GitLab

x509: Omit empty sequences of policyQualifiers.

Closes #1238

See merge request !1435

git: Do not ignore certtool templates.

Closes #1242

See merge request !1437

This effectively reverts part of
dc859663

 in order to ensure that
tests/cert-tests/templates/*.tmpl are not ignored by git.

Closes: #1242
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Ensure that a policy without policyQualifiers gets created with an
omitted sequence of qualifiers, rather than an empty sequence of
qualifiers.

We use NIST's test policy OID for this test.

This tests the fix for #1238

.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

cert auth: filter out unsupported cert types from TLS 1.2 CR

See merge request !1434

When a certificate has a policy attached but no policyQualifiers,
`certtool` should omit the policyQualifiers sequence entirely, rather
than emitting an empty sequence.

Closes: #1238

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

When the server is advertising signature algorithms in TLS 1.2
CertificateRequest, it shouldn't send certificate_types not backed by
any of those algorithms.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

x509: Write keyUsage extension with minimal BIT STRING

Closes #1236

See merge request !1431

Avoid embedding trailing cleared bits in the BIT STRING for the
keyUsage extension.

The overwhelming majority of this changeset is correcting the
artifacts in the test suite, most of which had keyUsage with a
non-minimal encoding.  The only functional code change is in
lib/x509/x509_ext.c.

Closes: #1236

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

serv: stop setting AI_ADDRCONFIG on getaddrinfo

Closes #1007

See merge request !1433

.gitlab-ci.yml: add bootstrap stage

Closes #891

See merge request !1432

Signed-off-by: Daiki Ueno <ueno@gnu.org>

AI_ADDRCONFIG is only useful when the NODE argument is given in the
getaddrinfo call, as described in RFC 3493 6.1.  Suggested by Andreas
Metzler in:
#1007 (comment 356637206)

Signed-off-by: Daiki Ueno <ueno@gnu.org>

tests: don't install crypt32.dll and ncrypt.dll replacement

Closes #1232

See merge request !1429

This library needs to be linked for CryptAcquireContextW, used in
lib/system/keys-win.c.  Suggested by Tim Kosse in:
#1232

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Reported by Tim Kosse in:
#1232

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Improve 0-RTT support for QUIC

Closes #1216

See merge request !1421

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Signed-off-by: Daiki Ueno <ueno@gnu.org>

When resuming in TLS 1.3, the negotiated PRF hash must match the one
used in the initial handshake.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

The wrapper (tls13/prf-early.sh) was merely for running
tls13/prf-early under datefudge.  The same thing can now be done with
virt_time_init_at.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

This allows the tests to set the current time to arbitrary point,
instead of the current time; useful for the tests checking the traces
such as tls13/prf-early.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

The message is prohibited in QUIC:
https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-8.3

Signed-off-by: Daiki Ueno <ueno@gnu.org>

The flag was only for the server, but it turned out to be useful for
client to explicitly indicate early data, when 0-RTT is handled
out-of-band as in QUIC.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

Signed-off-by: Daiki Ueno <ueno@gnu.org>

CI updates and build fixes spotted by GCC 11

See merge request !1430

Signed-off-by: Daiki Ueno <ueno@gnu.org>

While those options have no effect, the command previously tried to
open a file for reading and leaked file descriptor.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

This workarounds the following warnings with gcc analyzer:

  kx.c:156:69: error: leak of FILE '<unknown>' [CWE-775] [-Werror=analyzer-file-leak]
    156 |                         _gnutls_bin2hex(session->security_parameters.
        |                                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
    157 |                                         client_random, GNUTLS_RANDOM_SIZE,
        |                                         ~~~~~~~~~~~~~

This should be harmless because the keylog file pointer is closed in
the ELF destructor.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Signed-off-by: Daiki Ueno <ueno@gnu.org>

This should fix the nettle_streebog512_update detection.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

Spotted by gcc analyzer:
  srptool.c:113:32: warning: leak of FILE 'fp' [CWE-775] [-Wanalyzer-file-leak]
    113 |                         return -1;
        |                                ^
also:
  srptool.c:560:32: warning: leak of FILE 'fp' [CWE-775] [-Wanalyzer-file-leak]
    560 |                         return -1;
        |                                ^
Signed-off-by: Daiki Ueno <ueno@gnu.org>

As this function shall be called in a signal handler, it shouldn't use
'exit' as it's not async-thread-safe.
Signed-off-by: Daiki Ueno <ueno@gnu.org>

Spotted by gcc analyzer:
  serv.c:1138:9: warning: call to 'exit' from within signal handler [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
   1138 |         exit(1);
        |         ^~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>

Spotted by gcc analyzer:
  certtool-cfg.c:856:24: warning: use of possibly-NULL 'copy' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
    856 |                 while (strcmp(pass, copy) != 0
        |                        ^~~~~~~~~~~~~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>

Spotted by gcc analyzer:
  psk.c:275:21: warning: use of possibly-NULL '_username.data' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
    275 |                 if (strncmp(p, (const char *) _username.data,
        |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>

Signed-off-by: Daiki Ueno <ueno@gnu.org>

This suppresses the warning with -Warray-parameter
  secrets.c:85:40: warning: argument 6 of type 'const uint8_t[64]' {aka 'const unsigned char[64]'} with mismatched bound [-Warray-parameter=]
     85 |                          const uint8_t secret[MAX_HASH_SIZE],
        |                          ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
  In file included from secrets.c:28:
  secrets.h:43:41: note: previously declared as 'const uint8_t[32]' {aka 'const unsigned char[32]'}
     43 |                           const uint8_t secret[MAX_CIPHER_KEY_SIZE],
        |                           ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>

This was originally to eliminate the warnings with -Warray-parameter:

  pin.c:70:27: warning: argument 5 of type 'char[256]' with mismatched bound [-Warray-parameter=]
     70 |                      char pin[GNUTLS_PKCS11_MAX_PIN_LEN], unsigned pin_size)
        |                      ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  In file included from pin.c:23:
  ./pin.h:9:48: note: previously declared as 'char *'
      9 |                      unsigned pin_flags, char *pin, unsigned pin_size);
        |                                          ~~~~~~^~~

though it turned out to be unnecessary because the function merely
delegate the call to the user-supplied callbacks.
Signed-off-by: Daiki Ueno <ueno@gnu.org>