Merge branch 'tmp-minor-fixes' into 'master'

Minor fixes towards 3.6.5

See merge request gnutls/gnutls!818

6 files changed, 106 insertions, 103 deletions

diff --git a/.gitignore b/.gitignore
index bae2a4eb2f..2ffe7b8aab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -255,6 +255,7 @@ Makefile.user
 *.o
 *.out
 *.plist
+src/args-std.def
 src/benchmark
 src/benchmark-cipher
 src/benchmark-tls
@@ -322,6 +323,9 @@ stamp-h1
 .submodule.stamp
 *.swp
 tags
+tests/*/out
+tests/Makefile
+tests/Makefile.in
 tests/alerts
 tests/alpn-server-prec
 tests/anonself
@@ -330,24 +334,25 @@ tests/auto-verify
 tests/base64
 tests/base64-raw
 tests/cert
+tests/cert-key-exchange
+tests/cert-status
+tests/cert_verify_inv_utf8
 tests/certder
 tests/certificate_set_x509_crl
-tests/cert-key-exchange
 tests/certuniqueid
-tests/cert_verify_inv_utf8
 tests/chainverify
 tests/chainverify-unsorted
 tests/cipher-test
 tests/client
-tests/client_dsa_key
 tests/client-fastopen
 tests/client-sign-md5-rep
+tests/client_dsa_key
 tests/conv-utf8
-tests/crl_apis
 tests/crl-basic
+tests/crl_apis
 tests/crlverify
-tests/crq_apis
 tests/crq-basic
+tests/crq_apis
 tests/crq_key_id
 tests/crt_apis
 tests/crt_inv_write
@@ -359,19 +364,13 @@ tests/cve-2009-1415
 tests/cve-2009-1416
 tests/dane
 tests/dane-strcodes
+tests/dh-params
 tests/dhepskself
 tests/dhex509self
-tests/dh-params
 tests/dn
 tests/dn2
 tests/dss-sig-val
-tests/dtls1.0-cert-key-exchange
-tests/dtls10-cert-key-exchange
-tests/dtls1.2-cert-key-exchange
-tests/dtls12-cert-key-exchange
-tests/dtls1-2-mtu-check
 tests/dtls-client-with-seccomp
-tests/dtls/dtls-stress
 tests/dtls-etm
 tests/dtls-handshake-versions
 tests/dtls-max-record
@@ -385,8 +384,15 @@ tests/dtls-session-ticket-lost
 tests/dtls-sliding-window
 tests/dtls-stress
 tests/dtls-with-seccomp
+tests/dtls/dtls-stress
+tests/dtls1-2-mtu-check
+tests/dtls1.0-cert-key-exchange
+tests/dtls1.2-cert-key-exchange
+tests/dtls10-cert-key-exchange
+tests/dtls12-cert-key-exchange
 tests/duplicate-extensions
 tests/eagain
+tests/eagain-auto-auth
 tests/empty_retrieve_function
 tests/fallback-scsv
 tests/finished
@@ -396,12 +402,13 @@ tests/fips-test
 tests/gc
 tests/global-init
 tests/global-init-override
+tests/gnutls-strcodes
 tests/gnutls_ext_raw_parse
 tests/gnutls_ext_raw_parse_dtls
 tests/gnutls_hmac_fast
 tests/gnutls_ocsp_resp_list_import2
 tests/gnutls_record_overhead
-tests/gnutls-strcodes
+tests/gnutls_session_set_id
 tests/gnutls_x509_crq_sign
 tests/gnutls_x509_crt_list_import
 tests/gnutls_x509_crt_sign
@@ -421,11 +428,9 @@ tests/insecure_key
 tests/ip-check
 tests/ip-utils
 tests/key-export-pkcs8
-tests/keygen
 tests/key-id/Makefile
 tests/key-id/Makefile.in
 tests/key-import-export
-tests/keylog-env
 tests/key-material-dtls
 tests/key-material-set-dtls
 tests/key-openssl
@@ -433,11 +438,11 @@ tests/key-usage
 tests/key-usage-dhe-rsa
 tests/key-usage-ecdhe-rsa
 tests/key-usage-rsa
+tests/keygen
+tests/keylog-env
 tests/libpkcs11mock1.la
 tests/libutils.la
 tests/long-session-id
-tests/Makefile
-tests/Makefile.in
 tests/memset
 tests/memset0
 tests/memset1
@@ -447,7 +452,6 @@ tests/mini-alpn
 tests/mini-cert-status
 tests/mini-chain-unsorted
 tests/mini-deflate
-tests/mini-dtls0-9
 tests/mini-dtls-discard
 tests/mini-dtls-fork
 tests/mini-dtls-heartbeat
@@ -462,6 +466,7 @@ tests/mini-dtls-record
 tests/mini-dtls-record-asym
 tests/mini-dtls-rehandshake
 tests/mini-dtls-srtp
+tests/mini-dtls0-9
 tests/mini-eagain
 tests/mini-eagain-dtls
 tests/mini-emsgsize-dtls
@@ -471,8 +476,8 @@ tests/mini-global-load
 tests/mini-handshake-timeout
 tests/mini-key-material
 tests/mini-loss
-tests/mini-loss2
 tests/mini-loss-time
+tests/mini-loss2
 tests/mini-overhead
 tests/mini-record
 tests/mini-record-2
@@ -524,24 +529,35 @@ tests/openpgp-certs/Makefile.in
 tests/openpgp-keyring
 tests/openpgpself
 tests/openssl
-tests/*/out
 tests/parse_ca
 tests/pathlen/Makefile
 tests/pathlen/Makefile.in
 tests/pcert-list
 tests/pgps2kgnu
-tests/pkcs11-cert-import-url4-exts
+tests/pkcs1-digest-info
+tests/pkcs1-padding/Makefile
+tests/pkcs1-padding/Makefile.in
 tests/pkcs11-cert-import-url-exts
+tests/pkcs11-cert-import-url4-exts
 tests/pkcs11-get-exts
 tests/pkcs11-get-raw-issuer-exts
-tests/pkcs11/gnutls_pcert_list_import_x509_file
-tests/pkcs11/gnutls_x509_crt_list_import_url
 tests/pkcs11-import-url-privkey
+tests/pkcs11-import-url-privkey-caps
 tests/pkcs11-mechanisms
 tests/pkcs11-obj-raw
+tests/pkcs11-privkey-always-auth
+tests/pkcs11-privkey-export
+tests/pkcs11-privkey-fork
+tests/pkcs11-privkey-fork-reinit
+tests/pkcs11-privkey-raw
+tests/pkcs11-privkey-safenet-always-auth
+tests/pkcs11-token-raw
+tests/pkcs11/gnutls_pcert_list_import_x509_file
+tests/pkcs11/gnutls_x509_crt_list_import_url
 tests/pkcs11/pkcs11-chainverify
 tests/pkcs11/pkcs11-combo
 tests/pkcs11/pkcs11-ec-privkey-test
+tests/pkcs11/pkcs11-eddsa-privkey-test
 tests/pkcs11/pkcs11-get-issuer
 tests/pkcs11/pkcs11-import-url-privkey
 tests/pkcs11/pkcs11-import-with-pin
@@ -557,23 +573,13 @@ tests/pkcs11/pkcs11-pthread
 tests/pkcs11/pkcs11-pubkey-import-ecdsa
 tests/pkcs11/pkcs11-pubkey-import-rsa
 tests/pkcs11/pkcs11-rsa-pss-privkey-test
-tests/pkcs11-privkey-always-auth
-tests/pkcs11-privkey-export
-tests/pkcs11-privkey-fork
-tests/pkcs11-privkey-fork-reinit
-tests/pkcs11-privkey-raw
-tests/pkcs11-privkey-safenet-always-auth
 tests/pkcs11/tls-neg-pkcs11-key
-tests/pkcs11-token-raw
 tests/pkcs12-decode/Makefile
 tests/pkcs12-decode/Makefile.in
 tests/pkcs12_encode
 tests/pkcs12_s2k
 tests/pkcs12_s2k_pem
 tests/pkcs12_simple
-tests/pkcs1-digest-info
-tests/pkcs1-padding/Makefile
-tests/pkcs1-padding/Makefile.in
 tests/pkcs7
 tests/pkcs7-cat-parse
 tests/pkcs7-gen
@@ -581,6 +587,7 @@ tests/pkcs8-decode/Makefile
 tests/pkcs8-decode/Makefile.in
 tests/pkcs8-key-decode
 tests/pkcs8-key-decode-encrypted
+tests/post-client-hello-change-prio
 tests/prf
 tests/priorities
 tests/priorities-groups
@@ -613,6 +620,8 @@ tests/resume-dtls
 tests/resume-lifetime
 tests/resume-psk
 tests/resume-with-false-start
+tests/resume-with-previous-stek
+tests/resume-with-stek-expiration
 tests/resume-x509
 tests/rng-fork
 tests/rng-no-onload
@@ -640,13 +649,12 @@ tests/send-client-cert
 tests/send-data-befor
 tests/send-data-before-handshake
 tests/server
-tests/server_ecdsa_key
 tests/server-sign-md5-rep
+tests/server_ecdsa_key
 tests/session-export-funcs
 tests/session-rdn-read
 tests/session-tickets-missing
 tests/session-tickets-ok
-tests/setcredcrash
 tests/set-default-prio
 tests/set_key
 tests/set_key_utf8
@@ -656,8 +664,8 @@ tests/set_known_dh_params_x509
 tests/set_pkcs12_cred
 tests/set_x509_key
 tests/set_x509_key_file
-tests/set_x509_key_file_der
 tests/set_x509_key_file-late
+tests/set_x509_key_file_der
 tests/set_x509_key_file_legacy
 tests/set_x509_key_file_ocsp
 tests/set_x509_key_file_ocsp_multi
@@ -668,6 +676,7 @@ tests/set_x509_ocsp_multi_invalid
 tests/set_x509_ocsp_multi_pem
 tests/set_x509_ocsp_multi_unknown
 tests/set_x509_pkcs12_key
+tests/setcredcrash
 tests/sha2/Makefile
 tests/sha2/Makefile.in
 tests/sign-is-secure
@@ -693,8 +702,8 @@ tests/softhsm-*.db/
 tests/spki
 tests/spki-abstract
 tests/srp
-tests/srpbase64
 tests/srp/mini-srp
+tests/srpbase64
 tests/ssl2-hello
 tests/ssl3.0-cert-key-exchange
 tests/ssl30-cert-key-exchange
@@ -704,9 +713,9 @@ tests/status-request
 tests/status-request-ext
 tests/status-request-missing
 tests/status-request-ok
-tests/strict-der
 tests/str-idna
 tests/str-unicode
+tests/strict-der
 tests/suite/cert-coverage
 tests/suite/ciphersuite/gnutls-ciphers.js
 tests/suite/danetool-cert*
@@ -725,27 +734,46 @@ tests/suite/pkcs11-pubkey-import-ecdsa
 tests/suite/pkcs11-pubkey-import-rsa
 tests/suite/prime-check
 tests/suite/rng
-tests/suite/softhsm.config
 tests/suite/softhsm*.config
 tests/suite/softhsm*.db
 tests/suite/softhsm*.db-journal
+tests/suite/softhsm.config
 tests/suite/testpkcs11.debug
 tests/suite/testtpm.sh
 tests/suite/x509paths/X509tests
 tests/system-prio-file
+tests/tls-client-with-seccomp
+tests/tls-crt_type-neg
+tests/tls-etm
+tests/tls-ext-not-in-dtls
+tests/tls-ext-register
+tests/tls-force-etm
+tests/tls-max-record
+tests/tls-neg-ext-key
+tests/tls-neg-ext4-key
+tests/tls-record-size-limit
+tests/tls-rehandshake-anon
+tests/tls-rehandshake-cert
+tests/tls-rehandshake-cert-2
+tests/tls-rehandshake-cert-3
+tests/tls-session-ext-override
+tests/tls-session-ext-register
+tests/tls-session-supplemental
+tests/tls-supplemental
+tests/tls-with-seccomp
 tests/tls1.0-cert-key-exchange
+tests/tls1.1-cert-key-exchange
+tests/tls1.2-cert-key-exchange
 tests/tls10-cert-key-exchange
 tests/tls10-cipher-neg
 tests/tls10-prf
 tests/tls10-server-kx-neg
-tests/tls1.1-cert-key-exchange
 tests/tls11-cert-key-exchange
 tests/tls11-check-rollback-val
 tests/tls11-cipher-neg
 tests/tls11-rollback-detection
 tests/tls11-server-kx-neg
 tests/tls12-anon-upgrade
-tests/tls1.2-cert-key-exchange
 tests/tls12-cert-key-exchange
 tests/tls12-check-rollback-val
 tests/tls12-cipher-neg
@@ -756,18 +784,25 @@ tests/tls12-prf
 tests/tls12-rehandshake-cert
 tests/tls12-rehandshake-cert-2
 tests/tls12-rehandshake-cert-3
+tests/tls12-rehandshake-cert-auto
+tests/tls12-rehandshake-set-prio
 tests/tls12-resume-anon
 tests/tls12-resume-psk
 tests/tls12-resume-x509
 tests/tls12-rollback-detection
 tests/tls12-server-kx-neg
-tests/tls13/anti_replay
 tests/tls13-cert-key-exchange
-tests/tls13/change_cipher_spec
 tests/tls13-cipher-neg
-tests/tls13/cookie
 tests/tls13-early-data
+tests/tls13-early-data-neg
 tests/tls13-early-start
+tests/tls13-rehandshake-cert
+tests/tls13-resume-psk
+tests/tls13-resume-x509
+tests/tls13-server-kx-neg
+tests/tls13/anti_replay
+tests/tls13/change_cipher_spec
+tests/tls13/cookie
 tests/tls13/hello_random_value
 tests/tls13/hello_retry_request
 tests/tls13/key_limits
@@ -777,71 +812,49 @@ tests/tls13/multi-ocsp
 tests/tls13/no-psk-exts
 tests/tls13/ocsp-client
 tests/tls13/post-handshake-with-cert
+tests/tls13/post-handshake-with-cert-auto
 tests/tls13/post-handshake-with-cert-ticket
-tests/tls13/post-handshake-without-cert
 tests/tls13/post-handshake-with-psk
+tests/tls13/post-handshake-without-cert
 tests/tls13/prf
 tests/tls13/psk-dumbfw
 tests/tls13/psk-ext
-tests/tls13-rehandshake-cert
-tests/tls13-resume-psk
-tests/tls13-resume-x509
-tests/tls13-server-kx-neg
 tests/tls13/supported_versions
 tests/tls13/tls12-no-tls13-exts
-tests/tls-client-with-seccomp
-tests/tls-crt_type-neg
-tests/tls-etm
 tests/tlsext-decoding
-tests/tls-ext-not-in-dtls
-tests/tls-ext-register
 tests/tlsfeature-crt
 tests/tlsfeature-ext
-tests/tls-force-etm
 tests/tlsia
-tests/tls-max-record
-tests/tls-neg-ext4-key
-tests/tls-neg-ext-key
-tests/tls-record-size-limit
-tests/tls-rehandshake-anon
-tests/tls-rehandshake-cert
-tests/tls-rehandshake-cert-2
-tests/tls-rehandshake-cert-3
-tests/tls-session-ext-override
-tests/tls-session-ext-register
-tests/tls-session-supplemental
-tests/tls-supplemental
-tests/tls-with-seccomp
-tests/trustdb-tofu
 tests/trust-store
+tests/trustdb-tofu
 tests/urls
 tests/userid/Makefile
 tests/userid/Makefile.in
 tests/version-checks
 tests/windows/cng-windows
-tests/x509_altname
-tests/x509cert
 tests/x509-cert-callback
 tests/x509-cert-callback-legacy
 tests/x509-cert-callback-ocsp
-tests/x509cert-invalid
-tests/x509cert-tl
 tests/x509-crt-list-import-url.config.db/
-tests/x509dn
 tests/x509-dn
 tests/x509-dn-decode
 tests/x509-dn-decode-compat
 tests/x509-extensions
+tests/x509-verify-with-crl
+tests/x509_altname
+tests/x509cert
+tests/x509cert-invalid
+tests/x509cert-tl
+tests/x509dn
 tests/x509paths/
 tests/x509self
-tests/x509signself
 tests/x509sign-verify
-tests/x509sign-verify2
 tests/x509sign-verify-ecdsa
 tests/x509sign-verify-error
 tests/x509sign-verify-gost
 tests/x509sign-verify-rsa
-tests/x509-verify-with-crl
+tests/x509sign-verify2
+tests/x509signself
 *.tmp
 tmp-*
 *.trs
diff --git a/bootstrap.conf b/bootstrap.conf
index 8f369abfbb..b816118114 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -47,6 +47,7 @@ git        1.4.4
 perl       5.5
 gperf      -
 autopoint  -
+autogen    -
 "
 
 GTKDOCIZE=$(which gtkdocize 2>/dev/null)
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index da21995cb7..5d72707dfa 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -949,11 +949,17 @@ received data with @funcref{gnutls_record_recv_early_data}.  You can
 call the function either after the handshake is complete, or through a
 handshake hook (@funcref{gnutls_handshake_set_hook_function}).
 
-On the client side, to check whether the sent early data was accepted by
-the server, use @funcref{gnutls_session_get_flags} and compare the
-result with @acronym{GNUTLS_SFLAGS_EARLY_DATA}.  Similarly, on the
-server side, the same function and flag can be used to check whether it
-has actually accepted early data.
+When sending early data, the client should respect the maximum amount
+of early data, which may have been previously advertised by the
+server.  It can be checked using
+@funcref{gnutls_record_get_max_early_data_size}, right after calling
+@funcref{gnutls_session_set_data}.
+
+After sending early data, to check whether the sent early data was
+accepted by the server, use @funcref{gnutls_session_get_flags} and
+compare the result with @acronym{GNUTLS_SFLAGS_EARLY_DATA}.
+Similarly, on the server side, the same function and flag can be used
+to check whether it has actually accepted early data.
 
 
 @node Anti-replay protection
diff --git a/src/Makefile.am b/src/Makefile.am
index 23f8936bf0..9d0af9aae2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -269,22 +269,18 @@ SUFFIXES = .stamp .def .c.bak .h.bak
 .def.stamp:
 	$(AM_V_GEN) $(AUTOGEN) $< || { \
 		srcdir=''; \
-		test -f ./$@ || srcdir=$(srcdir)/; \
 		b=`echo $@ | sed 's/.stamp$$//'`; \
+		test -f ./$${b}.def || srcdir=$(srcdir)/; \
 		cp -p $${srcdir}$${b}.c.bak $${b}.c; \
 		cp -p $${srcdir}$${b}.h.bak $${b}.h; \
 	} && \
 	touch $@
 
 .c.c.bak:
-	$(AM_V_GEN) srcdir=''; \
-		test -f ./$@ || srcdir=$(srcdir)/; \
-		test -f $${srcdir}/$@ || cp -p $< $@
+	$(AM_V_GEN) cp -p $< $@
 
 .h.h.bak:
-	$(AM_V_GEN) srcdir=''; \
-		test -f ./$@ || srcdir=$(srcdir)/; \
-		test -f $${srcdir}/$@ || cp -p $< $@
+	$(AM_V_GEN) cp -p $< $@
 
 danetool-args.h: danetool-args.stamp
 danetool-args.c: danetool-args.stamp
diff --git a/tests/resume.c b/tests/resume.c
index 41cbebf8ea..0a3b20eac8 100644
--- a/tests/resume.c
+++ b/tests/resume.c
@@ -341,8 +341,6 @@ static void verify_alpn(gnutls_session_t session, struct params_res *params, uns
 
 static void verify_group(gnutls_session_t session, gnutls_group_t *group, unsigned counter)
 {
-	int ret;
-
 	if (counter == 0) {
 		*group = gnutls_group_get(session);
 		return;
@@ -426,7 +424,6 @@ static void verify_server_params(gnutls_session_t session, unsigned counter, str
 		}
 	}
 
- finish:
 	return;
 }
 
@@ -737,7 +734,7 @@ pskfunc(gnutls_session_t session, const char *username,
 
 static void server(int sds[], struct params_res *params)
 {
-	size_t t;
+	int t;
 	int ret;
 	gnutls_session_t session;
 	char buffer[MAX_BUF + 1];
diff --git a/tests/tls13/anti_replay.c b/tests/tls13/anti_replay.c
index 31ab517151..d8636f0b43 100644
--- a/tests/tls13/anti_replay.c
+++ b/tests/tls13/anti_replay.c
@@ -84,7 +84,6 @@ void doit(void)
 	gnutls_datum_t key = { (unsigned char *) "\xFF\xFF\xFF\xFF", 4 };
 	struct timespec creation_time;
 	struct storage_st storage;
-	gnutls_session_t session;
 	int ret;
 
 	virt_time_init();
@@ -96,13 +95,10 @@ void doit(void)
 	gnutls_anti_replay_set_window(anti_replay, 10000);
 	gnutls_anti_replay_set_add_function(anti_replay, storage_add);
 	gnutls_anti_replay_set_ptr(anti_replay, &storage);
-	gnutls_init(&session, GNUTLS_SERVER);
-	gnutls_anti_replay_enable(session, anti_replay);
 	mygettime(&creation_time);
 	ret = _gnutls_anti_replay_check(anti_replay, 10000, &creation_time, &key);
 	if (ret != GNUTLS_E_ILLEGAL_PARAMETER)
 		fail("error is not returned, while server_ticket_age < client_ticket_age\n");
-	gnutls_deinit(session);
 	gnutls_anti_replay_deinit(anti_replay);
 	storage_clear(&storage);
 
@@ -112,14 +108,11 @@ void doit(void)
 	gnutls_anti_replay_set_add_function(anti_replay, storage_add);
 	gnutls_anti_replay_set_ptr(anti_replay, &storage);
 	gnutls_anti_replay_set_window(anti_replay, 10000);
-	gnutls_init(&session, GNUTLS_SERVER);
-	gnutls_anti_replay_enable(session, anti_replay);
 	mygettime(&creation_time);
 	virt_sec_sleep(30);
 	ret = _gnutls_anti_replay_check(anti_replay, 10000, &creation_time, &key);
 	if (ret != GNUTLS_E_EARLY_DATA_REJECTED)
 		fail("early data is NOT rejected, while freshness check fails\n");
-	gnutls_deinit(session);
 	gnutls_anti_replay_deinit(anti_replay);
 	storage_clear(&storage);
 
@@ -129,8 +122,6 @@ void doit(void)
 	gnutls_anti_replay_set_add_function(anti_replay, storage_add);
 	gnutls_anti_replay_set_ptr(anti_replay, &storage);
 	gnutls_anti_replay_set_window(anti_replay, 10000);
-	gnutls_init(&session, GNUTLS_SERVER);
-	gnutls_anti_replay_enable(session, anti_replay);
 	mygettime(&creation_time);
 	virt_sec_sleep(15);
 	ret = _gnutls_anti_replay_check(anti_replay, 10000, &creation_time, &key);
@@ -139,7 +130,6 @@ void doit(void)
 	ret = _gnutls_anti_replay_check(anti_replay, 10000, &creation_time, &key);
 	if (ret != GNUTLS_E_EARLY_DATA_REJECTED)
 		fail("early data is NOT rejected for a duplicate key\n");
-	gnutls_deinit(session);
 	gnutls_anti_replay_deinit(anti_replay);
 	storage_clear(&storage);
 }