2015 +0200 certtool: made explicit the inclusion of time in PKCS #7 signatures Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 17:15:04 2015 +0200 pkcs7: write the DER encoded time Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 16:56:30 2015 +0200 certtool: include the signature time in PKCS #7 signatures Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 16:55:40 2015 +0200 pkcs7: corrected usage of GNUTLS_PKCS7_INCLUDE_TIME flag Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 13:31:54 2015 +0200 tests: minor updates in pkcs7 output checks to match new certtool Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 13:31:30 2015 +0200 certtool: rely on gnutls_pkcs7_print() even more Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 13:27:43 2015 +0200 pkcs7: print certificates and CRLs in FULL mode Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 12:29:53 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 12:29:38 2015 +0200 certtool: use gnutls_pkcs7_print() - partially Author: Nikos Mavrogiannopoulos Date: Tue Jun 16 12:18:55 2015 +0200 Added gnutls_pkcs7_print() Author: Nikos Mavrogiannopoulos Date: Mon Jun 15 11:36:58 2015 +0200 bumped version Author: Nikos Mavrogiannopoulos Date: Thu Jun 11 10:34:55 2015 +0200 tests: added signature/verification stress test Author: Nikos Mavrogiannopoulos Date: Thu Jun 11 10:11:35 2015 +0200 tests: check also individual ciphers for interoperability Author: Nikos Mavrogiannopoulos Date: Mon Jun 8 11:38:54 2015 +0200 fips140: better debug messages when verifying MAC Author: Nikos Mavrogiannopoulos Date: Fri Jun 5 11:19:13 2015 +0200 tpmtool: added newline in error messages Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 16:10:30 2015 +0200 fips140: added check for reseed detection Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 15:48:23 2015 +0200 tests: check random generator for long outputs as well Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 15:42:42 2015 +0200 fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is setup do not perform integrity tests Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 15:38:09 2015 +0200 fips140: reset the reseed counter only on reseed Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 15:37:39 2015 +0200 fips140: when reseeding only reseed the required context not all Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 14:37:11 2015 +0200 fips140: added more checks on the reseed and generate function Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 14:36:35 2015 +0200 fips140: enforce the max_number_of_bits_per_request Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 16:36:32 2015 +0200 tests: do not include times in the PKCS #7 checks as they depend on local timezone Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 13:28:59 2015 +0200 pkcs7: addressed memory leaks Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 11:42:30 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 11:38:55 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 11:35:04 2015 +0200 tests: Added PKCS #7 attribute generation check Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 10:44:25 2015 +0200 tests: updated for new certtool output Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 10:40:54 2015 +0200 certtool: print signed and unsigned PKCS #7 attributes Author: Nikos Mavrogiannopoulos Date: Wed Jun 3 10:24:05 2015 +0200 Added code to parse and set PKCS #7 attributes Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 16:34:45 2015 +0200 tests: added PKCS #7 verification check with MD5 Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 16:31:49 2015 +0200 use the same flags in all verification functions Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 16:05:46 2015 +0200 _decode_pkcs7_signed_data: fixed mem leaks Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 15:58:14 2015 +0200 Initialization of gnutls_x509_dn_t was modified to allow deinitialization after failure Part2: made gnutls_x509_crt_get_subject() and gnutls_x509_crt_get_issuer() return a constant value and avoid leaks. Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 14:40:56 2015 +0200 doc: Separated the PKCS #7 in manual Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 14:35:26 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 14:26:20 2015 +0200 tests: check PKCS #7 structure signature generation Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 14:16:58 2015 +0200 tests: check PKCS #7 bundle generation Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 14:08:13 2015 +0200 certtool: added --p7-generate, --p7-sign and --p7-detached-sign Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 12:58:34 2015 +0200 Added gnutls_pkcs7_sign() Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 11:13:41 2015 +0200 Added gnutls_pkcs7_get_crl_raw2 Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 11:00:39 2015 +0200 certtool: print the signing time when available Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 11:00:26 2015 +0200 pkcs7 verification: parse the signing time Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 09:54:38 2015 +0200 on PKCS #7 verification check the the content type matches the signed data Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 09:22:36 2015 +0200 certtool: print more info about the PKCS #7 struct Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 09:15:53 2015 +0200 certtool: allow verification against a direct PKCS #7 signer Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 09:05:27 2015 +0200 tests: added checks with PKCS #7 detached data Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 09:03:34 2015 +0200 pkcs7 verification: return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data exist Author: Nikos Mavrogiannopoulos Date: Tue Jun 2 08:57:34 2015 +0200 certtool: allow verifying PKCS #7 with detached data Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 21:37:44 2015 +0200 certtool: improved PKCS #7 verification output Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 21:33:02 2015 +0200 tests: check the key purpose in PKCS #7 verification Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 20:07:57 2015 +0200 tests: added PKCS #7 test with more than 1 certs Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 18:56:51 2015 +0200 certtool: allow verification of PKCS #7 structures Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 18:55:37 2015 +0200 Initialization of gnutls_x509_dn_t was modified to allow deinitialization after failure Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 15:19:03 2015 +0200 Added PKCS #7 signature(s) verification Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 15:13:10 2015 +0200 Added gnutls_pkcs11_get_raw_issuer_by_subject_key_id and gnutls_x509_trust_list_get_issuer_by_subject_key_id Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 14:34:57 2015 +0200 tests: added check for gnutls_x509_dn_get_str Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 14:26:19 2015 +0200 added gnutls_x509_dn_get_str Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 11:52:58 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 11:51:32 2015 +0200 Added gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data() Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 10:43:46 2015 +0200 verify PKCS #7 signed data Author: Nikos Mavrogiannopoulos Date: Fri May 29 14:41:13 2015 +0200 updated PKCS #7 code to cache signed_data Author: Nikos Mavrogiannopoulos Date: Mon Jun 1 21:48:48 2015 +0200 When manual PKCS #11 configuration is requested don't initialize other providers Author: Nikos Mavrogiannopoulos Date: Sun May 31 08:51:26 2015 +0200 certtool: deinitialize PKCS #7 resources Author: Nikos Mavrogiannopoulos Date: Sun May 31 08:50:09 2015 +0200 tests: Added tests for PKCS7 cert extraction Author: Nikos Mavrogiannopoulos Date: Fri May 29 16:37:36 2015 +0200 Revert "updated gnulib" This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c. Author: Nikos Mavrogiannopoulos Date: Fri May 29 14:39:58 2015 +0200 silence format-signness warnings in gcc5 Author: Nikos Mavrogiannopoulos Date: Fri May 29 14:34:53 2015 +0200 updated gnulib Author: Nikos Mavrogiannopoulos Date: Tue May 26 22:12:19 2015 +0200 Check the OID size for match when comparing for the OCSP nonce extension Reported by Hanno Böck. Author: Armin Burgmeier Date: Sat May 23 23:30:18 2015 -0400 gnutls_dh_get_prime_bits: return 0 if DH is not used Before, the number of bits of a zero-length number was attempted to be extracted, resulting in an error. The changed behaviour is consistent with the documentation which explicitly states that 0 should be returned if no DH key exchange was performed. Author: Nikos Mavrogiannopoulos Date: Fri May 22 09:08:00 2015 +0200 gnutls_dh_get_group: mention that the values may include a leading zero Author: Nikos Mavrogiannopoulos Date: Thu May 21 11:55:06 2015 +0200 gnutls_dh_set_prime_bits: warn when overriding the DH max prime size with 1007 bits or less Author: Nikos Mavrogiannopoulos Date: Thu May 21 10:52:37 2015 +0200 cleanup unused variable Author: Nikos Mavrogiannopoulos Date: Thu May 21 10:51:17 2015 +0200 corrected allocation check Author: Nikos Mavrogiannopoulos Date: Thu May 21 10:46:26 2015 +0200 removed useless check Author: Nikos Mavrogiannopoulos Date: Thu May 21 10:43:06 2015 +0200 document intentional fallthrough in switch Author: Nikos Mavrogiannopoulos Date: Thu May 21 10:41:11 2015 +0200 ecc ext: check return code of _gnutls_buffer_append_data Author: Nikos Mavrogiannopoulos Date: Sun May 17 21:11:14 2015 +0200 tests: enhance the no-signal check to include proper data sending Author: Nikos Mavrogiannopoulos Date: Sun May 17 20:59:14 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sun May 17 20:57:48 2015 +0200 tests: check the operation of GNUTLS_NO_SIGNAL Author: Nikos Mavrogiannopoulos Date: Sun May 17 20:33:48 2015 +0200 Allow the usage of MSG_NOSIGNAL in send functions That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(), which is available in systems that support the MSG_NOSIGNAL flag to send(). That eases the usage of the library within other libraries. Resolves #11 Author: Nikos Mavrogiannopoulos Date: Fri May 15 12:03:23 2015 +0200 include nettle/memxor when needed Author: Nikos Mavrogiannopoulos Date: Fri May 15 12:02:56 2015 +0200 gnutls-serv: send alert when wrong data have been received from client Author: Nikos Mavrogiannopoulos Date: Thu May 14 15:32:09 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu May 14 14:00:11 2015 +0200 camellia256-gcm: corrected regression Reported by Manuel Pegourie-Gonnard. Author: Nikos Mavrogiannopoulos Date: Mon May 11 18:41:09 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed May 6 15:22:05 2015 +0200 doc: added section about subject alternative names Author: Nikos Mavrogiannopoulos Date: Wed May 6 11:17:09 2015 +0200 handshake_start_time was moved out of the DTLS-specific variables Author: Nikos Mavrogiannopoulos Date: Wed May 6 11:13:05 2015 +0200 apply default timeout for DTLS in gnutls_handshake_set_timeout Author: Nikos Mavrogiannopoulos Date: Wed May 6 10:03:16 2015 +0200 tests: do not perform internationalized name checks without libidn Author: Nikos Mavrogiannopoulos Date: Wed May 6 09:52:39 2015 +0200 tests: updated sign-md5-rep to reduce false failures Author: Nikos Mavrogiannopoulos Date: Tue May 5 16:40:37 2015 +0200 tests: eliminate mem leaks in mini-loss-time Author: Nikos Mavrogiannopoulos Date: Tue May 5 15:55:19 2015 +0200 tests: testdane: remove dane.nox.su from the list of known to be good hosts Author: Nikos Mavrogiannopoulos Date: Tue May 5 14:43:42 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue May 5 14:41:55 2015 +0200 tests: mini-loss-time enhanced to check proper timeouts in both client and server Author: Nikos Mavrogiannopoulos Date: Tue May 5 14:35:45 2015 +0200 dtls: combined the total timeouts of DTLS and TLS handshake That also makes the waits for packets more robust against blocking. Author: Nikos Mavrogiannopoulos Date: Tue May 5 09:36:17 2015 +0200 define GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA Author: Nikos Mavrogiannopoulos Date: Tue May 5 07:57:16 2015 +0200 doc: updated text to account for pkcs11-url standardization Author: Nikos Mavrogiannopoulos Date: Sun May 3 19:43:40 2015 +0200 tests: mini-dtls-mtu: compile in windows Author: Jaak Ristioja Date: Mon May 4 10:53:10 2015 +0300 doc: Fixed typo in heartbeat documentation. Author: Nikos Mavrogiannopoulos Date: Sun May 3 19:39:52 2015 +0200 cross.mk: updated for 3.4.1 Author: Nikos Mavrogiannopoulos Date: Sun May 3 19:36:02 2015 +0200 updated abi base for 3.4 Author: Nikos Mavrogiannopoulos Date: Sun May 3 19:24:23 2015 +0200 NEWS: updated Author: Nikos Mavrogiannopoulos Date: Sun May 3 19:09:19 2015 +0200 released 3.4.1 Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 18:48:57 2015 +0200 doc: updated gnutls_dtls_set_timeouts Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 16:40:24 2015 +0200 doc: fixed example with DTLS timeouts Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 16:32:40 2015 +0200 use macro for DTLS default timeout Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 16:28:24 2015 +0200 gnutls_handshake_set_timeout will properly work with DTLS Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 14:09:22 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 14:53:17 2015 +0200 document the need for gnutls_transport_set_pull_timeout_function Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 14:06:09 2015 +0200 doc: updated async operation text Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 13:53:19 2015 +0200 disable default handshake timeout It caused issues with non-blocking TLS clients and servers which may not want to block while the pull timeout function waits. Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 13:38:26 2015 +0200 tests: added check to verify that pull timeout is not called on non-blocking sessions Author: Nikos Mavrogiannopoulos Date: Thu Apr 30 13:22:34 2015 +0200 GNUTLS_NONBLOCK can be used for non-DTLS sessions as well Author: Nikos Mavrogiannopoulos Date: Wed Apr 29 14:44:30 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 29 14:44:30 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 28 16:12:13 2015 +0200 tests: key generation test was moved to main checks This will allow to catch memory leaks with valgrind. Author: Jan Vcelak Date: Tue Apr 28 13:50:40 2015 +0200 fix memory leak in ECDSA key parameters verification Signed-off-by: Jan Vcelak Author: Nikos Mavrogiannopoulos Date: Tue Apr 28 14:30:35 2015 +0200 updated minitasn1 Author: Nikos Mavrogiannopoulos Date: Tue Apr 28 14:29:41 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 28 14:26:57 2015 +0200 Handle DNS name constraints with leading dot Patch by Fotis Loukos. Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Tue Apr 28 09:02:12 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Apr 27 09:16:42 2015 +0200 updated text for gnutls_pkcs11_init Author: Nikos Mavrogiannopoulos Date: Mon Apr 27 09:08:10 2015 +0200 updated pkcs11 loading documentation Author: Nikos Mavrogiannopoulos Date: Sun Apr 26 08:31:12 2015 +0200 tests: mini-etm: use TLS as the transport layer Author: Nikos Mavrogiannopoulos Date: Sun Apr 26 08:29:19 2015 +0200 tests: added comment for sign-md5-rep Author: Nikos Mavrogiannopoulos Date: Sun Apr 26 08:11:17 2015 +0200 more files to ignore Author: Nikos Mavrogiannopoulos Date: Sun Apr 26 00:04:13 2015 +0200 Sync with TP. Author: Nikos Mavrogiannopoulos Date: Sat Apr 25 21:23:38 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Apr 25 20:00:04 2015 +0200 tests: added reproducer for the MD5 acceptance issue Reported by Karthikeyan Bhargavan. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html Author: Nikos Mavrogiannopoulos Date: Sat Apr 25 19:34:34 2015 +0200 before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled Author: Nikos Mavrogiannopoulos Date: Sat Apr 25 19:14:07 2015 +0200 _gnutls_session_sign_algo_enabled: do not consider any values from the extension data to decide acceptable algorithms Author: Nikos Mavrogiannopoulos Date: Sat Apr 25 09:28:57 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Apr 25 09:13:04 2015 +0200 tests: added unit tests for gnutls_certificate_client_get_request_status Author: Nikos Mavrogiannopoulos Date: Sat Apr 25 09:12:04 2015 +0200 set the value used by gnutls_certificate_client_get_request_status prior to selecting certificate That allows gnutls_certificate_client_get_request_status() to be properly operating from the callback. Reported by Anton Lavrentiev. Author: Nikos Mavrogiannopoulos Date: Sat Apr 25 09:10:15 2015 +0200 updated doc for retrieve function Author: Nikos Mavrogiannopoulos Date: Fri Apr 24 16:04:44 2015 +0200 updated PKCS #11 URL references to rfc7512 Author: Nikos Mavrogiannopoulos Date: Wed Apr 22 14:00:45 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 22 13:54:18 2015 +0200 tests: added check for gnutls_credentials_get Author: Nikos Mavrogiannopoulos Date: Wed Apr 22 13:49:10 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 22 13:41:17 2015 +0200 fixed doc: reported by Anton Lavrentiev Author: Nikos Mavrogiannopoulos Date: Wed Apr 22 11:33:34 2015 +0200 doc: corrected typo Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 22:08:56 2015 +0200 tests: resume-dtls: remove global variables Author: Andreas Metzler Date: Tue Apr 21 19:18:00 2015 +0200 List all certificate type priority strings. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 19 21:23:21 2015 +0200 tls-rsa: keep a common code path when doing RSA decryption Suggested by Nimrod Aviram. Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 15:20:38 2015 +0200 tests: initialize status where needed Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 15:18:11 2015 +0200 tests: cleanup openpgp-auth2 Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 15:17:38 2015 +0200 tests: cleanup mini-dtls-rehandshake Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 13:46:36 2015 +0200 tests: resume: check for signals Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 10:42:50 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 10:40:41 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 10:36:07 2015 +0200 tests: reduced compiler warnings Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 10:07:30 2015 +0200 tests: verify the return value of gnutls_certificate_get_ours when no cert is sent Author: Nikos Mavrogiannopoulos Date: Tue Apr 21 10:07:11 2015 +0200 tests: close unused file descriptors in resume checks Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 23:39:08 2015 +0200 libopts: fixed the reading of the --enable-local-libopts flag Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 17:51:20 2015 +0200 gnutls-cli: when no certificate is sent, notify the user Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 17:45:33 2015 +0200 tests: added check with X.509 certificates and callbacks That corresponds to functionality checked in openpgp-callback.c Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 17:38:10 2015 +0200 tests: added check for gnutls_certificate_get_ours() when used in combination with callbacks Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 16:46:34 2015 +0200 tests: improved x509dn check Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 16:43:51 2015 +0200 gnutls_certificate_get_ours: will return the certificate even if a callback was used This corrects a bug where this function would not work, when gnutls_certificate_set_retrieve_function2() was used. Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 16:31:55 2015 +0200 gnutls-cli: when a certificate is specified require the corresponding private key Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 16:25:21 2015 +0200 ensure that the X.509 version number is one byte only Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 14:04:37 2015 +0200 Check for invalid length in the X.509 version field If such an invalid length is detected, reject the certificate. Reported by Hanno Böck. Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 13:57:31 2015 +0200 ocsp: initialize certs to NULL Author: Nikos Mavrogiannopoulos Date: Mon Apr 20 12:45:56 2015 +0200 gnutls-serv: print when the peer's certificate is not verified Author: Nikos Mavrogiannopoulos Date: Sun Apr 19 09:42:05 2015 +0200 Sync with TP. Author: Tim Kosse Date: Sat Apr 18 11:38:57 2015 +0200 ncrypt.h lacks some defines with some versions of MinGW. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Sun Apr 19 09:19:22 2015 +0200 updated auto-generated files Author: Tim Kosse Date: Sat Apr 18 11:38:56 2015 +0200 Fix a preprocessor warning about mismatched quotes. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Kosse Date: Sat Apr 18 11:38:55 2015 +0200 Set _WIN32_WINNT to 0x600, at least with some MinGW versions ncrypt.h checks this define to be at least 0x600. Signed-off-by: Nikos Mavrogiannopoulos Author: Tim Kosse Date: Sat Apr 18 11:38:54 2015 +0200 Fix include order, include gnutls_int.h before gnutls.h, otherwise undefined external references to gnutls_free and gnutls_strdup are the result when statically linking against GnuTLS built by MinGW. Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Thu Apr 16 19:36:32 2015 +0300 gnutls-cli: removed CCM from the ciphers tested with the old API That prevents a crash of the benchmark. Reported by James Cloos. Author: Nikos Mavrogiannopoulos Date: Thu Apr 16 19:24:46 2015 +0300 refuse to use the old cipher API with AEAD-only ciphers Author: Nikos Mavrogiannopoulos Date: Thu Apr 16 00:16:22 2015 +0300 tests: ignore sigpipe in resume and termination tests Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 20:05:59 2015 +0300 doc: added error check in example Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 20:03:06 2015 +0300 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 16:00:53 2015 +0300 doc: removed stray @end Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 11:53:39 2015 +0300 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 11:49:26 2015 +0300 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 11:48:21 2015 +0300 x509: when printing the keyid of a certificate use the curve name for randomart Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 11:47:39 2015 +0300 gnutls_x509_crt_get_pk_* are based on gnutls_pubkey_export_* Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 11:45:08 2015 +0300 gnutls_pubkey_export_* are tolerable in null input Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 11:41:54 2015 +0300 Added gnutls_x509_crt_get_pk_ecc_raw() Author: Nikos Mavrogiannopoulos Date: Wed Apr 15 11:24:01 2015 +0300 randomart: corrected usage of snprintf Author: Nikos Mavrogiannopoulos Date: Tue Apr 14 22:11:14 2015 +0300 certtool: when generating an ECDSA key use the curve name in random art Author: Nikos Mavrogiannopoulos Date: Tue Apr 14 22:08:18 2015 +0300 randomart: only print key size if it is non-zero Author: Nikos Mavrogiannopoulos Date: Tue Apr 14 22:01:29 2015 +0300 cross.mk: updated for 3.4.0 Author: Nikos Mavrogiannopoulos Date: Tue Apr 14 21:33:19 2015 +0300 Remove SOCK_CLOEXEC from socket() call. That allows compilation in systems where this flag doesn't exist. Resolves #7 Author: Nikos Mavrogiannopoulos Date: Tue Apr 14 16:06:39 2015 +0300 document the recommended re-handshake process Author: Nikos Mavrogiannopoulos Date: Thu Apr 9 16:00:43 2015 +0200 remove duplicate entries from manpages Makefile Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 17:08:07 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 17:07:11 2015 +0200 tests: enhanced cert tests with SHA256 key IDs Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 16:56:44 2015 +0200 certtool: modified to allow different key ID algorithms Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 16:48:46 2015 +0200 Added flags which modify the algorithm used for key ID calculation Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 16:33:47 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 16:18:37 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 16:16:42 2015 +0200 gnutls_record_discard_queued() is both for TLS and DTLS Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 08:59:54 2015 +0200 document the new crypto register functions Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 08:53:39 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 08:49:45 2015 +0200 doc: avoid spaces in showfunc Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 08:15:24 2015 +0200 tests: added files into dist Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 08:08:14 2015 +0200 configure: ask for nettle 3.1 Author: Nikos Mavrogiannopoulos Date: Wed Apr 8 08:06:52 2015 +0200 released 3.4.0 Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 23:28:06 2015 +0200 gnutls-cli: document the method to override the detected ciphers Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 23:21:23 2015 +0200 fixed AESNI CCM encryption Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 23:14:48 2015 +0200 cleanups in CCM-aesni Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 22:28:29 2015 +0200 tests: test CCM-8 against polarssl Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 22:21:45 2015 +0200 gnutls-cli-debug: test for AES-CCM Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 22:10:43 2015 +0200 doc: added 'git submodule update' to clone steps Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 22:00:17 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 21:38:11 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 20:24:10 2015 +0200 removed unused functions Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 16:03:16 2015 +0200 extend the fallback to setkey in addition to init Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 15:50:23 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 15:48:41 2015 +0200 tests: verify the behavior of GNUTLS_E_NEED_FALLBACK Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 15:39:18 2015 +0200 introduced GNUTLS_E_NEED_FALLBACK to allow falling back from registered ciphers That allows a registered cipher to indicate that it cannot operate (e.g., due to memory constraints, or internal limits), and gnutls should proceed with the default algorithms. Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 10:53:54 2015 +0200 ciphersuites: moved CCM ciphersuites in the appropriate ifdefs Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 10:51:25 2015 +0200 tests: ciphersuite test will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8 That is because the names in rfc6655 are for some reason different than the expected. Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 10:47:00 2015 +0200 document CCM and CCM-8 Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 10:44:02 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 10:42:36 2015 +0200 tests: added CCM and CCM_8 into ciphersuite tests Author: Nikos Mavrogiannopoulos Date: Tue Apr 7 10:31:23 2015 +0200 Added CCM-8 ciphersuites Author: Nikos Mavrogiannopoulos Date: Mon Apr 6 19:14:31 2015 +0200 updated announce text Author: Nikos Mavrogiannopoulos Date: Mon Apr 6 10:49:15 2015 +0200 symbols: added the new supplemental functions Author: Nikos Mavrogiannopoulos Date: Mon Apr 6 10:08:16 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sun Apr 5 20:43:18 2015 +0200 tests: delay tests that depend on timing when they fail That often prevents failures on busy systems. Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 18:31:28 2015 +0200 don't enforce iv_size > block_size; it is no longer true for all ciphers Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 15:10:26 2015 +0200 simplified calc_enc_length_stream Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 14:49:03 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 14:29:58 2015 +0200 tests: updated supplemental API Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 12:42:21 2015 +0200 gnutls_ext_register will fail on double registration Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 12:37:38 2015 +0200 gnutls_supplemental_register will fail on double registration Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 12:05:40 2015 +0200 symbols: added new exported functions Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 12:04:34 2015 +0200 doc: updated makefiles to include new functions Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 12:03:37 2015 +0200 libgnutls.map: remove gnutls_record_set_max_empty_records Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 11:54:03 2015 +0200 account for the renamed gnutls_supplemental_recv/send Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 11:50:54 2015 +0200 document the export supplemental data API Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 11:45:28 2015 +0200 gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send Also added the gnutls_ prefix to new types. Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 11:34:55 2015 +0200 Added documentation for gnutls_do_send/recv_supplemental Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 10:30:56 2015 +0200 doc updates Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 09:43:16 2015 +0200 the base64 xxx_alloc functions were renamed to xxx2 That brings them in par with the rest of the allocation functions. Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 09:36:34 2015 +0200 p11tool: use the key usage flags to set PKCS #11 properties Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 09:31:00 2015 +0200 pkcs11: use key_usage to set the appropriate flags Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 08:53:33 2015 +0200 cleanups in supplemental data support Author: Nikos Mavrogiannopoulos Date: Sat Apr 4 07:36:47 2015 +0200 DH: do not warn on zero q_bits Author: Nikos Mavrogiannopoulos Date: Fri Apr 3 22:52:17 2015 +0200 NEWS: rearrange entries Author: Nikos Mavrogiannopoulos Date: Fri Apr 3 22:35:24 2015 +0200 certtool: certtool --generate-dh-params will account for --outder Resolves #5 Author: Nikos Mavrogiannopoulos Date: Thu Apr 2 15:30:20 2015 +0200 chacha20-poly1305: ciphersuite numbers correspond to the latest draft Author: Nikos Mavrogiannopoulos Date: Thu Apr 2 15:27:51 2015 +0200 p11tool: improved output message Author: Nikos Mavrogiannopoulos Date: Thu Apr 2 12:54:45 2015 +0200 removed unecessary warning Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 19:08:33 2015 +0200 doc update: account for new functions Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 18:42:13 2015 +0200 p11tool: better output text Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 18:40:47 2015 +0200 pkcs11: added GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY Also enforce the expected flags despite any given flags in the URL. Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 18:29:08 2015 +0200 p11tool: added the --test-sign parameter That allows to check an existing key for signing/verification. Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 16:52:48 2015 +0200 gnutls_priv/pubkey_import_url replace: gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 16:02:02 2015 +0200 certtool: corrected import of pubkey in DER format Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 10:50:08 2015 +0200 tests: added check for EtM negotiation Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 10:42:28 2015 +0200 only send EtM extension if we have CBC ciphersuites Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 10:04:54 2015 +0200 mention gnutls_privkey_sign_raw_data in upgrade section Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 09:55:09 2015 +0200 gnutls_privkey_sign_raw_data: converted to macro over gnutls_privkey_sign_hash Author: Nikos Mavrogiannopoulos Date: Wed Apr 1 10:00:31 2015 +0200 tests: added check for the legacy gnutls_privkey_sign_raw_data Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 11:16:45 2015 +0200 avoid compilation warnings in self checks (take 2) Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 11:15:04 2015 +0200 Revert "selftests: avoid compilatio warnings" This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603. Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 08:50:45 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 08:48:37 2015 +0200 tests: check whether PKCS #11 ID set on copy/generation is correct Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 08:29:33 2015 +0200 p11tool: allow setting the CKA_ID on object initialization/generation Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 08:22:58 2015 +0200 exported new functions Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 08:19:18 2015 +0200 pkcs11: enhanced key generation functions to allow specifying a CKA_ID Author: Nikos Mavrogiannopoulos Date: Tue Mar 31 08:14:27 2015 +0200 selftests: avoid compilatio warnings Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 16:12:27 2015 +0200 enhanced copy functions to allow specifying a CKA_ID Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 09:57:41 2015 +0200 tests: mini-server-name: ignore sigpipe Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 07:48:15 2015 +0200 tests: added more libidn-related valgrind suppressions Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 07:05:27 2015 +0200 doc: increase border spacing in HTML tables Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 06:59:19 2015 +0200 doc: list chacha20-poly1305 to the list of ciphers Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 06:47:51 2015 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 06:37:52 2015 +0200 manpages: automatically adjust the copyright year on generated pages Author: Nikos Mavrogiannopoulos Date: Mon Mar 30 06:34:37 2015 +0200 tests: added check for gnutls_server_name_get and gnutls_server_name_set Author: Nikos Mavrogiannopoulos Date: Sun Mar 29 10:54:11 2015 +0200 test-ciphers.js: improved ciphersuite checks Author: Nikos Mavrogiannopoulos Date: Sun Mar 29 10:49:23 2015 +0200 corrected GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305 Author: Nikos Mavrogiannopoulos Date: Sun Mar 29 10:27:57 2015 +0200 updated test-ciphersuite.sh for new types Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 23:18:06 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 22:41:03 2015 +0100 Better fix for the double free in dist point parsing Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 22:31:09 2015 +0100 updated minitasn1 Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 19:34:29 2015 +0100 gnutls_pkcs11_copy_x509_privkey: increase size for attributes Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 19:21:48 2015 +0100 moved chacha20-poly1305 ciphersuites to the 0xCD space Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 13:45:23 2015 +0100 doc update: replace cryptographic algorithm by encryption algorithm Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 12:43:58 2015 +0100 gnutls_subject_alt_names_set and gnutls_x509_aki_set_cert_issuer will set null-terminated strings Author: Jiří Klimeš Date: Fri Mar 27 19:55:40 2015 +0100 doc: be consistent in the function descriptions Signed-off-by: Jiří Klimeš Author: Jiří Klimeš Date: Fri Mar 27 20:00:45 2015 +0100 doc: correct the description of crypto API functions Signed-off-by: Jiří Klimeš Author: Jiří Klimeš Date: Fri Mar 27 12:58:34 2015 +0100 Fix a few compiler warnings about unused variables [-Wunused-variable] Signed-off-by: Jiří Klimeš Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 12:00:36 2015 +0100 fixed CHACHA20-POLY1305 in DTLS Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 11:08:28 2015 +0100 gnutls-cli: added chacha-poly1305 into benchmarks Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 10:57:54 2015 +0100 when calculating record overhead account for chacha20 which doesn't send the nonce on the wire Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 10:54:02 2015 +0100 tests: include chacha20 into transfer tests Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 10:40:47 2015 +0100 Added the CHACHA20-POLY1305 ciphersuites (with random IDs) Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 09:59:38 2015 +0100 added chacha20-poly1305 as cipher Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 09:09:02 2015 +0100 tests: check retvals in block ciphers Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 09:06:16 2015 +0100 do not penalize CBC ciphers with the maximum send data size That reduced the maximum send size for CBC ciphers from 16384 to 16384-(block size), which was unnecessary and was causing issues: https://bugs.winehq.org/show_bug.cgi?id=37500 Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 08:18:32 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Mar 28 08:18:17 2015 +0100 gnutls_record_set_max_empty_records: removed Author: Nikos Mavrogiannopoulos Date: Mon Mar 23 22:55:29 2015 +0100 eliminated double-free in the parsing of dist points Reported by Robert Święcki. Author: Nikos Mavrogiannopoulos Date: Mon Mar 23 22:29:23 2015 +0100 Added a tight loop around the legacy push function That reduces the need for more expensive outer loops. Originally suggested by Anton Lavrentiev. Author: Nikos Mavrogiannopoulos Date: Mon Mar 23 19:19:49 2015 +0100 updated gnulib Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 14:01:20 2015 +0100 p11tool: more precise documentation of --set-id parameter Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 11:05:08 2015 +0100 depend on nettle 3.1 or later Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 10:42:48 2015 +0100 tests: updated email check for renamed --verify-email option Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 10:32:29 2015 +0100 gnutls_pkcs11_privkey_generate2: increased the size of ck_attributes Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 10:31:03 2015 +0100 pkcs11: check gnutls_rnd() for error condition Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 10:27:10 2015 +0100 gnutls_pkcs11_privkey_generate2: set a CKA_ID on key generation Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 10:25:59 2015 +0100 p11tool: reduced debugging output Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 09:47:40 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Mar 27 09:47:12 2015 +0100 certtool: --purpose, --hostname were renamed to --verify-purpose, --verify-hostname Author: Nikos Mavrogiannopoulos Date: Thu Mar 26 16:46:43 2015 +0100 p11tool: added --mark-no-sign and --mark-no-decrypt options Author: Nikos Mavrogiannopoulos Date: Thu Mar 26 16:34:46 2015 +0100 pkcs11: added flags to mark keys as not-being signable or decryptable That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during generation or write of keys. Author: Nikos Mavrogiannopoulos Date: Thu Mar 26 16:21:28 2015 +0100 pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key Author: Nikos Mavrogiannopoulos Date: Thu Mar 26 13:16:52 2015 +0100 tests: cleanups in resume-dtls Author: Nikos Mavrogiannopoulos Date: Thu Mar 26 11:26:14 2015 +0100 ext: server_name: move name length check prior to IDN convertion Author: Nikos Mavrogiannopoulos Date: Thu Mar 26 11:04:37 2015 +0100 When an application calls gnutls_server_name_set() with a name of zero size disable the extension Resolves #2 Author: Nikos Mavrogiannopoulos Date: Thu Mar 26 09:25:10 2015 +0100 gnutls_x509_crt_check_hostname2: check CN for match only if certificate would have been acceptable for GNUTLS_KP_TLS_WWW_SERVER Author: Nikos Mavrogiannopoulos Date: Thu Mar 26 09:20:34 2015 +0100 Apply DNS name constraints on CN field only on certificates acceptable for TLS WWW SERVER purpose Suggested by Fotis Loukos. Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 17:10:06 2015 +0100 tests: mini-loss-time is less prone to timeouts Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 15:56:32 2015 +0100 tests: added valgrind suppressions in cert-tests for libidn Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 15:52:15 2015 +0100 certtool: eliminated memory leaks on verification Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 10:39:35 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 10:21:31 2015 +0100 tests: Added email verification tests with certtool Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 10:05:33 2015 +0100 certtool: added the --email option, to use in verification Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 10:04:56 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 09:42:16 2015 +0100 Added gnutls_x509_crt_check_email(), gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 09:02:53 2015 +0100 tests: verify that we accept a certificate with no name even if its CA has nameconstraints Author: Nikos Mavrogiannopoulos Date: Wed Mar 25 08:38:47 2015 +0100 name constraints: when no name of the type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos. Author: Nikos Mavrogiannopoulos Date: Tue Mar 24 10:49:32 2015 +0100 tests: increase the timeout in resume-dtls Author: Nikos Mavrogiannopoulos Date: Tue Mar 24 10:09:43 2015 +0100 gnutls_pkcs11_obj_export3: allow operation when raw.data is NULL and we have a public key Author: Nikos Mavrogiannopoulos Date: Tue Mar 24 09:58:17 2015 +0100 pkcs11: simplified export of objects That also allows to export public keys, even when a CKA_VALUE with the public key is not present. For that we use the key parameters, which we encode into a key. Issue reported by Frank Leavis. Author: Nikos Mavrogiannopoulos Date: Tue Mar 24 08:37:35 2015 +0100 gnulib: removed u64 module Author: Nikos Mavrogiannopoulos Date: Tue Mar 24 08:36:33 2015 +0100 drop support for gnulib's u64 Author: Nikos Mavrogiannopoulos Date: Mon Mar 23 13:09:08 2015 +0100 tests: check legacy RC4 in testcompat That would prevent losing compatibility without detecting it. That is currently the case since it is no longer enabled by default. Author: Nikos Mavrogiannopoulos Date: Mon Mar 23 10:28:28 2015 +0100 tests: added check to verify the correctness of the record function return values Author: Nikos Mavrogiannopoulos Date: Sat Mar 21 11:14:15 2015 +0100 tools: enable compilation with all options disabled Author: Nikos Mavrogiannopoulos Date: Sat Mar 21 11:13:58 2015 +0100 enable compilation with several options disabled Author: Nikos Mavrogiannopoulos Date: Sat Mar 21 10:38:28 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Mar 20 14:04:26 2015 +0100 doc: avoid mentioning pointers when not needed Author: Nikos Mavrogiannopoulos Date: Fri Mar 20 13:46:24 2015 +0100 increase the maximum stack frame the compiler will warn for Author: Nikos Mavrogiannopoulos Date: Fri Mar 20 13:22:43 2015 +0100 doc: avoid using structure for opaque types Author: Nikos Mavrogiannopoulos Date: Fri Mar 20 09:42:28 2015 +0100 tests: include gnutls_ext_s/get_data into tests of mini-extension Author: Nikos Mavrogiannopoulos Date: Fri Mar 20 09:41:59 2015 +0100 updated documentation on non-return value of gnutls_ext_set_data Author: Nikos Mavrogiannopoulos Date: Fri Mar 20 09:35:51 2015 +0100 tests: fixed buffers in mini-dtls0-9 Author: Nikos Mavrogiannopoulos Date: Fri Mar 20 09:32:19 2015 +0100 avoid overflow when receiving DTLS 0.9 CCS Author: Nikos Mavrogiannopoulos Date: Fri Mar 20 08:35:48 2015 +0100 added gnutls_ext_set_data() and gnutls_ext_get_data() As a side effect the type which holds private data was reduced from union to void * pointer. That simplifies the exported API without reducing the options in the internal API. Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 22:04:48 2015 +0100 more files to ignore Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 22:03:22 2015 +0100 set GNUTLS_DTLS_VERSION_MIN to be DTLS0.9 That allows standard DTLS ciphersuites to be used with DTLS0.9 Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:59:06 2015 +0100 tests: added test for DTLS 0.9 Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:30:42 2015 +0100 tests: updated mini-extension Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:29:34 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:27:35 2015 +0100 mention the new functionality briefly in documentation Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:23:29 2015 +0100 mention that the registration functions are not thread safe Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:22:29 2015 +0100 store a copy of the extensions name Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:21:00 2015 +0100 deinitialize supplemental data on deinit Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:15:24 2015 +0100 removed unused epoch change callback Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:12:27 2015 +0100 deinitialize supplemental data on deinit Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:06:14 2015 +0100 reduce warnings Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 21:00:26 2015 +0100 added documentation for the new functions Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 20:47:51 2015 +0100 tests: remove warnings in mini-supplementaldata.c Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 20:46:57 2015 +0100 updated types Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 20:41:03 2015 +0100 more files to ignore Author: Thierry Quemerais Date: Thu Mar 19 20:40:25 2015 +0100 Added a way to add custom supplemental data from public API. Signed-off-by: Thierry Quemerais Author: Thierry Quemerais Date: Thu Mar 19 16:24:15 2015 +0100 Fixed extension test. Signed-off-by: Thierry Quemerais Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 20:35:22 2015 +0100 renamed gnutls_buffer_st -> gnutls_buffer_t Author: Thierry Quemerais Date: Thu Mar 19 20:15:11 2015 +0100 Added a way to add custom extensions from public API. Signed-off-by: Thierry Quemerais Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 20:11:18 2015 +0100 more files to ignore Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 11:43:52 2015 +0100 gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always defined there Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 11:06:28 2015 +0100 inet_ntop replacement: include sys/socket.h Author: Nikos Mavrogiannopoulos Date: Thu Mar 19 11:03:24 2015 +0100 inet_ntop replacement: do not depend on socklen_t Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 22:48:06 2015 +0100 tests: link cipher tests directly with nettle when needed Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 22:39:19 2015 +0100 tests: mini-dtls-record: increase timeouts to avoid failure of test due to slow system Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 19:46:00 2015 +0100 tests: mini-dtls-record: removed the need for 64-bit number Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 19:34:14 2015 +0100 tests: increase verbosity of mini-dtls-record Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 14:05:51 2015 +0100 document the cipher override API Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 13:47:03 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 13:42:55 2015 +0100 added test suite for overriden digests and MACs Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 13:04:43 2015 +0100 Added API to register MAC and digest algorithms. Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 11:46:06 2015 +0100 added test suite for overriden ciphers Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 11:44:26 2015 +0100 Added API to register AEAD and legacy ciphers. Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 11:30:44 2015 +0100 cryptodev: provide the new AEAD API Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 10:34:47 2015 +0100 Added environment variable which can override automatic global initialization Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 10:09:34 2015 +0100 removed unused functions Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 10:07:09 2015 +0100 configure: fail compilation if the minimum required libtasn1 is not present Author: Nikos Mavrogiannopoulos Date: Wed Mar 18 09:53:06 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Mar 16 13:52:05 2015 +0100 tests: long-session-id uses the test framework Author: Nikos Mavrogiannopoulos Date: Tue Mar 17 09:29:52 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Mar 17 09:23:51 2015 +0100 depend on p11-kit 0.23.1 to conform to draft-pechanec-pkcs11uri-21 Author: Nikos Mavrogiannopoulos Date: Mon Mar 16 13:23:20 2015 +0100 tests: fixed shadowed variable in mini-dtls-record Author: Nikos Mavrogiannopoulos Date: Mon Mar 16 11:38:56 2015 +0100 tests: use nanosleep for sleeping Author: Nikos Mavrogiannopoulos Date: Sat Mar 14 08:41:33 2015 +0100 README-alpha: move valgrind to testing tools Author: Nikos Mavrogiannopoulos Date: Sat Mar 14 08:40:29 2015 +0100 updated README-alpha Author: Nikos Mavrogiannopoulos Date: Fri Mar 13 16:30:55 2015 +0100 Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. Author: Nikos Mavrogiannopoulos Date: Fri Mar 13 16:20:54 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Mar 13 16:12:17 2015 +0100 gnutls_priority_init: document that priorities can be NULL Author: Nikos Mavrogiannopoulos Date: Fri Mar 13 13:30:12 2015 +0100 testpkcs11: disallow softhsm 2.0.0b1 from being used to test PKCS #11 Author: Nikos Mavrogiannopoulos Date: Fri Mar 13 13:24:18 2015 +0100 tests: mini-eagain2: call gnutls_handshake_set_timeout() at the proper time Author: Nikos Mavrogiannopoulos Date: Fri Mar 13 10:10:23 2015 +0100 added libasan as dependency Author: Nikos Mavrogiannopoulos Date: Fri Mar 13 09:52:15 2015 +0100 corrected self test for 3DES Author: Nikos Mavrogiannopoulos Date: Thu Mar 12 06:58:02 2015 +0100 pkcs11: correctly set the size of type Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 22:51:25 2015 +0100 pkcs11: combined the fill for object attributes set Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 22:35:53 2015 +0100 pkcs11: only set ID and label when both size and data are set Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 16:14:32 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 16:10:46 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 16:10:36 2015 +0100 p11tool: exit with non-zero reason if no objects are found Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 16:02:44 2015 +0100 tests: added checks for p11tool --set-id and --set-label Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 16:02:21 2015 +0100 p11tool: added --set-id and --set-label options Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 14:49:04 2015 +0100 added gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the CKA_LABEL of an object. Resolves #1 Author: Nikos Mavrogiannopoulos Date: Wed Mar 11 09:30:37 2015 +0100 Added check for GNUTLS-SA-2015-1 Author: Nikos Mavrogiannopoulos Date: Mon Mar 9 22:31:38 2015 +0100 tests: removed test with invalid DER encoding in chainverify These certificates are now rejected earlier. Author: Nikos Mavrogiannopoulos Date: Mon Mar 9 22:31:03 2015 +0100 tests: added a check for certificates with invalid DER encodings Author: Nikos Mavrogiannopoulos Date: Mon Mar 9 22:19:33 2015 +0100 x509: use libtasn1's strict DER decoding rules in network obtained structures Author: Nikos Mavrogiannopoulos Date: Mon Mar 9 21:57:25 2015 +0100 depend on libtasn1 4.3 Author: Nikos Mavrogiannopoulos Date: Mon Mar 9 21:54:13 2015 +0100 minitasn1: updated to libtasn1 4.3 Author: Nikos Mavrogiannopoulos Date: Mon Mar 9 19:09:34 2015 +0100 rearranged internal documentation Author: Nikos Mavrogiannopoulos Date: Mon Mar 9 12:38:52 2015 +0100 tools: added ftp as a starttls protocol Author: Nikos Mavrogiannopoulos Date: Mon Mar 9 12:38:01 2015 +0100 gnutls-cli: starttls and starttls-proto can't mix Author: Nikos Mavrogiannopoulos Date: Sat Mar 7 19:58:00 2015 +0100 expand on SECURE256 being an alias to SECURE192 Author: Nikos Mavrogiannopoulos Date: Sat Mar 7 13:10:53 2015 +0100 tests: do not run polarssl interop test on VIA Author: Nikos Mavrogiannopoulos Date: Sat Mar 7 13:08:47 2015 +0100 use common license in all testcompat scripts Author: Nikos Mavrogiannopoulos Date: Sat Mar 7 11:47:19 2015 +0100 removed unused function Author: Nikos Mavrogiannopoulos Date: Sat Mar 7 09:56:10 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 18:02:28 2015 +0100 README-alpha is README.md on repository It contains information for developers. Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 18:00:41 2015 +0100 Revert "auto-generate README from README.md" This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd. Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 17:36:15 2015 +0100 cleaned up licensing Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 17:32:10 2015 +0100 auto-generate README from README.md Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 17:17:53 2015 +0100 Revert "added README.md as link to README" This reverts commit 041d4f947eb6937d4af62eb35055668825c36833. Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 17:17:26 2015 +0100 added README.md as link to README Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 17:15:41 2015 +0100 Revert "renamed README files" This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5. Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 17:14:50 2015 +0100 renamed README files Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 17:12:09 2015 +0100 README: converted to mark-down Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 15:58:37 2015 +0100 gnutls-cli-debug: corrected check of certificate chain order Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 15:52:01 2015 +0100 tests: added small test to verify that GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 15:42:40 2015 +0100 gnutls-cli-debug: disable unsupported TLS protocols as soon Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 15:30:42 2015 +0100 cli sockets: check for a digit prior using atoi Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 15:14:14 2015 +0100 gnutls-cli-debug: a cert list of size 1 is always sorted Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 15:11:35 2015 +0100 gnutls-cli-debug: do not warn multiple times about unknown protocols Author: Nikos Mavrogiannopoulos Date: Fri Mar 6 10:52:32 2015 +0100 updated documentation on FIPS140-2 Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 22:30:31 2015 +0100 tests: speed up testcompat check by remove less important options Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 22:27:51 2015 +0100 tests: updated paths for softhsm detection Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 22:16:34 2015 +0100 README: mention nodejs Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 21:04:58 2015 +0100 configure: check for /usr/share/dns/root.key as well for dns root key Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 21:03:20 2015 +0100 README: mention dependency on dns-root-data Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 19:03:34 2015 +0100 tests: don't perform the overflow check in 32-bit systems Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 18:46:44 2015 +0100 tests: date parsing test was modified to work in 32-bit systems Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 18:59:25 2015 +0100 certtool: in 32-bit systems use PRIu64 to print 64-bit values Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 18:56:34 2015 +0100 certtool: exit when there is an overflow in parsing days Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 11:40:17 2015 +0100 README: mention that openssl and polarssl will be used for interop testing Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 10:40:20 2015 +0100 Revert "tests: increased the retries with datefudge cert generation" This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869. Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 10:40:10 2015 +0100 Revert "tests: template-test: added a baseline check to detect slow systems" This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377. Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 09:25:58 2015 +0100 tests: template-test: added a baseline check to detect slow systems Author: Nikos Mavrogiannopoulos Date: Thu Mar 5 08:09:54 2015 +0100 tests: increased the retries with datefudge cert generation There are slow systems that are not always capable of generating the certificate within a single second. Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 23:25:56 2015 +0100 add bison as a dependency Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 22:45:09 2015 +0100 build documentation last That allows the examples to depend on libgnu_gpl.la Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 20:50:37 2015 +0100 list unbound dependency for DANE Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 20:44:29 2015 +0100 tests: removed dane hosts which don't behave well Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 20:37:32 2015 +0100 updated instructions for installed packages Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 17:24:20 2015 +0100 latex doc: updated copyright dates Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 17:23:32 2015 +0100 updated copyright date Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 14:59:58 2015 +0100 use asn1_decode_simple_ber if available Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 11:25:30 2015 +0100 corrected typo Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 10:47:30 2015 +0100 mention libidn Author: Ilya V. Matveychikov Date: Wed Mar 4 03:25:42 2015 +0300 asn1random.pl: generate simple tags only Do not emit tags with numbers greater than or equal 31 as they must be encoded an octet sequence (ref X.690-0207 # 8.1.2.4) Signed-off-by: Ilya V. Matveychikov Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 10:07:01 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 22:24:23 2015 +0100 tests: added checks for invalid X.509 certificate signatures Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 08:20:35 2015 +0100 added the change of priority string NORMAL in documentation Author: Nikos Mavrogiannopoulos Date: Wed Mar 4 08:15:16 2015 +0100 document the usage of a PKCS #11 trust module for verification Author: Nikos Mavrogiannopoulos Date: Tue Mar 3 19:44:38 2015 +0100 tests: updated the suite to account for the removal of DSA by default Author: Nikos Mavrogiannopoulos Date: Tue Mar 3 18:52:22 2015 +0100 tests: updated the suite to account for the removal of DSA by default Author: Nikos Mavrogiannopoulos Date: Tue Mar 3 18:51:22 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Mar 3 17:44:00 2015 +0100 cross-implementation test suite was relicensed to 3-clause BSD That way the suite can be used by projects with other licenses. Author: Nikos Mavrogiannopoulos Date: Tue Mar 3 09:34:26 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Mar 3 09:31:16 2015 +0100 DSA signatures and DHE-DSS are disabled by default DSA was an algorithm that was never deployed on the Internet and had, until very recently, several limitations such as restriction of its keys to 1024 bits, SHA1-only etc. Given that there are literally 0 internet (HTTPS) certificates using DSA, there is no point to enable it by default and increase our attack surface. Author: Nikos Mavrogiannopoulos Date: Mon Mar 2 08:12:28 2015 +0100 gnutls-cli: include AES_128_CCM in benchmark-ciphers Author: Nikos Mavrogiannopoulos Date: Sat Feb 28 12:55:09 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Feb 28 12:22:10 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Feb 28 09:43:16 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Feb 28 09:33:12 2015 +0100 bundle inet_ntop in systems that don't have it Author: Nikos Mavrogiannopoulos Date: Fri Feb 27 16:31:50 2015 +0100 updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Fri Feb 27 16:26:34 2015 +0100 removed gnutls_pubkey_get_verify_algorithm from abstract.h Author: Nikos Mavrogiannopoulos Date: Thu Feb 26 13:03:35 2015 +0100 corrected typo in gnutls_handshake(), spotted by Andris Mednis Author: Nikos Mavrogiannopoulos Date: Tue Feb 24 10:28:26 2015 +0100 doc update: document that session_get_data() must be used in non-resumed sessions Author: Nikos Mavrogiannopoulos Date: Mon Feb 23 13:50:00 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sun Feb 22 11:47:25 2015 +0100 added comments Author: Nikos Mavrogiannopoulos Date: Sun Feb 22 11:39:49 2015 +0100 Use p11_kit_uri_get_pin_value() if available in p11-kit Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 12:00:13 2015 +0100 fixed handling of GNUTLS_E_INT_CHECK_AGAIN Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 11:50:40 2015 +0100 removed unnecessary check and optimized function Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 11:46:13 2015 +0100 corrected check which prevented client to sent an unacceptable for the version ciphersuite Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 11:40:50 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 11:38:49 2015 +0100 tests: mini-key-material: avoid memory leak Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 11:35:04 2015 +0100 tests: require DTLS 1.2 when using GCM Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 11:32:36 2015 +0100 handle GNUTLS_E_INT_CHECK_AGAIN Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 11:28:57 2015 +0100 check the negotiated TLS/DTLS version prior to offering a ciphersuite a server Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 10:57:14 2015 +0100 remove unnecessary assert Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 10:53:25 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 10:51:49 2015 +0100 tests: modified tests with obsolete APIs with their replacement API Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 07:35:21 2015 +0100 doc: added deprecated functions into upgrade plan Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 07:35:01 2015 +0100 tests: added checks for gnutls_x509_crt_get_signature_algorithm and gnutls_x509_crt_get_preferred_hash_algorithm Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 07:25:24 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 07:24:13 2015 +0100 removed gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 07:13:37 2015 +0100 removed gnutls_x509_crt_get_verify_algorithm() Author: Nikos Mavrogiannopoulos Date: Sat Feb 21 07:07:54 2015 +0100 removed gnutls_pubkey_verify_hash() and gnutls_pubkey_verify_data() Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 23:47:25 2015 +0100 certtool: use unsigned for bits Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 23:46:35 2015 +0100 certtool/p11tool: avoid cast to function call Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 23:42:47 2015 +0100 certtool: allow specifying a purpose and a hostname for chain verification Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 22:17:15 2015 +0100 tests: added check for invalid X.509 certificate Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 17:09:57 2015 +0100 tests: added check for gnutls_record_get_state() Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 17:09:34 2015 +0100 removed unused constants Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 16:58:41 2015 +0100 memcpy fix in gnutls_record_get_state Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 16:23:33 2015 +0100 removed ltmain.sh from root Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 11:18:45 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 11:16:44 2015 +0100 Added gnutls_record_get_state() and gnutls_record_set_state() These functions allow to export the key material and sequence numbers. That allows offloading the sending and receiving of individual records. Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 11:13:55 2015 +0100 fixed sequence number copy Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 10:56:54 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Feb 20 10:56:35 2015 +0100 gnutls_handshake_set_hook_function: will provide the raw handshake data Author: Nikos Mavrogiannopoulos Date: Wed Feb 18 23:04:24 2015 +0100 use explicit casts to unsigned int in the CURVE_TO_BITS et al Author: Nikos Mavrogiannopoulos Date: Wed Feb 18 22:55:38 2015 +0100 use cast in _gnutls_hash_fast Author: Nikos Mavrogiannopoulos Date: Tue Feb 17 14:20:10 2015 +0100 when importing a certificate ensure that the signature parameters match Author: Nikos Mavrogiannopoulos Date: Sat Feb 14 18:02:01 2015 +0100 Allow AESNI GCM accelaration in x86 Author: Nikos Mavrogiannopoulos Date: Fri Feb 6 20:22:42 2015 +0100 gnutls-cli: added --save-cert option Author: Nikos Mavrogiannopoulos Date: Thu Feb 5 05:39:13 2015 +0100 added missing prototypes Author: Nikos Mavrogiannopoulos Date: Wed Feb 4 10:14:55 2015 +0100 handle differently OCSP responses that are revoked and of unknown status Author: Nikos Mavrogiannopoulos Date: Sun Feb 1 13:35:40 2015 +0100 compilation fix with return on void function; reported by David Marx Author: Nikos Mavrogiannopoulos Date: Thu Jan 29 14:31:08 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Thu Jan 29 14:21:18 2015 +0100 set the appropriate direction when _gnutls_io_write_flush() is called Author: Nikos Mavrogiannopoulos Date: Wed Jan 28 10:32:16 2015 +0100 tests: added check for operation under different threads and DTLS Author: Nikos Mavrogiannopoulos Date: Wed Jan 28 10:22:37 2015 +0100 tests: added check for operation under different processes and DTLS Author: Nikos Mavrogiannopoulos Date: Wed Jan 28 09:57:13 2015 +0100 Revert "doc update" This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7. Author: Nikos Mavrogiannopoulos Date: Wed Jan 28 09:56:56 2015 +0100 Revert "Added gnutls_record_is_async()" This reverts commit 2232822aabe473d124f924d64ff52981d685fd41. Author: Nikos Mavrogiannopoulos Date: Wed Jan 28 09:56:21 2015 +0100 documented using a session with fork or multiple threads Author: Nikos Mavrogiannopoulos Date: Tue Jan 27 13:07:19 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Jan 27 13:06:10 2015 +0100 Added gnutls_record_is_async() That function indicates whether gnutls_record_recv() and gnutls_record_send() can be used independently and in parallel. Author: Nikos Mavrogiannopoulos Date: Sun Jan 25 10:17:06 2015 +0100 print errno in a more uniform way Author: Nikos Mavrogiannopoulos Date: Sun Jan 25 08:28:13 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sun Jan 25 08:27:08 2015 +0100 exported gnutls_system_recv_timeout() Author: Nikos Mavrogiannopoulos Date: Sun Jan 25 08:15:01 2015 +0100 simplified _gnutls_writev() by requiring the total length Author: Nikos Mavrogiannopoulos Date: Tue Jan 20 09:39:44 2015 +0100 opencdk: small fixed to reduce warnings Author: Nikos Mavrogiannopoulos Date: Mon Jan 19 15:36:22 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Jan 19 15:32:09 2015 +0100 don't be so verbose about the OCSP nonce; it is universally unsupported Author: Tim Rühsen Date: Sat Jan 17 14:32:35 2015 +0100 OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Mon Jan 19 09:29:31 2015 +0100 on certificate import check whether the two signature algorithms match Author: Nikos Mavrogiannopoulos Date: Sat Jan 17 09:49:17 2015 +0100 cross.mk: use 3.3.12 Author: Nikos Mavrogiannopoulos Date: Sat Jan 17 09:01:37 2015 +0100 doc update Author: Luke Dashjr Date: Mon Jan 12 19:32:38 2015 +0000 Added configure option --disable-tools Author: Nikos Mavrogiannopoulos Date: Fri Jan 16 15:54:53 2015 +0100 corrected typos Reported by Guido Kroon. Author: Nikos Mavrogiannopoulos Date: Fri Jan 16 14:16:58 2015 +0100 Added the notion of obsolete versions That prevents using these versions as record version numbers, unless they are the only protocol supported. This avoids the issues with servers that have banned SSL 3.0 record versions. Author: Nikos Mavrogiannopoulos Date: Fri Jan 16 10:16:47 2015 +0100 ocsptool: follow the documented process for gnutls_x509_crt_get_authority_info_access Author: Nikos Mavrogiannopoulos Date: Fri Jan 16 10:15:08 2015 +0100 gnutls_x509_crt_get_authority_info_access: doc update Author: Nikos Mavrogiannopoulos Date: Thu Jan 15 15:49:53 2015 +0100 ocsptool-common: iterate through all AIA items prior to decidig the OCSP server Author: Nikos Mavrogiannopoulos Date: Wed Jan 14 08:11:17 2015 +0100 use a FIPS key that agree's with fedora's fipshmac Author: Nikos Mavrogiannopoulos Date: Wed Jan 14 22:51:55 2015 +0100 DCO: Added Luke Dashjr Author: Nikos Mavrogiannopoulos Date: Tue Jan 13 22:47:59 2015 +0100 simplified text for inline-commands-prefix Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 23:14:35 2015 +0100 gnutls-cli: added --starttls-proto option Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 17:28:50 2015 +0100 pkcs11: cleanup the name of types Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 17:19:48 2015 +0100 tests: updates in softhsm detection Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 17:12:56 2015 +0100 pkcs11: when importing a public key, import it's data as well (version 2 fix) Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 17:02:03 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 11:50:53 2015 +0100 testpkcs11: do not ignore the failure to write a trusted CA Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 11:17:24 2015 +0100 removed gnutls_pubkey_get_pk_* from the exported function list Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 10:33:21 2015 +0100 tests: key-import-export: enhanced to test gnutls_pubkey_*_ecc_x962 Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 10:32:13 2015 +0100 gnutls_pubkey_t: allow the import of another parameter set without a leak Author: Nikos Mavrogiannopoulos Date: Mon Jan 12 10:19:47 2015 +0100 removed ABI-compatibility functions Author: Nikos Mavrogiannopoulos Date: Fri Jan 9 13:59:34 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sun Jan 11 22:41:01 2015 +0100 testpkcs11: modified to support both softhsmv1 and v2 Author: Nikos Mavrogiannopoulos Date: Sun Jan 11 22:15:10 2015 +0100 pkcs11: when importing a public key, import it's data as well Author: Nikos Mavrogiannopoulos Date: Sun Jan 11 18:00:38 2015 +0100 tests: enhanced key-import-export to check output of pubkeys Author: Nikos Mavrogiannopoulos Date: Sun Jan 11 16:25:01 2015 +0100 tests: eliminated leaks Author: Nikos Mavrogiannopoulos Date: Sun Jan 11 16:16:49 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sun Jan 11 16:06:26 2015 +0100 tests: added checks for private key import/export functions Author: Nikos Mavrogiannopoulos Date: Sat Jan 10 21:56:21 2015 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Jan 10 12:13:29 2015 +0100 tests: Added test case for openpgp keys loaded by callback Author: Nikos Mavrogiannopoulos Date: Sat Jan 10 12:12:25 2015 +0100 When setting up TLS with cert-type OpenPGP from a client, the server verifies if it supports the extension’s contents in _gnutls_session_cert_type_supported(). This function checks for cred->get_cert_callback but not cred->get_cert_callback2. As a result, servers setup for OpenPGP certificate credential callback with gnutls_certificate_set_retrieve_function2() are unable to use the OpenPGP certificate type. The solution is to consider cred->get_cert_callback2 alongside cred->get_cert_callback in _gnutls_session_cert_type_supported(). Patch by Rick van Rein. Author: Nikos Mavrogiannopoulos Date: Sat Jan 10 11:56:48 2015 +0100 gnutls_privkey_import_openpgp_raw: do not release the cached value Author: Ludovic Courtès Date: Thu Jan 8 10:18:07 2015 +0100 guile: Call 'load-extension' both during expansion and at run time. Fixes . * guile/modules/gnutls.in: Wrap '%libdir' definition and 'load-extension' call in 'eval-when'. Author: Nikos Mavrogiannopoulos Date: Thu Jan 8 09:35:59 2015 +0100 When receiving a TLS record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712 Author: Nikos Mavrogiannopoulos Date: Thu Jan 8 09:25:15 2015 +0100 tests: updated mini-dtls-record-asym Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 21:36:33 2015 +0100 tests: better documentation of mini-dtls-record-asym purpose Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 21:27:14 2015 +0100 tests: moved udp_socketpair to utils Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 21:22:02 2015 +0100 tests: corrected asymmetric MTU test for DTLS and added caching Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 17:32:44 2015 +0100 Added test case for DTLS handshake packet reconstruction when it exceeds MTU https://savannah.gnu.org/support/?108712 Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 17:18:57 2015 +0100 simplified _gnutls_dgram_read() Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 13:39:19 2015 +0100 danetool: only compile when dane is enabled Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 10:17:14 2015 +0100 in DTLS don't combine multiple packets which exceed MTU Resolves: https://savannah.gnu.org/support/?108715 Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 10:01:47 2015 +0100 Added more precise check of push functions availability Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 09:59:33 2015 +0100 Revert "in DTLS don't use writev() when multiple packets which exceed MTU are queued" This reverts commit 43082a67c7514d65301d157fb567a133138a85ab. Author: Nikos Mavrogiannopoulos Date: Tue Jan 6 09:59:25 2015 +0100 Revert "Give precedence to vector push function" This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5. Author: Nikos Mavrogiannopoulos Date: Mon Jan 5 15:08:28 2015 +0100 Give precedence to vector push function Author: Nikos Mavrogiannopoulos Date: Mon Jan 5 15:08:28 2015 +0100 in DTLS don't use writev() when multiple packets which exceed MTU are queued That change requires the system_write() to be registered unconditionally, even when writev() is available. Resolves: https://savannah.gnu.org/support/?108715 Author: Nikos Mavrogiannopoulos Date: Mon Jan 5 16:28:58 2015 +0100 tests: added check to ensure that DTLS handshake packets will not exceed MTU Author: Nikos Mavrogiannopoulos Date: Mon Jan 5 16:21:57 2015 +0100 certtool: warn when setting a certificate's expiration longer than the CA's expiration Author: Nikos Mavrogiannopoulos Date: Mon Jan 5 15:01:22 2015 +0100 testpkcs11: detect softhsm2 Author: Nikos Mavrogiannopoulos Date: Mon Jan 5 14:40:51 2015 +0100 tests: account for disabling of ARCFOUR where needed Author: Nikos Mavrogiannopoulos Date: Sun Jan 4 23:19:33 2015 +0100 certtool: modified check for READ_NUMERIC Author: Nikos Mavrogiannopoulos Date: Sun Jan 4 22:46:16 2015 +0100 certtool: use 64-bit type for CRL serial number Author: Nikos Mavrogiannopoulos Date: Sun Jan 4 22:43:00 2015 +0100 certtool: check for overflows when reading serial numbers Author: Nikos Mavrogiannopoulos Date: Sun Jan 4 20:44:21 2015 +0100 certtool: use int64_t as type for integers read Author: Nikos Mavrogiannopoulos Date: Sun Jan 4 20:30:39 2015 +0100 gnutls-cli-debug: more precise handling of SMTP protocol Patch by Andreas Metzler. Author: Nikos Mavrogiannopoulos Date: Sun Jan 4 11:11:51 2015 +0100 updated gnulib Author: Nikos Mavrogiannopoulos Date: Fri Jan 2 12:49:55 2015 +0200 gnutls-cli-debug: corrected the skip of ignored checks Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 22:50:17 2014 +0200 use explicit casts in the dummy ip conversion functions Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 22:41:24 2014 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 22:40:55 2014 +0200 ARCFOUR-128 is disabled by default Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 22:38:51 2014 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 16:53:57 2014 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 12:48:06 2014 +0200 system-keys-win: use LoadLibraryA to load ncrypt.dll Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 12:23:04 2014 +0200 Updated abi-compliance-checker for 3.4 API Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 12:17:51 2014 +0200 updated export symbols list (due to ABI breakage) Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 12:15:16 2014 +0200 doc: updated auto-generated files Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 12:09:41 2014 +0200 generate manpages for urls.h and system-keys.h Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 12:07:37 2014 +0200 tests: added check for gnutls_x509_trust_list_get_issuer_by_dn() Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 12:00:11 2014 +0200 updated libgnutls.map for new functions Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 11:49:40 2014 +0200 doc: updated auto-generated files and added urls.h Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 11:17:55 2014 +0200 tests: added checks for the new --key-id and --fingerprint certtool options Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 11:11:40 2014 +0200 certtool: Added --fingerprint and --key-id options Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 10:00:11 2014 +0200 certtool: --pubkey-info will load a public key from stdin Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 09:40:03 2014 +0200 include netinet/in.h if present to access ipv6 related structures Based on patch by Rumko. https://savannah.gnu.org/support/?108713 Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 09:34:24 2014 +0200 VERS-ALL adds all protocols if used with '+' Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 09:14:15 2014 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 09:04:27 2014 +0200 priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols That introduces VERS-ALL which behaves as VERS-TLS-ALL previously. Author: Nikos Mavrogiannopoulos Date: Wed Dec 31 08:49:13 2014 +0200 gnutls.h: made DTLS protocol version numbering distinct Author: Matthias-Christian Ott Date: Tue Dec 30 11:58:43 2014 +0200 Don't call _gnutls_cipher_encrypt2 with textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher, _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in this case and thus does not need to be called. Author: Matthias-Christian Ott Date: Tue Dec 30 11:57:36 2014 +0200 Handle zero length plaintext for VIA PadLock functions If the plaintext is shorter than the block size of the used cipher, _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the plaintext length (last parameter) is greater than zero and segfault otherwise. The assembler code for both functions is automatically generated and imported from OpenSSL, so to ease maintenance the length should be validated in the functions that call padlock_ecb_encrypt or padlock_cbc_encrypt. Author: Nikos Mavrogiannopoulos Date: Sun Dec 28 13:29:57 2014 +0200 use backslashes in windows path Author: Nikos Mavrogiannopoulos Date: Sun Dec 28 11:14:47 2014 +0200 tests: enhanced openpgp-keyring test Author: Nikos Mavrogiannopoulos Date: Sun Dec 28 11:13:10 2014 +0200 openpgp: properly print names in oneline output as well Author: Nikos Mavrogiannopoulos Date: Sun Dec 28 11:11:18 2014 +0200 updates in openpgp DSA key printing Author: Nikos Mavrogiannopoulos Date: Sun Dec 28 10:59:23 2014 +0200 properly print openpgp names Author: Nikos Mavrogiannopoulos Date: Sun Dec 28 10:47:37 2014 +0200 opencdk: print all warnings on compilation Author: Nikos Mavrogiannopoulos Date: Sun Dec 28 10:47:20 2014 +0200 opencdk: eliminated warning from armor.c Author: Nikos Mavrogiannopoulos Date: Sun Dec 28 10:45:30 2014 +0200 removed cache support for opencdk's keydb It's implementation looked buggy. Author: Nikos Mavrogiannopoulos Date: Sat Dec 27 22:41:53 2014 +0200 updated guile comments Author: Nikos Mavrogiannopoulos Date: Thu Dec 25 00:16:17 2014 +0200 tools: use OCSP functions only when OCSP is enabled Author: Nikos Mavrogiannopoulos Date: Wed Dec 24 19:08:54 2014 +0200 Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and gnutls_pubkey_import_ecc_x962(). Author: Nikos Mavrogiannopoulos Date: Wed Dec 24 18:34:04 2014 +0200 tools: document the available curves Author: Nikos Mavrogiannopoulos Date: Wed Dec 24 08:54:19 2014 +0200 PKCS #11 tests: ported to softhsmv2 The C programs still rely on softhsmv1 since there are issues with softhsmv2 and CKA_TRUSTED. https://bugzilla.redhat.com/show_bug.cgi?id=1177086 Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 18:33:22 2014 +0200 updated documentation of gnutls_memcmp() Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 13:41:35 2014 +0200 use everywhere the new name of gnutls_x509_crt_import_pkcs11_url Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 13:29:13 2014 +0200 better cleanup in gnutls_pkcs11_privkey_import_url and allow reuse Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 12:54:23 2014 +0200 completely separated the two gnulibs to avoid conflicts Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 12:40:17 2014 +0200 updated gnulib Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 12:28:03 2014 +0200 dropped the sanitize URL approach Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 12:24:35 2014 +0200 Instead of sanitizing URLs, use hints to support incomplete PKCS#11 URIs Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 12:04:45 2014 +0200 gnutls_x509_crt_import_url replaces gnutls_x509_crt_import_pkcs11_url Author: Nikos Mavrogiannopoulos Date: Tue Dec 23 08:52:24 2014 +0200 use p11_kit_uri_get_pin_source instead of p11_kit_uri_get_pinfile Author: Nikos Mavrogiannopoulos Date: Mon Dec 22 12:16:05 2014 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Mon Dec 22 11:59:41 2014 +0200 ex-pkcs11-list.c: updated for new API Author: Nikos Mavrogiannopoulos Date: Mon Dec 22 11:43:49 2014 +0200 combined gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags That was done in an API-backwards compatible way. That introduces gnutls_pkcs11_obj_list_import_url3() and gnutls_pkcs11_obj_list_import_url4(). Author: Nikos Mavrogiannopoulos Date: Sun Dec 21 20:33:22 2014 +0200 first attempt to unify obj_attrs with obj_flags Author: Nikos Mavrogiannopoulos Date: Sun Dec 21 19:33:53 2014 +0200 tests: pkcs11-is-known checks whether the import of PKCS #11 objects as trusted certs works Author: Nikos Mavrogiannopoulos Date: Sun Dec 21 13:16:17 2014 +0200 Added softhsm.h to share code in softhsm detection Author: Nikos Mavrogiannopoulos Date: Sun Dec 21 13:00:53 2014 +0200 Directly import PKCS #11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a token URL, but rather a direct reference to specific objects. Author: Nikos Mavrogiannopoulos Date: Sat Dec 20 20:37:35 2014 +0200 PSK: added sanity check on PSK key size set Author: Nikos Mavrogiannopoulos Date: Fri Dec 19 12:56:11 2014 +0200 gnutls-cli-debug: removed ARCFOUR-40 from the ciphers to use It is no longer supported. Author: Nikos Mavrogiannopoulos Date: Fri Dec 19 12:07:17 2014 +0200 _gnutls_buffer_append_data returns zero on success Author: Nikos Mavrogiannopoulos Date: Fri Dec 19 10:40:58 2014 +0200 corrected documentation for the cork/uncork functions Reported by Jaak Ristioja. Author: Nikos Mavrogiannopoulos Date: Fri Dec 19 10:35:10 2014 +0200 doc update Author: Nikos Mavrogiannopoulos Date: Fri Dec 19 10:25:40 2014 +0200 Added more precise version check in _gnutls_version_lowest Author: Nikos Mavrogiannopoulos Date: Fri Dec 19 08:56:44 2014 +0200 corrected documentation of gnutls_cork() Author: Nikos Mavrogiannopoulos Date: Wed Dec 17 14:50:52 2014 +0200 Added 32-bit overflow protection in _gnutls_buffer_append_data() Author: Jaak Ristioja Date: Wed Dec 17 13:55:10 2014 +0200 Remove redundant condition in align_allocd_with_data(). At all call-sites of align_allocd_with_data() dest->data is non-NULL. Signed-off-by: Jaak Ristioja Author: Jaak Ristioja Date: Wed Dec 17 13:55:09 2014 +0200 Deduplicated some code in _gnutls_buffer_append_data(). Signed-off-by: Jaak Ristioja Author: Jaak Ristioja Date: Wed Dec 17 13:55:07 2014 +0200 Explicitly marked some variables const in _gnutls_buffer_append_data(). Signed-off-by: Jaak Ristioja Author: Nikos Mavrogiannopoulos Date: Wed Dec 17 14:37:31 2014 +0200 DCO: added Jaak Ristioja Author: Nikos Mavrogiannopoulos Date: Tue Dec 16 22:36:17 2014 +0200 test-ciphers: do not fail on processor which don't have the AES-NI instructions Author: Nikos Mavrogiannopoulos Date: Tue Dec 16 15:39:24 2014 +0100 _gnutls_buffer_*: moved common operations to function Author: Nikos Mavrogiannopoulos Date: Tue Dec 16 15:35:10 2014 +0100 _gnutls_buffer_append_data: moved common code outside the if-clause Author: Nikos Mavrogiannopoulos Date: Fri Dec 12 18:42:04 2014 +0100 tests: disable SSL 3.0 checks with polarssl It seems that SSL 3.0 is disabled in Debian's polarssl. Author: Nikos Mavrogiannopoulos Date: Fri Dec 12 18:41:50 2014 +0100 testdane: removed www.vulcano.cl from good hosts Author: Nikos Mavrogiannopoulos Date: Thu Dec 4 14:26:05 2014 +0100 tests: enhanced x509cert-tl Verify gnutls_x509_trust_list_verify_crt2() in combination with gnutls_x509_trust_list_add_named_crt(). Author: Nikos Mavrogiannopoulos Date: Thu Dec 4 14:21:46 2014 +0100 use gnutls_x509_trust_list_verify_named_crt in gnutls_x509_trust_list_verify_crt2 Author: Ludovic Courtès Date: Fri Dec 12 14:24:14 2014 +0100 Update 'NEWS'. Author: Nikos Mavrogiannopoulos Date: Fri Dec 12 09:35:29 2014 +0100 gnutls_rnd: doc update Author: Nikos Mavrogiannopoulos Date: Fri Dec 12 08:48:24 2014 +0100 gnutls_pkcs12_simple_parse: doc update Author: Nikos Mavrogiannopoulos Date: Fri Dec 12 08:26:53 2014 +0100 improved documentation on dane Author: Ludovic Courtès Date: Thu Dec 11 19:06:18 2014 +0100 guile: Open binary file in binary mode, for the sake of MinGW. Reported by Eli Zaretskii . * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead of 'open-input-file'. Author: Ludovic Courtès Date: Thu Dec 11 19:04:17 2014 +0100 guile: Link with '-no-undefined'. Fixes builds on MinGW. Reported by Eli Zaretskii . * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add -no-undefined. Author: Nikos Mavrogiannopoulos Date: Thu Dec 11 19:03:28 2014 +0100 p11tool: use Sleep() in windows Author: Nikos Mavrogiannopoulos Date: Thu Dec 11 19:01:16 2014 +0100 certtool: ensure that default_serial_int is 64-bits or more Author: Nikos Mavrogiannopoulos Date: Thu Dec 11 18:59:27 2014 +0100 use select() instead of alarm for better portability Based on patch by Eli Zaretskii. Author: Nikos Mavrogiannopoulos Date: Thu Dec 11 18:53:21 2014 +0100 cross.mk: updated for 3.3.11 Author: Nikos Mavrogiannopoulos Date: Thu Dec 11 10:15:54 2014 +0100 Allow a random generator with the same priority to re-register That corrects an issue where the library is deinitialized, and reinitialization wouldn't register the same rnd module. Reported by Stanislav Zidek. Author: Nikos Mavrogiannopoulos Date: Thu Dec 11 09:27:58 2014 +0100 tests: x509cert: verify that length returned from gnutls_x509_crt_get_dn matches strlen Author: Nikos Mavrogiannopoulos Date: Thu Dec 11 06:08:33 2014 +0100 testcompat: corrected usage of null cipher Author: Nikos Mavrogiannopoulos Date: Wed Dec 10 15:40:49 2014 +0100 added the .check function in FIPS140-2 code Author: Nikos Mavrogiannopoulos Date: Mon Dec 8 23:30:07 2014 +0100 corrected typo Author: Nikos Mavrogiannopoulos Date: Sat Dec 6 10:48:52 2014 +0100 configure: added option --without-idn Author: Nikos Mavrogiannopoulos Date: Sat Dec 6 10:46:24 2014 +0100 accelerated: added required casts Author: Nikos Mavrogiannopoulos Date: Sat Dec 6 10:40:48 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Dec 6 10:40:09 2014 +0100 the priority string EXPORT is no more Author: Nikos Mavrogiannopoulos Date: Sat Dec 6 10:27:00 2014 +0100 aesni-ccm: removed unused struct entries Author: Nikos Mavrogiannopoulos Date: Sat Dec 6 09:41:08 2014 +0100 added AESNI accelerated CCM Author: Nikos Mavrogiannopoulos Date: Sat Dec 6 09:33:20 2014 +0100 more nettle3 related changes Author: Nikos Mavrogiannopoulos Date: Fri Dec 5 19:58:42 2014 +0100 dane: use the new _gnutls_buffer_to_datum Author: Nikos Mavrogiannopoulos Date: Fri Dec 5 10:36:34 2014 +0100 tests: corrected the expected lengths in ocsp Author: Nikos Mavrogiannopoulos Date: Fri Dec 5 10:31:41 2014 +0100 _gnutls_buffer_to_datum: includes code for exporting strings Author: Nikos Mavrogiannopoulos Date: Fri Dec 5 10:04:50 2014 +0100 when the trusted list contains a non-CA certificate warn via the audit log Author: Nikos Mavrogiannopoulos Date: Fri Dec 5 09:52:40 2014 +0100 modified the CCM ciphersuite's name to match the one in the IANA registry Author: Nikos Mavrogiannopoulos Date: Fri Dec 5 09:52:14 2014 +0100 ciphersuite test: enhanced check for correct ciphersuites Author: Nikos Mavrogiannopoulos Date: Fri Dec 5 09:35:46 2014 +0100 ciphersuites tests: add missing includes Author: Nikos Mavrogiannopoulos Date: Fri Dec 5 09:00:04 2014 +0100 ciphersuite tests: define HAVE_CONFIG_H Author: Ludovic Courtès Date: Thu Dec 4 22:15:57 2014 +0100 guile: Build with warnings. * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra -Wno-unused-parameter. Author: Ludovic Courtès Date: Thu Dec 4 22:14:57 2014 +0100 guile: Remove the deprecated priority API. * guile/modules/gnutls/build/priorities.scm: Remove. * guile/src/make-session-priorities.scm: Remove. * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly. * guile/src/Makefile.am (EXTRA_DIST): Likewise. (GENERATED_BINDINGS): Remove 'priorities.i.c'. (priorities.i.c): Remove target. * guile/src/core.c: Don't include it. (scm_gnutls_set_default_priority_x): Remove. * guile/modules/gnutls.in (gnutls): Adjust export list. * guile/tests/session-record-port.scm: Use 'set-session-priorities!'. * guile/tests/x509-auth.scm: Likewise. Author: Ludovic Courtès Date: Thu Dec 4 22:15:16 2014 +0100 guile: Remove RSA parameters and related procedures. * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob): Remove. (%gnutls-smobs): Remove it. * guile/src/core.c (scm_gnutls_make_rsa_parameters, scm_gnutls_pkcs1_import_rsa_parameters, scm_gnutls_pkcs1_export_rsa_parameters, scm_gnutls_set_certificate_credentials_rsa_export_params_x): Remove. * guile/modules/gnutls.in: Adjust export list. * guile/tests/openpgp-auth.scm (import-rsa-params): Remove. Remove references to it and to 'set-certificate-credentials-rsa-export-parameters!'. * guile/tests/x509-auth.scm: Likewise. * doc/gnutls-guile.texi (Representation of Binary Data): Remove references to RSA parameters. Adjust example accordingly. (OpenPGP Authentication Guile Example): Likewise. Author: Nikos Mavrogiannopoulos Date: Thu Dec 4 16:05:58 2014 +0100 updated TODO list Author: Nikos Mavrogiannopoulos Date: Thu Dec 4 14:39:03 2014 +0100 removed several of the unneeded exported internal symbols Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 10:53:25 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 10:39:51 2014 +0100 doc: corrected typo Author: Nikos Mavrogiannopoulos Date: Fri Nov 28 20:21:52 2014 +0100 use unsigned long in gcm_cast_st Author: Nikos Mavrogiannopoulos Date: Wed Nov 26 15:43:55 2014 +0100 corrected issue in AES-256-GCM Author: Nikos Mavrogiannopoulos Date: Wed Nov 26 15:20:07 2014 +0100 tests: enhanced cipher check to include all ciphers. Author: Nikos Mavrogiannopoulos Date: Wed Nov 26 14:56:27 2014 +0100 simplified abstractions over nettle based on Niels' comments. Author: Nikos Mavrogiannopoulos Date: Wed Nov 26 11:21:29 2014 +0100 API doc update Author: Nikos Mavrogiannopoulos Date: Wed Nov 26 11:20:26 2014 +0100 Added test vectors for CCM mode Author: Nikos Mavrogiannopoulos Date: Wed Nov 26 10:27:23 2014 +0100 CCM: corrected AEAD decryption Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 20:27:05 2014 +0100 CCM mode moved to the lowest priority Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 19:42:10 2014 +0100 aes-gcm-aead.h: generalized Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 17:57:15 2014 +0100 gnutls-cli: added benchmark for CCM Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 17:46:55 2014 +0100 tests: updated for AES-128-CCM ciphersuites Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 17:27:03 2014 +0100 use the new AEAD API in gnutls_cipher.c Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 17:04:25 2014 +0100 Added definitions for CCM ciphersuites Author: Nikos Mavrogiannopoulos Date: Mon Nov 24 16:02:25 2014 +0100 Modified crypto backend to accomodate for the CCM ciphersuites Author: Nikos Mavrogiannopoulos Date: Mon Nov 24 10:54:55 2014 +0100 More nettle2 updates (in FIPS140-2 mode) Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 22:58:41 2014 +0100 ported to nettle 3.0 Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 10:10:05 2014 +0100 reduced current soversion Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 10:06:32 2014 +0100 documented the removal of deprecated functions Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 09:53:52 2014 +0100 corrected comparison Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 09:49:24 2014 +0100 removed the old gnutls_retr_st compatibility functions Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 09:45:19 2014 +0100 Removed binary compatibility with RSA-EXPORT using applications Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 09:41:33 2014 +0100 removed the old priority functions That is: gnutls_cipher_set_priority gnutls_mac_set_priority gnutls_compression_set_priority gnutls_kx_set_priority gnutls_protocol_set_priority gnutls_certificate_type_set_priority Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 09:37:55 2014 +0100 removed gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data() Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 09:35:26 2014 +0100 gnutls_sign_callback_set() and gnutls_sign_callback_get() were removed Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 09:32:21 2014 +0100 renumbered fields in gnutls.h Author: Nikos Mavrogiannopoulos Date: Wed Dec 3 09:28:10 2014 +0100 increased gnutls' soversion Author: Nikos Mavrogiannopoulos Date: Tue Dec 2 10:50:45 2014 +0100 if the rnd structure doesn't provide check, _gnutls_rnd_check() will succeed Author: Nikos Mavrogiannopoulos Date: Sun Nov 30 22:17:31 2014 +0100 tests: Added check for verification using CRLs Author: Nikos Mavrogiannopoulos Date: Sun Nov 30 21:44:10 2014 +0100 Reorganized, and eliminated memory leak in _gnutls_x509_crt_check_revocation() Reported by Tim Rühsen. Author: Nikos Mavrogiannopoulos Date: Sat Nov 29 15:27:34 2014 +0100 systemkey: updated for new gnutls_system_key_iter_get_info Author: Nikos Mavrogiannopoulos Date: Fri Nov 28 16:16:19 2014 +0100 gnutls_system_key_iter_get_info() allows restricting results to a specific certificate type Author: Nikos Mavrogiannopoulos Date: Fri Nov 28 16:12:31 2014 +0100 removed unneeded variable Author: Nikos Mavrogiannopoulos Date: Fri Nov 28 14:39:58 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 28 13:18:49 2014 +0100 doc: added recommendation to use the higher level functions to load keys Author: Nikos Mavrogiannopoulos Date: Fri Nov 28 10:40:34 2014 +0100 certtool: avoid gcc warnings Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 11:47:56 2014 +0100 gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required Author: Nikos Mavrogiannopoulos Date: Fri Nov 28 10:32:22 2014 +0100 gnutls_session_get_desc: allow proper printing of the NULL KX Author: Nikos Mavrogiannopoulos Date: Fri Nov 28 09:30:04 2014 +0100 gnutls_session_get_desc will return NULL if initial negotiation is not complete Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 23:17:29 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 23:16:04 2014 +0100 tests: small fix in mini-chain-unsorted Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 22:39:08 2014 +0100 GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from gnutls_pcert_import_x509_list That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT is specified. Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 16:28:10 2014 +0100 gnutls_pcert_import_x509_list: only sort the lists it can sort Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 16:12:33 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 16:10:44 2014 +0100 simplified windows URLs Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 16:08:46 2014 +0100 system-keys-win: include urls.h Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 16:06:46 2014 +0100 tests: added mini-chain-unsorted Author: Nikos Mavrogiannopoulos Date: Thu Nov 27 15:06:11 2014 +0100 Added flag GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import* That also allows automatically sorting input chains to the gnutls_certificate_credentials_t structure. Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 21:53:03 2014 +0100 tests: Added check for memory leaks when a file cannot be loaded. Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 21:52:23 2014 +0100 gnutls_certificate_set_x509_key_*: eliminated memory leak when certificate could not be parsed Reported by Georg Richter. Author: Nikos Mavrogiannopoulos Date: Tue Nov 25 20:33:15 2014 +0100 libdane: undef gnutls_assert() before redefining it Author: Nikos Mavrogiannopoulos Date: Mon Nov 24 22:39:23 2014 +0100 gnutls-cli-debug: do not print error on unknown protocols Author: Nikos Mavrogiannopoulos Date: Mon Nov 24 20:22:35 2014 +0100 tests: added leak check for gnutls_set_x509_key_mem2() Author: Nikos Mavrogiannopoulos Date: Mon Nov 24 19:16:42 2014 +0100 documented the limitations of the loading functions Author: Nikos Mavrogiannopoulos Date: Mon Nov 24 18:54:28 2014 +0100 corrected memleak in read_key_mem() Patch by Georg Richter. Author: Nikos Mavrogiannopoulos Date: Mon Nov 24 13:27:09 2014 +0100 gnutls-cli-debug: Added check for sorted certificate chain Author: Nikos Mavrogiannopoulos Date: Mon Nov 24 10:40:24 2014 +0100 do not allow the resumption of a session which switches the state of ext_master_secret Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 22:23:55 2014 +0100 tests: run rfc2253-escape-test under valgrind Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 19:43:44 2014 +0100 tests: enhanced custom-url check Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 19:43:01 2014 +0100 sanitize URLs at the proper place Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 19:42:43 2014 +0100 corrected freeing of custom URL Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 13:03:50 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 12:43:27 2014 +0100 Added memxor_different_alignment into suppressions Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 12:36:22 2014 +0100 Allow the construction of chains with custom URLs Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 11:04:47 2014 +0100 updated ignored files Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 11:04:15 2014 +0100 renamed systemkey-tool to systemkey, and don't install it by default Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 10:51:30 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 10:49:59 2014 +0100 tests: added check for registration of custom URLs Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 10:49:32 2014 +0100 export gnutls_register_custom_url Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 10:48:56 2014 +0100 correctly handle non-pkcs11 URLs in read_cert_url Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 09:30:29 2014 +0100 more files to ignore Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 09:11:38 2014 +0100 Added the ability to register application specific URLs for keys and certs Author: Nikos Mavrogiannopoulos Date: Sun Nov 23 08:47:41 2014 +0100 system-keys-win: use macros for the URL Author: Nikos Mavrogiannopoulos Date: Sat Nov 22 10:49:52 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 21 20:42:21 2014 +0100 tests: added test for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake Author: Nikos Mavrogiannopoulos Date: Fri Nov 21 20:18:08 2014 +0100 treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is complete This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship. https://savannah.gnu.org/support/?108690 Author: Nikos Mavrogiannopoulos Date: Fri Nov 21 16:48:45 2014 +0100 removed old news Author: Nikos Mavrogiannopoulos Date: Fri Nov 21 16:10:33 2014 +0100 The record version in the client Hello will be set to the lowest supported protocol There should have been no harm in keeping it SSL 3.0 but unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked as MUST NOT do that. That will be fixed in a later revision but since then there are servers not accepting SSL 3.0 as a valid record version (note that this is about the record version, which describes the format of the packet, nothing to do with the negotiated version). Author: Nikos Mavrogiannopoulos Date: Fri Nov 21 15:41:25 2014 +0100 Revert "The priority modifier %LATEST_RECORD_VERSION is now the default" This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f. Author: Nikos Mavrogiannopoulos Date: Fri Nov 21 15:02:40 2014 +0100 deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are done when it is required only. Author: Nikos Mavrogiannopoulos Date: Fri Nov 21 14:48:50 2014 +0100 gnutls_priority_string_list: allow printing the special keywords as well. Author: Nikos Mavrogiannopoulos Date: Fri Nov 21 14:18:15 2014 +0100 simplified code involving getrandom() and getentropy() Author: Nikos Mavrogiannopoulos Date: Thu Nov 20 10:36:23 2014 +0100 configure: detect android system and define a variable Author: Nikos Mavrogiannopoulos Date: Thu Nov 20 10:35:26 2014 +0100 separated system-keys implementations Author: Nikos Mavrogiannopoulos Date: Thu Nov 20 22:52:43 2014 +0100 removed redundant local Author: Nikos Mavrogiannopoulos Date: Thu Nov 20 00:15:02 2014 +0100 tests: added check for the abbreviated URLs which don't contain object information Author: Nikos Mavrogiannopoulos Date: Thu Nov 20 00:13:45 2014 +0100 prior to importing objects with URLs sanitize them That allows to use out of band information to complete missing parts in URLs (e.g., object-type=cert, when there is a certificate). Author: Nikos Mavrogiannopoulos Date: Wed Nov 19 23:53:50 2014 +0100 compilation fixes Author: Nikos Mavrogiannopoulos Date: Wed Nov 19 11:28:38 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 7 16:14:08 2014 +0100 Added API to read/write/delete key-cert pairs (limited to windows for now) Author: Nikos Mavrogiannopoulos Date: Mon Nov 17 20:26:26 2014 +0100 NORMAL priority: prioritize the less than 256-bits curves at the lowest level Author: Nikos Mavrogiannopoulos Date: Mon Nov 17 18:21:48 2014 +0100 certtool: Allow to set the nonRepudiation, keyAgreement and dataEncipherment flags Author: Nikos Mavrogiannopoulos Date: Mon Nov 17 18:09:36 2014 +0100 list the OIDs in the certtool cfg file documentation Author: Nikos Mavrogiannopoulos Date: Sun Nov 16 18:27:01 2014 +0100 properly reset the zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879 Author: Nikos Mavrogiannopoulos Date: Sat Nov 15 10:06:12 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 22:17:42 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 22:16:09 2014 +0100 partially reverted 999d221fd2241ff73f884bf33d8cbe6eb8299184 That change allows to use the intermediate certificates in chains as OCSP anchors. Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 21:21:53 2014 +0100 certtool: print message when the system trust is used Author: David Weber Date: Fri Nov 14 14:49:24 2014 +0200 Fixed SRTP profile configuration in cli.c and serv.c. I have tested the fix in 3.3.10. This commit is UNTESTED as i am unable to compile gnutls (./configure complains about gl_INIT and ggl_INIT). Signed-off-by: Nikos Mavrogiannopoulos Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 20:13:36 2014 +0100 tests: ocsp: added the signature in check Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 20:10:06 2014 +0100 only print about additional certificates if they are present Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 17:22:07 2014 +0100 ocsp: fix DN decoding in gnutls_ocsp_resp_get_responder_raw_id Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 11:42:42 2014 +0100 tests: ocsp: added check with a long response Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 16:17:58 2014 +0100 use the original DER/BER data when verifying an OCSP response Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 11:55:21 2014 +0100 _pkcs1_rsa_verify_sig() simplify hashing Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 11:42:15 2014 +0100 ocsp: eliminated duplicate code Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 11:05:18 2014 +0100 clarified the multiple paths printing of the verify options Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 10:53:31 2014 +0100 gnutls-cli: allow printing the certificates in OCSP responses when --print-cert is specified Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 10:47:55 2014 +0100 updated OCSP verification code to better use the trust list, and the KeyHash Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 09:34:13 2014 +0100 OCSP printing: Add header in front of certificates Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 09:32:40 2014 +0100 added gnutls_pkcs11_get_raw_issuer_by_dn and gnutls_x509_trust_list_get_issuer_by_dn Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 07:57:19 2014 +0100 gnutls-cli-debug: check for OCSP status response Author: Nikos Mavrogiannopoulos Date: Fri Nov 14 07:45:49 2014 +0100 corrected crq test case; reported by Andreas Metzler Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 20:56:27 2014 +0100 set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN callback Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 16:31:21 2014 +0100 replaced gnutls_ocsp_resp_get_responder_by_key with gnutls_ocsp_resp_get_responder_raw_id In addition reverted gnutls_ocsp_resp_get_responder() to the old buggy behavior of returning 0 if the element was missing. Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 16:05:44 2014 +0100 certtool: make sure that GNUTLS_PKCS_PLAIN is set when no password should be asked Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 16:05:21 2014 +0100 gnutls_x509_privkey_import2: will not use a callback if GNUTLS_PKCS_PLAIN is specified Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 15:55:50 2014 +0100 the FIPS140-2 testing mode is disabled after self-checks Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 15:50:05 2014 +0100 updated OCSP tests to account for the new key ID Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 15:43:04 2014 +0100 doc update and gnutls_ocsp_resp_get_responder() will always initialized output data Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 15:38:34 2014 +0100 _rnd_get_event: use memset to avoid valgrind complaints Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 15:34:23 2014 +0100 gnutls-cli: print the OCSP response in verbose mode Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 15:30:55 2014 +0100 corrected documentation of OCSP response verification Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 14:39:41 2014 +0100 Added gnutls_ocsp_resp_get_responder_by_key() Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 14:39:07 2014 +0100 dn parsing: return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 14:12:15 2014 +0100 gnutls-cli: added option to save the OCSP response Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 12:06:32 2014 +0100 added the notion of preferred sign algorithm in a private key This can be set for keys imported with gnutls_privkey_import_ext3() with the info callback. It is only considered for client side keys in TLS sessions. Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 10:18:03 2014 +0100 Added priority string %NO_SESSION_HASH to prevent advertising the extended master secret extension Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 10:06:51 2014 +0100 certificate status requestion response is optional according to RFC6066 Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 09:52:43 2014 +0100 Added flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 09:27:38 2014 +0100 rnd: removed the packed attribute from event_st That prevents a SIGBUS on solaris sparc systems. Reported by Thomas Thorberger. Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 09:18:31 2014 +0100 The priority modifier %LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version number from the first packet of the record protocol. Author: Nikos Mavrogiannopoulos Date: Thu Nov 13 09:16:29 2014 +0100 added check for servers that disallow the SSL 3.0 record version Author: Nikos Mavrogiannopoulos Date: Wed Nov 12 19:44:18 2014 +0100 gnutls-cli: print whether status request has been checked Author: Nikos Mavrogiannopoulos Date: Wed Nov 12 16:14:55 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Wed Nov 12 15:44:53 2014 +0100 Enable PIN support to gnutls_x509_privkey_t Author: Nikos Mavrogiannopoulos Date: Tue Nov 11 15:16:12 2014 +0100 _gnutls_ucs2_to_utf8() can handle little endian strings. Author: Nikos Mavrogiannopoulos Date: Tue Nov 11 11:25:57 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Tue Nov 11 11:25:44 2014 +0100 Added gnutls_memcmp() and exported it. Author: Nikos Mavrogiannopoulos Date: Tue Nov 11 10:47:56 2014 +0100 indentation fix Author: Nikos Mavrogiannopoulos Date: Tue Nov 11 10:40:21 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Fri Nov 7 16:05:10 2014 +0100 added gnutls_pkcs12_bag_set_privkey() Conflicts: lib/libgnutls.map Author: Nikos Mavrogiannopoulos Date: Mon Nov 10 12:59:39 2014 +0100 dropped unused copy_func Author: Nikos Mavrogiannopoulos Date: Mon Nov 10 11:38:58 2014 +0100 silence warning Author: Nikos Mavrogiannopoulos Date: Fri Oct 31 10:08:00 2014 +0100 Added check with the invalid crq sent by Sean Burford Author: Nikos Mavrogiannopoulos Date: Fri Oct 31 10:00:32 2014 +0100 when exporting curve coordinates to X9.63 format, perform additional sanity checks on input Reported by Sean Burford. Author: Nikos Mavrogiannopoulos Date: Sat Nov 8 09:06:36 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Nov 8 08:38:44 2014 +0100 doc update Author: Nikos Mavrogiannopoulos Date: Sat Nov 8 08:36:16 2014 +0100 exported gnutls_memset() Author: Nikos Mavrogiannopoulos Date: Sat Nov 8 08:35:01 2014 +0100 doc: updated text on session tickets Author: Nikos Mavrogiannopoulos Date: Fri Nov 7 21:46:58 2014 +0100 tools: include arpa/inet.h in socket.c Author: Nikos Mavrogiannopoulos Date: Fri Nov 7 19:18:22 2014 +0100 doc: use the same port for DTLS client and server Author: Nikos Mavrogiannopoulos Date: Fri Nov 7 19:01:57 2014 +0100 pkcs11: pass the correct user type to protected authentication login