From nmav at gnutls.org Sun May 3 20:03:47 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 03 May 2015 20:03:47 +0200
Subject: [gnutls-devel] gnutls 3.3.15
Message-ID: <1430676227.17186.1.camel@gnutls.org>
Hello,
I've just released gnutls 3.3.15. This is a bug-fix release on
the current stable branch.
* Version 3.3.15 (released 2015-05-03)
** libgnutls: gnutls_certificate_get_ours: will return the certificate even
if a callback was used to send it.
** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
Karthikeyan Bhargavan [GNUTLS-SA-2015-2].
** libgnutls: Check for invalid length in the X.509 version field. Without the check
certificates with invalid length would be detected as having an arbitrary
version. Reported by Hanno B?ck.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded directly from
. A list of GnuTLS mirrors can be
found at .
Here are the XZ and LZIP compressed sources:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.15.tar.xz
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.15.tar.lz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.15.tar.xz.sig
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.15.tar.lz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos gnutls.org>
uid Nikos Mavrogiannopoulos
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From nmav at gnutls.org Sun May 3 20:05:29 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 03 May 2015 20:05:29 +0200
Subject: [gnutls-devel] gnutls 3.4.1
Message-ID: <1430676329.17186.2.camel@gnutls.org>
Hello,
I've just released gnutls 3.4.1. This is a bug-fix release on
the next stable branch.
* Version 3.4.1 (released 2015-05-03)
** libgnutls: gnutls_certificate_get_ours: will return the certificate even
if a callback was used to send it.
** libgnutls: Check for invalid length in the X.509 version field. Without
the check certificates with invalid length would be detected as having an
arbitrary version. Reported by Hanno B?ck.
** libgnutls: Handle DNS name constraints with a leading dot. Patch by
Fotis Loukos.
** libgnutls: Updated system-keys support for windows to compile in more
versions of mingw. Patch by Tim Kosse.
** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
Karthikeyan Bhargavan [GNUTLS-SA-2015-2].
** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
by default. That caused issues with non-blocking programs.
** certtool: It can generate SHA256 key IDs.
** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.
** configure: re-enabled the --enable-local-libopts flag
** API and ABI modifications:
gnutls_x509_crt_get_pk_ecc_raw: Added
Getting the Software
====================
GnuTLS may be downloaded directly from
. A list of GnuTLS mirrors can be
found at .
Here are the XZ and LZIP compressed sources:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.1.tar.xz
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.1.tar.lz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.1.tar.xz.sig
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.1.tar.lz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos gnutls.org>
uid Nikos Mavrogiannopoulos
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From dam at opencsw.org Sun May 3 21:46:25 2015
From: dam at opencsw.org (Dagobert Michelsen)
Date: Sun, 3 May 2015 21:46:25 +0200
Subject: [gnutls-devel] Build failure of GnuTLS
Message-ID: <1E915CC5-9F05-4AA4-A6AB-AEA3DBE9FB96@opencsw.org>
Hi,
I am trying the latest 3.3.14 on Solaris 10 Sparc with GCC 4.9 and get the following error:
gmake[6]: Entering directory '/home/dam/mgar/pkg/gnutls3/trunk/work/solaris10-sparc/build-isa-sparcv8plus/gnutls-3.3.14/src/gl'
CC c-ctype.lo
CC exitfail.lo
CC fd-hook.lo
CC gettime.lo
CC malloca.lo
CC parse-datetime.lo
CC progname.lo
CC read-file.lo
CC sockets.lo
CC sys_socket.lo
CC timespec.lo
CC unistd.lo
CC xmalloc.lo
CC xalloc-die.lo
CC xsize.lo
CC asnprintf.lo
CC error.lo
CC getdelim.lo
CC getline.lo
CC mktime.lo
gmake[6]: *** No rule to make target 'printf-args.c', needed by 'printf-args.lo'. Stop.
gmake[6]: Leaving directory '/home/dam/mgar/pkg/gnutls3/trunk/work/solaris10-sparc/build-isa-sparcv8plus/gnutls-3.3.14/src/gl'
It looks like the bootstrapping from gnulib is missing some substitutions needed for Solaris.
Best regards
? Dago
--
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2418 bytes
Desc: not available
URL:
From jaak.ristioja at cyber.ee Mon May 4 09:53:10 2015
From: jaak.ristioja at cyber.ee (Jaak Ristioja)
Date: Mon, 4 May 2015 10:53:10 +0300
Subject: [gnutls-devel] [PATCH] doc: Fixed typo in heartbeat documentation.
Message-ID: <1430725990-19613-1-git-send-email-jaak.ristioja@cyber.ee>
---
doc/cha-intro-tls.texi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 6a15b0f..e5468ee 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -456,7 +456,7 @@ and is described in @xcite{RFC6520}. The extension is disabled by default and
@funcref{gnutls_heartbeat_enable} can be used to enable it. A policy
may be negotiated to only allow sending heartbeat messages or sending and receiving.
The current session policy can be checked with @funcref{gnutls_heartbeat_allowed}.
-The requests coming from the peer result to @code{GNUTLS_ at -E_@-HERTBEAT_ at -PING_@-RECEIVED}
+The requests coming from the peer result to @code{GNUTLS_ at -E_@-HEARTBEAT_ at -PING_@-RECEIVED}
being returned from the receive function. Ping requests to peer can be send via
@funcref{gnutls_heartbeat_ping}.
--
2.4.0
From nmav at gnutls.org Mon May 4 10:34:38 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 4 May 2015 10:34:38 +0200
Subject: [gnutls-devel] [PATCH] doc: Fixed typo in heartbeat
documentation.
In-Reply-To: <1430725990-19613-1-git-send-email-jaak.ristioja@cyber.ee>
References: <1430725990-19613-1-git-send-email-jaak.ristioja@cyber.ee>
Message-ID:
Applied, thank you.
On Mon, May 4, 2015 at 9:53 AM, Jaak Ristioja wrote:
> ---
> doc/cha-intro-tls.texi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
> index 6a15b0f..e5468ee 100644
> --- a/doc/cha-intro-tls.texi
> +++ b/doc/cha-intro-tls.texi
> @@ -456,7 +456,7 @@ and is described in @xcite{RFC6520}. The extension is disabled by default and
> @funcref{gnutls_heartbeat_enable} can be used to enable it. A policy
> may be negotiated to only allow sending heartbeat messages or sending and receiving.
> The current session policy can be checked with @funcref{gnutls_heartbeat_allowed}.
> -The requests coming from the peer result to @code{GNUTLS_ at -E_@-HERTBEAT_ at -PING_@-RECEIVED}
> +The requests coming from the peer result to @code{GNUTLS_ at -E_@-HEARTBEAT_ at -PING_@-RECEIVED}
> being returned from the receive function. Ping requests to peer can be send via
> @funcref{gnutls_heartbeat_ping}.
>
> --
> 2.4.0
>
>
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-devel
From n.mavrogiannopoulos at gmail.com Mon May 4 15:50:23 2015
From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos)
Date: Mon, 4 May 2015 15:50:23 +0200
Subject: [gnutls-devel] libidn + 3.4.1 = cves?
Message-ID:
Hello,
It seems that libidn cannot currently handle untrusted input [1].
According to thread in [0] libidn expects the input to be checked
before. However, we have no way to do that in gnutls, so most probably
we need to (1) disable libidn support by default in 3.4.x - i.e.,
internationalized dns names and correct comparison of them, (2) switch
to some other library, (3) wait until the issue (assigned
CVE-2015-2059) is resolved upstream.
I'm currently leaning towards (3), and take action before 3.4.x
becomes stable. Any suggestions on comments on the issue?
regards,
Nikos
[0]. http://permalink.gmane.org/gmane.comp.gnu.libidn.general/555
[1]. http://permalink.gmane.org/gmane.comp.gnu.libidn.general/573
From n.mavrogiannopoulos at gmail.com Mon May 4 16:01:39 2015
From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos)
Date: Mon, 4 May 2015 16:01:39 +0200
Subject: [gnutls-devel] gnutls 3.3.x + nettle 3.x
Message-ID:
Hello,
I had to make a patch to compile gnutls 3.3.x using nettle 3.1 or
later. For that I make a short patch in [0]. Is there wider interest
for such a feature in 3.3.x? If there is it would make sense to add it
conditionally in the build.
regards,
Nikos
[0]. http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/tree/gnutls-3.3.15-nettle3.patch
From ametzler at bebt.de Mon May 4 18:50:37 2015
From: ametzler at bebt.de (Andreas Metzler)
Date: Mon, 4 May 2015 18:50:37 +0200
Subject: [gnutls-devel] gnutls 3.3.x + nettle 3.x
In-Reply-To:
References:
Message-ID: <20150504165037.GA1639@downhill.g.la>
On 2015-05-04 Nikos Mavrogiannopoulos wrote:
> I had to make a patch to compile gnutls 3.3.x using nettle 3.1 or
> later. For that I make a short patch in [0]. Is there wider interest
> for such a feature in 3.3.x? If there is it would make sense to add it
> conditionally in the build.
[...]
Hello,
I have seen this on the gnutls_3_3_x branch. And made a test-upload to
Debian/experimental
(https://buildd.debian.org/status/package.php?p=gnutls28&suite=experimental).
I would like to see this feature. We would use this in Debian
temporarily as it would allow us to decouple the nettle (2.7 -> 3.x)
and gnutls (3.3 -> to 3.4) transitions.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
From ametzler at bebt.de Tue May 5 19:39:17 2015
From: ametzler at bebt.de (Andreas Metzler)
Date: Tue, 5 May 2015 19:39:17 +0200
Subject: [gnutls-devel] 3.3.15 testsuite error on kfreebsd-*
Message-ID: <20150505173917.GA1623@downhill.g.la>
Hello,
the newly added sign-md5-rep test often (but not always) fails on
kfreebsd-*. --verbose does not look enlightening to me, but I have
attached logs both of a failing and a working run nevertheless.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
client|<5>| REC[0x6227b0]: Allocating epoch #0
client|<3>| ASSERT: gnutls_constate.c:586
client|<5>| REC[0x6227b0]: Allocating epoch #1
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
client|<4>| EXT[0x6227b0]: Sending extension STATUS REQUEST (5 bytes)
client|<4>| EXT[0x6227b0]: Sending extension SAFE RENEGOTIATION (1 bytes)
client|<4>| EXT[0x6227b0]: Sending extension SESSION TICKET (0 bytes)
client|<4>| EXT[0x6227b0]: Sending extension SUPPORTED ECC (12 bytes)
client|<4>| EXT[0x6227b0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
client|<4>| EXT[0x6227b0]: sent signature algo (1.1) RSA-MD5
client|<4>| EXT[0x6227b0]: Sending extension SIGNATURE ALGORITHMS (4 bytes)
client|<4>| HSK[0x6227b0]: CLIENT HELLO was queued [117 bytes]
client|<5>| REC[0x6227b0]: Preparing Packet Handshake(22) with length: 117 and min pad: 0
client|<5>| REC[0x6227b0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 122
client|<3>| ASSERT: gnutls_buffers.c:1138
server|<3>| ASSERT: common.c:1052
server|<3>| ASSERT: common.c:1052
server|<3>| ASSERT: x509_ext.c:115
server|<3>| ASSERT: x509.c:1396
server|<3>| ASSERT: common.c:1052
server|<3>| ASSERT: common.c:1052
server|<5>| REC[0x624170]: Allocating epoch #0
server|<3>| ASSERT: gnutls_constate.c:586
server|<5>| REC[0x624170]: Allocating epoch #1
server|<3>| ASSERT: gnutls_buffers.c:1138
server|<10>| READ: Got 5 bytes from 0x5
server|<10>| READ: read 5 bytes from 0x5
server|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
server|<10>| RB: Requested 5 bytes
server|<5>| REC[0x624170]: SSL 3.1 Handshake packet received. Epoch 0, length: 117
server|<5>| REC[0x624170]: Expected Packet Handshake(22)
server|<5>| REC[0x624170]: Received Packet Handshake(22) with length: 117
server|<10>| READ: Got 117 bytes from 0x5
server|<10>| READ: read 117 bytes from 0x5
server|<10>| RB: Have 5 bytes into buffer. Adding 117 bytes.
server|<10>| RB: Requested 122 bytes
server|<5>| REC[0x624170]: Decrypted Packet[0] Handshake(22) with length: 117
server|<13>| BUF[REC]: Inserted 117 bytes of Data(22)
server|<4>| HSK[0x624170]: CLIENT HELLO (1) was received. Length 113[113], frag offset 0, frag length: 113, sequence: 0
server|<4>| HSK[0x624170]: Client's version: 3.3
server|<3>| ASSERT: gnutls_db.c:263
server|<4>| EXT[0x624170]: Found extension 'STATUS REQUEST/5'
server|<4>| EXT[0x624170]: Found extension 'SAFE RENEGOTIATION/65281'
server|<4>| EXT[0x624170]: Found extension 'SESSION TICKET/35'
server|<4>| EXT[0x624170]: Found extension 'SUPPORTED ECC/10'
server|<4>| EXT[0x624170]: Found extension 'SUPPORTED ECC POINT FORMATS/11'
server|<4>| EXT[0x624170]: Found extension 'SIGNATURE ALGORITHMS/13'
server|<4>| EXT[0x624170]: Found extension 'STATUS REQUEST/5'
server|<4>| EXT[0x624170]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
server|<4>| EXT[0x624170]: Parsing extension 'SESSION TICKET/35' (0 bytes)
server|<4>| EXT[0x624170]: Found extension 'SUPPORTED ECC/10'
server|<4>| EXT[0x624170]: Found extension 'SUPPORTED ECC POINT FORMATS/11'
server|<4>| EXT[0x624170]: Found extension 'SIGNATURE ALGORITHMS/13'
server|<4>| EXT[0x624170]: Parsing extension 'STATUS REQUEST/5' (5 bytes)
server|<4>| EXT[0x624170]: Found extension 'SAFE RENEGOTIATION/65281'
server|<4>| EXT[0x624170]: Found extension 'SESSION TICKET/35'
server|<4>| EXT[0x624170]: Parsing extension 'SUPPORTED ECC/10' (12 bytes)
server|<4>| HSK[0x624170]: Selected ECC curve SECP256R1 (2)
server|<4>| EXT[0x624170]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes)
server|<4>| EXT[0x624170]: Parsing extension 'SIGNATURE ALGORITHMS/13' (4 bytes)
server|<4>| EXT[0x624170]: rcvd signature algo (1.1) RSA-MD5
server|<3>| ASSERT: server_name.c:297
server|<4>| HSK[0x624170]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1)
server|<4>| HSK[0x624170]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
server|<4>| HSK[0x624170]: Requested cipher suites[size: 24]:
server|<4>| 0xc0, 0x2f ECDHE_RSA_AES_128_GCM_SHA256
server|<4>| HSK[0x624170]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256
server|<4>| HSK[0x624170]: Selected Compression Method: NULL
server|<4>| HSK[0x624170]: Safe renegotiation succeeded
server|<3>| ASSERT: status_request.c:218
server|<4>| EXT[0x624170]: Sending extension SAFE RENEGOTIATION (1 bytes)
server|<4>| EXT[0x624170]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
server|<4>| HSK[0x624170]: SessionID: f7dd72bc01ec0252594a112bb135f2e30741b0da5f03efc7b9f4a72fa401702f
server|<4>| HSK[0x624170]: SERVER HELLO was queued [87 bytes]
server|<11>| HWRITE: enqueued [SERVER HELLO] 87. Total 87 bytes.
server|<4>| HSK[0x624170]: CERTIFICATE was queued [612 bytes]
server|<11>| HWRITE: enqueued [CERTIFICATE] 612. Total 699 bytes.
server|<4>| HSK[0x624170]: signing handshake data: using RSA-MD5
server|<4>| HSK[0x624170]: SERVER KEY EXCHANGE was queued [205 bytes]
server|<11>| HWRITE: enqueued [SERVER KEY EXCHANGE] 205. Total 904 bytes.
server|<4>| HSK[0x624170]: SERVER HELLO DONE was queued [4 bytes]
server|<11>| HWRITE: enqueued [SERVER HELLO DONE] 4. Total 908 bytes.
server|<11>| HWRITE FLUSH: 908 bytes in buffer.
server|<5>| REC[0x624170]: Preparing Packet Handshake(22) with length: 87 and min pad: 0
server|<9>| ENC[0x624170]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
server|<11>| WRITE: enqueued 92 bytes for 0x5. Total 92 bytes.
server|<5>| REC[0x624170]: Sent Packet[1] Handshake(22) in epoch 0 and length: 92
server|<11>| HWRITE: wrote 1 bytes, 821 bytes left.
server|<5>| REC[0x624170]: Preparing Packet Handshake(22) with length: 612 and min pad: 0
server|<9>| ENC[0x624170]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
server|<11>| WRITE: enqueued 617 bytes for 0x5. Total 709 bytes.
server|<5>| REC[0x624170]: Sent Packet[2] Handshake(22) in epoch 0 and length: 617
server|<11>| HWRITE: wrote 1 bytes, 209 bytes left.
server|<5>| REC[0x624170]: Preparing Packet Handshake(22) with length: 205 and min pad: 0
server|<9>| ENC[0x624170]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
server|<11>| WRITE: enqueued 210 bytes for 0x5. Total 919 bytes.
server|<5>| REC[0x624170]: Sent Packet[3] Handshake(22) in epoch 0 and length: 210
server|<11>| HWRITE: wrote 1 bytes, 4 bytes left.
server|<5>| REC[0x624170]: Preparing Packet Handshake(22) with length: 4 and min pad: 0
server|<9>| ENC[0x624170]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
server|<11>| WRITE: enqueued 9 bytes for 0x5. Total 928 bytes.
server|<5>| REC[0x624170]: Sent Packet[4] Handshake(22) in epoch 0 and length: 9
server|<11>| HWRITE: wrote 1 bytes, 0 bytes left.
server|<11>| WRITE FLUSH: 928 bytes in buffer.
server|<11>| WRITE: wrote 928 bytes, 0 bytes left.
server|<3>| ASSERT: gnutls_buffers.c:1138
client|<5>| REC[0x6227b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 87
client|<5>| REC[0x6227b0]: Expected Packet Handshake(22)
client|<5>| REC[0x6227b0]: Received Packet Handshake(22) with length: 87
client|<5>| REC[0x6227b0]: Decrypted Packet[0] Handshake(22) with length: 87
client|<4>| HSK[0x6227b0]: SERVER HELLO (2) was received. Length 83[83], frag offset 0, frag length: 83, sequence: 0
client|<4>| HSK[0x6227b0]: Server's version: 3.3
client|<4>| HSK[0x6227b0]: SessionID length: 32
client|<4>| HSK[0x6227b0]: SessionID: f7dd72bc01ec0252594a112bb135f2e30741b0da5f03efc7b9f4a72fa401702f
client|<4>| HSK[0x6227b0]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256
client|<4>| HSK[0x6227b0]: Selected compression method: NULL (0)
client|<4>| EXT[0x6227b0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
client|<4>| EXT[0x6227b0]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes)
client|<4>| HSK[0x6227b0]: Safe renegotiation succeeded
client|<3>| ASSERT: gnutls_buffers.c:1138
client|<5>| REC[0x6227b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 612
client|<5>| REC[0x6227b0]: Expected Packet Handshake(22)
client|<5>| REC[0x6227b0]: Received Packet Handshake(22) with length: 612
client|<5>| REC[0x6227b0]: Decrypted Packet[1] Handshake(22) with length: 612
client|<4>| HSK[0x6227b0]: CERTIFICATE (11) was received. Length 608[608], frag offset 0, frag length: 608, sequence: 0
client|<3>| ASSERT: common.c:1052
client|<3>| ASSERT: common.c:1052
client|<3>| ASSERT: gnutls_buffers.c:1138
client|<5>| REC[0x6227b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 205
client|<5>| REC[0x6227b0]: Expected Packet Handshake(22)
client|<5>| REC[0x6227b0]: Received Packet Handshake(22) with length: 205
client|<5>| REC[0x6227b0]: Decrypted Packet[2] Handshake(22) with length: 205
client|<4>| HSK[0x6227b0]: SERVER KEY EXCHANGE (12) was received. Length 201[201], frag offset 0, frag length: 201, sequence: 0
client|<4>| HSK[0x6227b0]: Selected ECC curve SECP256R1 (2)
client|<3>| ASSERT: common.c:1052
client|<3>| ASSERT: common.c:1052
client|<4>| HSK[0x6227b0]: verify handshake data: using RSA-MD5
client|<3>| ASSERT: gnutls_sig.c:352
client|<3>| ASSERT: cert.c:2264
client|<3>| ASSERT: gnutls_kx.c:459
client|<3>| ASSERT: gnutls_handshake.c:2760
server|<10>| READ: Got 0 bytes from 0x5
server|<10>| READ: read 0 bytes from 0x5
server|<3>| ASSERT: gnutls_buffers.c:576
server|<3>| ASSERT: gnutls_record.c:1058
server|<3>| ASSERT: gnutls_record.c:1179
server|<3>| ASSERT: gnutls_buffers.c:1392
server|<3>| ASSERT: gnutls_handshake.c:1428
server|<3>| ASSERT: gnutls_handshake.c:3193
server|<5>| REC[0x624170]: Start of epoch cleanup
server|<5>| REC[0x624170]: End of epoch cleanup
server|<5>| REC[0x624170]: Epoch #0 freed
server|<5>| REC[0x624170]: Epoch #1 freed
server: Handshake has failed (The TLS connection was non-properly terminated.)
Child died with status 1
-------------- next part --------------
client|<5>| REC[0x6227b0]: Allocating epoch #0
client|<3>| ASSERT: gnutls_constate.c:586
client|<5>| REC[0x6227b0]: Allocating epoch #1
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
client|<4>| HSK[0x6227b0]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
client|<4>| EXT[0x6227b0]: Sending extension STATUS REQUEST (5 bytes)
client|<4>| EXT[0x6227b0]: Sending extension SAFE RENEGOTIATION (1 bytes)
client|<4>| EXT[0x6227b0]: Sending extension SESSION TICKET (0 bytes)
client|<4>| EXT[0x6227b0]: Sending extension SUPPORTED ECC (12 bytes)
client|<4>| EXT[0x6227b0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
client|<4>| EXT[0x6227b0]: sent signature algo (1.1) RSA-MD5
client|<4>| EXT[0x6227b0]: Sending extension SIGNATURE ALGORITHMS (4 bytes)
client|<4>| HSK[0x6227b0]: CLIENT HELLO was queued [117 bytes]
client|<5>| REC[0x6227b0]: Preparing Packet Handshake(22) with length: 117 and min pad: 0
client|<5>| REC[0x6227b0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 122
client|<3>| ASSERT: gnutls_buffers.c:1138
server|<3>| ASSERT: common.c:1052
server|<3>| ASSERT: common.c:1052
server|<3>| ASSERT: x509_ext.c:115
server|<3>| ASSERT: x509.c:1396
server|<3>| ASSERT: common.c:1052
server|<3>| ASSERT: common.c:1052
server|<5>| REC[0x624170]: Allocating epoch #0
server|<3>| ASSERT: gnutls_constate.c:586
server|<5>| REC[0x624170]: Allocating epoch #1
server|<3>| ASSERT: gnutls_buffers.c:1138
server|<10>| READ: Got 5 bytes from 0x5
server|<10>| READ: read 5 bytes from 0x5
server|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
server|<10>| RB: Requested 5 bytes
server|<5>| REC[0x624170]: SSL 3.1 Handshake packet received. Epoch 0, length: 117
server|<5>| REC[0x624170]: Expected Packet Handshake(22)
server|<5>| REC[0x624170]: Received Packet Handshake(22) with length: 117
server|<10>| READ: Got 117 bytes from 0x5
server|<10>| READ: read 117 bytes from 0x5
server|<10>| RB: Have 5 bytes into buffer. Adding 117 bytes.
server|<10>| RB: Requested 122 bytes
server|<5>| REC[0x624170]: Decrypted Packet[0] Handshake(22) with length: 117
server|<13>| BUF[REC]: Inserted 117 bytes of Data(22)
server|<4>| HSK[0x624170]: CLIENT HELLO (1) was received. Length 113[113], frag offset 0, frag length: 113, sequence: 0
server|<4>| HSK[0x624170]: Client's version: 3.3
server|<3>| ASSERT: gnutls_db.c:263
server|<4>| EXT[0x624170]: Found extension 'STATUS REQUEST/5'
server|<4>| EXT[0x624170]: Found extension 'SAFE RENEGOTIATION/65281'
server|<4>| EXT[0x624170]: Found extension 'SESSION TICKET/35'
server|<4>| EXT[0x624170]: Found extension 'SUPPORTED ECC/10'
server|<4>| EXT[0x624170]: Found extension 'SUPPORTED ECC POINT FORMATS/11'
server|<4>| EXT[0x624170]: Found extension 'SIGNATURE ALGORITHMS/13'
server|<4>| EXT[0x624170]: Found extension 'STATUS REQUEST/5'
server|<4>| EXT[0x624170]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
server|<4>| EXT[0x624170]: Parsing extension 'SESSION TICKET/35' (0 bytes)
server|<4>| EXT[0x624170]: Found extension 'SUPPORTED ECC/10'
server|<4>| EXT[0x624170]: Found extension 'SUPPORTED ECC POINT FORMATS/11'
server|<4>| EXT[0x624170]: Found extension 'SIGNATURE ALGORITHMS/13'
server|<4>| EXT[0x624170]: Parsing extension 'STATUS REQUEST/5' (5 bytes)
server|<4>| EXT[0x624170]: Found extension 'SAFE RENEGOTIATION/65281'
server|<4>| EXT[0x624170]: Found extension 'SESSION TICKET/35'
server|<4>| EXT[0x624170]: Parsing extension 'SUPPORTED ECC/10' (12 bytes)
server|<4>| HSK[0x624170]: Selected ECC curve SECP256R1 (2)
server|<4>| EXT[0x624170]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes)
server|<4>| EXT[0x624170]: Parsing extension 'SIGNATURE ALGORITHMS/13' (4 bytes)
server|<4>| EXT[0x624170]: rcvd signature algo (1.1) RSA-MD5
server|<3>| ASSERT: server_name.c:297
server|<4>| HSK[0x624170]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1)
server|<4>| HSK[0x624170]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
server|<4>| HSK[0x624170]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
server|<4>| HSK[0x624170]: Requested cipher suites[size: 24]:
server|<4>| 0xc0, 0x2f ECDHE_RSA_AES_128_GCM_SHA256
server|<4>| HSK[0x624170]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256
server|<4>| HSK[0x624170]: Selected Compression Method: NULL
server|<4>| HSK[0x624170]: Safe renegotiation succeeded
server|<3>| ASSERT: status_request.c:218
server|<4>| EXT[0x624170]: Sending extension SAFE RENEGOTIATION (1 bytes)
server|<4>| EXT[0x624170]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
server|<4>| HSK[0x624170]: SessionID: 05d4f997cb5645f9fd6ea27fbb42b86a8409f44519d9d2d633d171d8c68e2558
server|<4>| HSK[0x624170]: SERVER HELLO was queued [87 bytes]
server|<11>| HWRITE: enqueued [SERVER HELLO] 87. Total 87 bytes.
server|<4>| HSK[0x624170]: CERTIFICATE was queued [612 bytes]
server|<11>| HWRITE: enqueued [CERTIFICATE] 612. Total 699 bytes.
server|<4>| HSK[0x624170]: signing handshake data: using RSA-MD5
server|<4>| HSK[0x624170]: SERVER KEY EXCHANGE was queued [205 bytes]
server|<11>| HWRITE: enqueued [SERVER KEY EXCHANGE] 205. Total 904 bytes.
server|<4>| HSK[0x624170]: SERVER HELLO DONE was queued [4 bytes]
server|<11>| HWRITE: enqueued [SERVER HELLO DONE] 4. Total 908 bytes.
server|<11>| HWRITE FLUSH: 908 bytes in buffer.
server|<5>| REC[0x624170]: Preparing Packet Handshake(22) with length: 87 and min pad: 0
server|<9>| ENC[0x624170]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
server|<11>| WRITE: enqueued 92 bytes for 0x5. Total 92 bytes.
server|<5>| REC[0x624170]: Sent Packet[1] Handshake(22) in epoch 0 and length: 92
server|<11>| HWRITE: wrote 1 bytes, 821 bytes left.
server|<5>| REC[0x624170]: Preparing Packet Handshake(22) with length: 612 and min pad: 0
server|<9>| ENC[0x624170]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
server|<11>| WRITE: enqueued 617 bytes for 0x5. Total 709 bytes.
server|<5>| REC[0x624170]: Sent Packet[2] Handshake(22) in epoch 0 and length: 617
server|<11>| HWRITE: wrote 1 bytes, 209 bytes left.
server|<5>| REC[0x624170]: Preparing Packet Handshake(22) with length: 205 and min pad: 0
server|<9>| ENC[0x624170]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
server|<11>| WRITE: enqueued 210 bytes for 0x5. Total 919 bytes.
server|<5>| REC[0x624170]: Sent Packet[3] Handshake(22) in epoch 0 and length: 210
server|<11>| HWRITE: wrote 1 bytes, 4 bytes left.
server|<5>| REC[0x624170]: Preparing Packet Handshake(22) with length: 4 and min pad: 0
server|<9>| ENC[0x624170]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
server|<11>| WRITE: enqueued 9 bytes for 0x5. Total 928 bytes.
server|<5>| REC[0x624170]: Sent Packet[4] Handshake(22) in epoch 0 and length: 9
server|<11>| HWRITE: wrote 1 bytes, 0 bytes left.
server|<11>| WRITE FLUSH: 928 bytes in buffer.
server|<11>| WRITE: wrote 928 bytes, 0 bytes left.
server|<3>| ASSERT: gnutls_buffers.c:1138
client|<5>| REC[0x6227b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 87
client|<5>| REC[0x6227b0]: Expected Packet Handshake(22)
client|<5>| REC[0x6227b0]: Received Packet Handshake(22) with length: 87
client|<5>| REC[0x6227b0]: Decrypted Packet[0] Handshake(22) with length: 87
client|<4>| HSK[0x6227b0]: SERVER HELLO (2) was received. Length 83[83], frag offset 0, frag length: 83, sequence: 0
client|<4>| HSK[0x6227b0]: Server's version: 3.3
client|<4>| HSK[0x6227b0]: SessionID length: 32
client|<4>| HSK[0x6227b0]: SessionID: 05d4f997cb5645f9fd6ea27fbb42b86a8409f44519d9d2d633d171d8c68e2558
client|<4>| HSK[0x6227b0]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256
client|<4>| HSK[0x6227b0]: Selected compression method: NULL (0)
client|<4>| EXT[0x6227b0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
client|<4>| EXT[0x6227b0]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes)
client|<4>| HSK[0x6227b0]: Safe renegotiation succeeded
client|<3>| ASSERT: gnutls_buffers.c:1138
client|<5>| REC[0x6227b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 612
client|<5>| REC[0x6227b0]: Expected Packet Handshake(22)
client|<5>| REC[0x6227b0]: Received Packet Handshake(22) with length: 612
client|<5>| REC[0x6227b0]: Decrypted Packet[1] Handshake(22) with length: 612
client|<4>| HSK[0x6227b0]: CERTIFICATE (11) was received. Length 608[608], frag offset 0, frag length: 608, sequence: 0
client|<3>| ASSERT: common.c:1052
client|<3>| ASSERT: common.c:1052
client|<3>| ASSERT: gnutls_buffers.c:1138
client|<5>| REC[0x6227b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 205
client|<5>| REC[0x6227b0]: Expected Packet Handshake(22)
client|<5>| REC[0x6227b0]: Received Packet Handshake(22) with length: 205
client|<5>| REC[0x6227b0]: Decrypted Packet[2] Handshake(22) with length: 205
client|<4>| HSK[0x6227b0]: SERVER KEY EXCHANGE (12) was received. Length 201[201], frag offset 0, frag length: 201, sequence: 0
client|<4>| HSK[0x6227b0]: Selected ECC curve SECP256R1 (2)
client|<3>| ASSERT: common.c:1052
client|<3>| ASSERT: common.c:1052
client|<4>| HSK[0x6227b0]: verify handshake data: using RSA-MD5
client|<3>| ASSERT: gnutls_sig.c:352
client|<3>| ASSERT: cert.c:2264
client|<3>| ASSERT: gnutls_kx.c:459
client|<3>| ASSERT: gnutls_handshake.c:2760
client|<5>| REC[0x6227b0]: Start of epoch cleanup
client|<5>| REC[0x6227b0]: End of epoch cleanup
client|<5>| REC[0x6227b0]: Epoch #0 freed
client|<5>| REC[0x6227b0]: Epoch #1 freed
Self test `./sign-md5-rep' finished with 0 errors
From a.radke at arcor.de Tue May 5 18:46:45 2015
From: a.radke at arcor.de (Andreas Radke)
Date: Tue, 5 May 2015 18:46:45 +0200
Subject: [gnutls-devel] gnutls 3.4.1
In-Reply-To: <1430676329.17186.2.camel@gnutls.org>
References: <1430676329.17186.2.camel@gnutls.org>
Message-ID: <20150505184645.6697c386@laptop64.home>
Following your suggestion I'm trying to build the new release using
--without-idn and it fails one test:
========================================
GnuTLS 3.4.1: tests/test-suite.log
========================================
# TOTAL: 114
# PASS: 111
# SKIP: 2
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
.. contents:: :depth: 2
FAIL: hostname-check
====================
1152: Hostname incorrectly does not match (0)
Is it safe to skip this failure? Is it caused by libidn removal?
-Andy
ArchLinux
From nmav at gnutls.org Wed May 6 09:53:44 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Wed, 6 May 2015 09:53:44 +0200
Subject: [gnutls-devel] 3.3.15 testsuite error on kfreebsd-*
In-Reply-To: <20150505173917.GA1623@downhill.g.la>
References: <20150505173917.GA1623@downhill.g.la>
Message-ID:
On Tue, May 5, 2015 at 7:39 PM, Andreas Metzler wrote:
> Hello,
> the newly added sign-md5-rep test often (but not always) fails on
> kfreebsd-*. --verbose does not look enlightening to me, but I have
> attached logs both of a failing and a working run nevertheless.
Thanks. It seems there was some race condition which causes failures
randomly. I've updated it.
regards,
Nikos
From nmav at gnutls.org Wed May 6 10:02:45 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Wed, 6 May 2015 10:02:45 +0200
Subject: [gnutls-devel] gnutls 3.4.1
In-Reply-To: <20150505184645.6697c386@laptop64.home>
References: <1430676329.17186.2.camel@gnutls.org>
<20150505184645.6697c386@laptop64.home>
Message-ID:
On Tue, May 5, 2015 at 6:46 PM, Andreas Radke wrote:
> Following your suggestion I'm trying to build the new release using
> --without-idn and it fails one test:
> FAIL: hostname-check
> ====================
>
> 1152: Hostname incorrectly does not match (0)
> Is it safe to skip this failure? Is it caused by libidn removal?
Correct. I'll commit a fix for that.
From nmav at gnutls.org Wed May 6 10:11:14 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Wed, 6 May 2015 10:11:14 +0200
Subject: [gnutls-devel] Build failure of GnuTLS
In-Reply-To: <1E915CC5-9F05-4AA4-A6AB-AEA3DBE9FB96@opencsw.org>
References: <1E915CC5-9F05-4AA4-A6AB-AEA3DBE9FB96@opencsw.org>
Message-ID:
On Sun, May 3, 2015 at 9:46 PM, Dagobert Michelsen wrote:
> Hi,
>
> I am trying the latest 3.3.14 on Solaris 10 Sparc with GCC 4.9 and get the following error:
> gmake[6]: Entering directory '/home/dam/mgar/pkg/gnutls3/trunk/work/solaris10-sparc/build-isa-sparcv8plus/gnutls-3.3.14/src/gl'
> CC c-ctype.lo
> CC exitfail.lo
> CC fd-hook.lo
> CC gettime.lo
> CC malloca.lo
> CC parse-datetime.lo
> CC progname.lo
> CC read-file.lo
> CC sockets.lo
> CC sys_socket.lo
> CC timespec.lo
> CC unistd.lo
> CC xmalloc.lo
> CC xalloc-die.lo
> CC xsize.lo
> CC asnprintf.lo
> CC error.lo
> CC getdelim.lo
> CC getline.lo
> CC mktime.lo
> gmake[6]: *** No rule to make target 'printf-args.c', needed by 'printf-args.lo'. Stop.
> gmake[6]: Leaving directory '/home/dam/mgar/pkg/gnutls3/trunk/work/solaris10-sparc/build-isa-sparcv8plus/gnutls-3.3.14/src/gl'
> It looks like the bootstrapping from gnulib is missing some substitutions needed for Solaris.
Hello,
I checked both 3.3.14 and 15, and this file is present there. Are you
sure you are building from the distributed sources?
regards,
Nikos
From ametzler at bebt.de Thu May 7 18:35:25 2015
From: ametzler at bebt.de (Andreas Metzler)
Date: Thu, 7 May 2015 18:35:25 +0200
Subject: [gnutls-devel] 3.3.15 testsuite error on kfreebsd-*
In-Reply-To:
References: <20150505173917.GA1623@downhill.g.la>
Message-ID: <20150507163525.GA1616@downhill.g.la>
On 2015-05-06 Nikos Mavrogiannopoulos wrote:
> On Tue, May 5, 2015 at 7:39 PM, Andreas Metzler wrote:
>> the newly added sign-md5-rep test often (but not always) fails on
>> kfreebsd-*. --verbose does not look enlightening to me, but I have
>> attached logs both of a failing and a working run nevertheless.
> Thanks. It seems there was some race condition which causes failures
> randomly. I've updated it.
Thanks, worked like a charm.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
From ametzler at bebt.de Sun May 10 13:24:39 2015
From: ametzler at bebt.de (Andreas Metzler)
Date: Sun, 10 May 2015 13:24:39 +0200
Subject: [gnutls-devel] NORMAL:-SIGN-ALL changed behavior in 3.3.15
Message-ID: <20150510112439.GA1291@downhill.g.la>
Hello,
I have tried finding the reason for
(lynx nor being able to connect to kernel.org since upgrading GnuTLS
to 3.3.15). Afaict it comes from lynx using this byzantine priority
string:
NONE:+VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+COMP-NULL:+DHE-RSA:+RSA:+DHE-DSS:+SHA1:+MD5
Which notably does not add any of the following after removing all by
starting with NONE:
- SIGN-* (Signature algorithms)
- CURVE-* (Elliptic curves)
- CTYPE-* (Certificate type)
Boiling this down to the simplest case shows that 3.3.14 connected
successfully (including certificate verification) to www.kernel.org,
but 3.3.15 stopped doing so. I suspect it is side-effect of the fix
for GNUTLS-SA-2015-2.
Is this the right thing to do? And if it is (I personally think so)
shouldn't
gnutls-cli --priority=NORMAL:-CTYPE-ALL www.kernel.org
also fail?
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
From n.mavrogiannopoulos at gmail.com Mon May 11 08:23:41 2015
From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos)
Date: Mon, 11 May 2015 08:23:41 +0200
Subject: [gnutls-devel] NORMAL:-SIGN-ALL changed behavior in 3.3.15
In-Reply-To: <20150510112439.GA1291@downhill.g.la>
References: <20150510112439.GA1291@downhill.g.la>
Message-ID:
The priority string is indeed wrong. The issue is that it enables tls1.2 but no signature algorithms. Given that the fix in 3.3.15 is to enforce the algorithms set, the issue seen is justified.
On 10 May 2015 13:24:39 CEST, Andreas Metzler wrote:
>Hello,
>
>I have tried finding the reason for
>(lynx nor being able to connect to kernel.org since upgrading GnuTLS
>to 3.3.15). Afaict it comes from lynx using this byzantine priority
>string:
>NONE:+VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+COMP-NULL:+DHE-RSA:+RSA:+DHE-DSS:+SHA1:+MD5
>
>Which notably does not add any of the following after removing all by
>starting with NONE:
>- SIGN-* (Signature algorithms)
>- CURVE-* (Elliptic curves)
>- CTYPE-* (Certificate type)
>
>Boiling this down to the simplest case shows that 3.3.14 connected
>successfully (including certificate verification) to www.kernel.org,
>but 3.3.15 stopped doing so. I suspect it is side-effect of the fix
>for GNUTLS-SA-2015-2.
>
>Is this the right thing to do? And if it is (I personally think so)
>shouldn't
>gnutls-cli --priority=NORMAL:-CTYPE-ALL www.kernel.org
>also fail?
>
>cu Andreas
--
Sent fron my mobile. Please excuse my brevity.
From ametzler at bebt.de Mon May 11 19:18:59 2015
From: ametzler at bebt.de (Andreas Metzler)
Date: Mon, 11 May 2015 19:18:59 +0200
Subject: [gnutls-devel] NORMAL:-SIGN-ALL changed behavior in 3.3.15
In-Reply-To:
References: <20150510112439.GA1291@downhill.g.la>
Message-ID: <20150511171859.GA1335@downhill.g.la>
On 2015-05-11 Nikos Mavrogiannopoulos wrote:
> On 10 May 2015 13:24:39 CEST, Andreas Metzler wrote:
> >Hello,
> >
> >I have tried finding the reason for
> >(lynx nor being able to connect to kernel.org since upgrading GnuTLS
> >to 3.3.15). Afaict it comes from lynx using this byzantine priority
> >string:
> >NONE:+VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+COMP-NULL:+DHE-RSA:+RSA:+DHE-DSS:+SHA1:+MD5
>> Boiling this down to the simplest case shows that 3.3.14 connected
>> successfully (including certificate verification) to www.kernel.org,
>> but 3.3.15 stopped doing so. I suspect it is side-effect of the fix
>> for GNUTLS-SA-2015-2.
> The priority string is indeed wrong. The issue is that it enables
> tls1.2 but no signature algorithms. Given that the fix in 3.3.15 is
> to enforce the algorithms set, the issue seen is justified.
Thanks for the confirmation, I will submit a bug report against lynx.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
From ann.lai at oracle.com Thu May 14 00:38:06 2015
From: ann.lai at oracle.com (Ann Lai)
Date: Wed, 13 May 2015 15:38:06 -0700
Subject: [gnutls-devel] gnutls 3.4 build failed to build on Solaris because
of missing SOCK_CLOEXEC symbol
Message-ID: <5553D24E.7000907@oracle.com>
Hi,
gnutls 3.4.0 failed to build on Solaris systems because SOCK_CLOEXEC
symbol. Below is a proposed patch to fix.
--- ORIGINAL/./tests/utils.c 2015-05-07 17:10:15.668662904 -0700
+++ gnutls-3.4.0/./tests/utils.c 2015-05-07 18:33:41.145146750 -0700
@@ -33,6 +33,7 @@
#include
#include
#include
+#include
#include "utils.h"
@@ -187,8 +188,16 @@
.sin_port = 0
};
int fd;
+ int flags;
+#ifdef SOCK_CLOEXEC
fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+#else
+ fd = socket(AF_INET, SOCK_DGRAM, 0);
+ flags = fcntl(fd, F_GETFD, 0);
+ if (flags >= 0)
+ fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
+#endif
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char*)&on, sizeof(on));
#if defined(SO_REUSEPORT)
setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (char*)&on, sizeof(on));
Thanks,
Ann
From nmav at gnutls.org Fri May 15 11:48:00 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 15 May 2015 11:48:00 +0200
Subject: [gnutls-devel] gnutls 3.4 build failed to build on Solaris
because of missing SOCK_CLOEXEC symbol
In-Reply-To: <5553D24E.7000907@oracle.com>
References: <5553D24E.7000907@oracle.com>
Message-ID:
On Thu, May 14, 2015 at 12:38 AM, Ann Lai wrote:
> Hi,
> gnutls 3.4.0 failed to build on Solaris systems because SOCK_CLOEXEC symbol.
> Below is a proposed patch to fix.
Hi,
Wasn't that fixed in 3.4.1 release?
From nmav at gnutls.org Fri May 15 11:48:58 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 15 May 2015 11:48:58 +0200
Subject: [gnutls-devel] gnutls 3.3.x + nettle 3.x
In-Reply-To: <20150504165037.GA1639@downhill.g.la>
References:
<20150504165037.GA1639@downhill.g.la>
Message-ID:
On Mon, May 4, 2015 at 6:50 PM, Andreas Metzler wrote:
> On 2015-05-04 Nikos Mavrogiannopoulos wrote:
>> I had to make a patch to compile gnutls 3.3.x using nettle 3.1 or
>> later. For that I make a short patch in [0]. Is there wider interest
>> for such a feature in 3.3.x? If there is it would make sense to add it
>> conditionally in the build.
> I have seen this on the gnutls_3_3_x branch. And made a test-upload to
> Debian/experimental
> (https://buildd.debian.org/status/package.php?p=gnutls28&suite=experimental).
> I would like to see this feature. We would use this in Debian
> temporarily as it would allow us to decouple the nettle (2.7 -> 3.x)
> and gnutls (3.3 -> to 3.4) transitions.
Hi,
I've committed a patch in the 3.3.x branch which will compile against
the nettle library which is detected (3.x or 2.7.1).
regards,
Nikos
From n.mavrogiannopoulos at gmail.com Wed May 20 17:10:20 2015
From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos)
Date: Wed, 20 May 2015 17:10:20 +0200
Subject: [gnutls-devel] weak dh issue
Message-ID:
According to https://weakdh.org/ there is a new attack which relies on
clients accepting weak DHE parameters. GnuTLS is unaffected by this
attack, and it seems like a good choice that we always imposed higher
standards for parameters than other implementations despite the many
bug reports [0] in the past.
[0]. http://www.gnutls.org/faq.html#prime-not-acceptable
From kurt at roeckx.be Wed May 20 19:11:18 2015
From: kurt at roeckx.be (Kurt Roeckx)
Date: Wed, 20 May 2015 19:11:18 +0200
Subject: [gnutls-devel] weak dh issue
In-Reply-To:
References:
Message-ID: <20150520171118.GA12189@roeckx.be>
On Wed, May 20, 2015 at 05:10:20PM +0200, Nikos Mavrogiannopoulos wrote:
> According to https://weakdh.org/ there is a new attack which relies on
> clients accepting weak DHE parameters. GnuTLS is unaffected by this
> attack, and it seems like a good choice that we always imposed higher
> standards for parameters than other implementations despite the many
> bug reports [0] in the past.
But you should consider changing the minimum to 1024 instead of
the current 768.
Kurt
From nmav at gnutls.org Wed May 20 20:23:54 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Wed, 20 May 2015 20:23:54 +0200
Subject: [gnutls-devel] weak dh issue
In-Reply-To: <20150520171118.GA12189@roeckx.be>
References:
<20150520171118.GA12189@roeckx.be>
Message-ID: <1432146234.3408.6.camel@gnutls.org>
On Wed, 2015-05-20 at 19:11 +0200, Kurt Roeckx wrote:
> On Wed, May 20, 2015 at 05:10:20PM +0200, Nikos Mavrogiannopoulos wrote:
> > According to https://weakdh.org/ there is a new attack which relies on
> > clients accepting weak DHE parameters. GnuTLS is unaffected by this
> > attack, and it seems like a good choice that we always imposed higher
> > standards for parameters than other implementations despite the many
> > bug reports [0] in the past.
> But you should consider changing the minimum to 1024 instead of
> the current 768.
Indeed, that attack provides a good opportunity for that. In fact the
only way to increase the security levels today is due to the publicity
of these attacks. Without that, it is an uphill battle to convince users
users and administrators that less than 1024-bit DH parameters is not
enough, when all the browsers connect to those sites with no warning.
regards,
Nikos
From nmav at gnutls.org Wed May 20 20:32:29 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Wed, 20 May 2015 20:32:29 +0200
Subject: [gnutls-devel] weak dh issue
In-Reply-To: <20150520171118.GA12189@roeckx.be>
References:
<20150520171118.GA12189@roeckx.be>
Message-ID: <1432146749.3408.7.camel@gnutls.org>
On Wed, 2015-05-20 at 19:11 +0200, Kurt Roeckx wrote:
> On Wed, May 20, 2015 at 05:10:20PM +0200, Nikos Mavrogiannopoulos wrote:
> > According to https://weakdh.org/ there is a new attack which relies on
> > clients accepting weak DHE parameters. GnuTLS is unaffected by this
> > attack, and it seems like a good choice that we always imposed higher
> > standards for parameters than other implementations despite the many
> > bug reports [0] in the past.
> But you should consider changing the minimum to 1024 instead of
> the current 768.
Checking it further, it seems the current is not 768 but 1008. It is the
web page that wasn't updated.
regards,
Nikos
From tim.kosse at filezilla-project.org Wed May 20 22:36:56 2015
From: tim.kosse at filezilla-project.org (Tim Kosse)
Date: Wed, 20 May 2015 22:36:56 +0200
Subject: [gnutls-devel] weak dh issue
In-Reply-To: <1432146749.3408.7.camel@gnutls.org>
References:
<20150520171118.GA12189@roeckx.be> <1432146749.3408.7.camel@gnutls.org>
Message-ID: <555CF068.2060704@filezilla-project.org>
Hi,
On 2015-05-20 20:32, Nikos Mavrogiannopoulos wrote:
> Checking it further, it seems the current is not 768 but 1008. It is the
> web page that wasn't updated.
The documentation for the deprecated gnutls_dh_set_prime_bits currently
says "values lower than 512 bits may allow decryption of the exchanged
data". I suppose this needs to be updated as well as long as the
function isn't removed.
Regards,
Tim Kosse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL:
From nmav at gnutls.org Thu May 21 11:57:34 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Thu, 21 May 2015 11:57:34 +0200
Subject: [gnutls-devel] weak dh issue
In-Reply-To: <555CF068.2060704@filezilla-project.org>
References:
<20150520171118.GA12189@roeckx.be>
<1432146749.3408.7.camel@gnutls.org>
<555CF068.2060704@filezilla-project.org>
Message-ID:
On Wed, May 20, 2015 at 10:36 PM, Tim Kosse
wrote:
> Hi,
> The documentation for the deprecated gnutls_dh_set_prime_bits currently
> says "values lower than 512 bits may allow decryption of the exchanged
> data". I suppose this needs to be updated as well as long as the
> function isn't removed.
Updated to warn if setting anything lower than the current default.
https://gitlab.com/gnutls/gnutls/commit/de12109088650e3c55e1b942987d899b15ca2a17
regards,
Nikos
From thomas2.klute at uni-dortmund.de Fri May 22 00:17:27 2015
From: thomas2.klute at uni-dortmund.de (Thomas Klute)
Date: Fri, 22 May 2015 00:17:27 +0200
Subject: [gnutls-devel] Bug: gnutls_dh_get_group prepends a zero byte to
prime
Message-ID: <555E5977.2090804@uni-dortmund.de>
Hello,
I believe I have found a bug in gnutls_dh_get_group: It returns the
prime with an extra zero byte at the beginning.
The small program at [1] tries a handshake with DHE and then compares
the parameters with those read from a PEM encoded PKCS3 file (assuming
it's the same one used by the server). The prime as read from the file
matches the one in the Server Key Exchange packet (checked with
Wireshark), but the gnutls_datum_t filled by gnutls_dh_get_group
contains the extra byte. With the one byte offset in lines 240 and 241
[2], the primes match.
You can try my example code as follows:
Compile:
$ gcc --std=gnu11 -o dh_check dh_check.c `pkg-config --libs --cflags gnutls`
Start gnutls-serv with an X.509 key/cert and custom DH params from
dhfile.pem (or store the default params in that file) and run the example:
$ ./dh_check -c dhfile.pem
By default, dh_check tries to connect to localhost:443, you can use -h
HOST and -p PORT to connect to somewhere else.
The handshake works as expected, so I guess the bug is just in the code
that retrieves the prime from the session. ;-)
Kind regards,
Thomas
[1] https://gist.github.com/airtower-luna/5a62fd9356a19157471c
[2]
https://gist.github.com/airtower-luna/5a62fd9356a19157471c#file-dh_check-c-L240-L241
From nmav at gnutls.org Fri May 22 09:05:46 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 22 May 2015 09:05:46 +0200
Subject: [gnutls-devel] Bug: gnutls_dh_get_group prepends a zero byte to
prime
In-Reply-To: <555E5977.2090804@uni-dortmund.de>
References: <555E5977.2090804@uni-dortmund.de>
Message-ID:
On Fri, May 22, 2015 at 12:17 AM, Thomas Klute
wrote:
> Hello,
> I believe I have found a bug in gnutls_dh_get_group: It returns the
> prime with an extra zero byte at the beginning.
Indeed, I see that the number is written as a non-negative integer
there, so it will have a leading zero if the number would have been
interpreted as negative. The intention was to assist applications who
may import that value in an mpz_t value. Would it make sense to
document the fact that there may be a leading zero in that case,
rather than eliminating? That behavior has been for quite some time
and I believe any users of this function would already use or work
around it.
regards,
Nikos
From thomas2.klute at uni-dortmund.de Fri May 22 16:11:18 2015
From: thomas2.klute at uni-dortmund.de (Thomas Klute)
Date: Fri, 22 May 2015 16:11:18 +0200
Subject: [gnutls-devel] Bug: gnutls_dh_get_group prepends a zero byte to
prime
In-Reply-To:
References: <555E5977.2090804@uni-dortmund.de>
Message-ID: <555F3906.9040807@uni-dortmund.de>
Am 22.05.2015 um 09:05 schrieb Nikos Mavrogiannopoulos:
> On Fri, May 22, 2015 at 12:17 AM, Thomas Klute
> wrote:
>> Hello,
>> I believe I have found a bug in gnutls_dh_get_group: It returns the
>> prime with an extra zero byte at the beginning.
>
> Indeed, I see that the number is written as a non-negative integer
> there, so it will have a leading zero if the number would have been
> interpreted as negative. The intention was to assist applications who
> may import that value in an mpz_t value. Would it make sense to
> document the fact that there may be a leading zero in that case,
> rather than eliminating? That behavior has been for quite some time
> and I believe any users of this function would already use or work
> around it.
That makes sense, thank you. Knowing about the (possible) offset makes
it easy enough to work around where necessary. :-)
Kind regards,
Thomas
From home_pw at msn.com Fri May 22 16:50:03 2015
From: home_pw at msn.com (Peter Williams)
Date: Fri, 22 May 2015 07:50:03 -0700
Subject: [gnutls-devel] Bug: gnutls_dh_get_group prepends a zero byte
to prime
Message-ID:
Simply add comment that the value is output as an x409 integer in ber encoding (and perhaps der encoding).
In type theory, one can compare properly (according to the encoding).
When comparing certs (properly, as types), one needs formalities such as this. Historically, upon receipt of client cert during association binding, one issues a directory compare operation which, she executed by the resolver, would compare the value against the value(s) in the named directory record, to test existence of the operand in the "trust list".
Obviously a security critical operation, for which one uses formal type theory which, for certs was a little over formalized due to the any typing of the dh block.
All good fodder for structured vulnerability insertion in standards, of course, in the name of extensibility.
Sent from my Windows Phone
________________________________
From: Nikos Mavrogiannopoulos
Sent: ?5/?22/?2015 12:06 AM
To: Thomas Klute
Cc: bugs at gnutls.org
Subject: Re: [gnutls-devel] Bug: gnutls_dh_get_group prepends a zero byte to prime
On Fri, May 22, 2015 at 12:17 AM, Thomas Klute
wrote:
> Hello,
> I believe I have found a bug in gnutls_dh_get_group: It returns the
> prime with an extra zero byte at the beginning.
Indeed, I see that the number is written as a non-negative integer
there, so it will have a leading zero if the number would have been
interpreted as negative. The intention was to assist applications who
may import that value in an mpz_t value. Would it make sense to
document the fact that there may be a leading zero in that case,
rather than eliminating? That behavior has been for quite some time
and I believe any users of this function would already use or work
around it.
regards,
Nikos
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel at lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From armin at arbur.net Sun May 24 05:30:18 2015
From: armin at arbur.net (Armin Burgmeier)
Date: Sat, 23 May 2015 23:30:18 -0400
Subject: [gnutls-devel] [PATCH] gnutls_dh_get_prime_bits: return 0 if DH is
not used
Message-ID: <1432438554.1451.17.camel@waverley>
Before, the number of bits of a zero-length number was attempted to be
extracted, resulting in an error. The changed behaviour is consistent with
the documentation which explicitly states that 0 should be returned if no DH
key exchange was performed.
---
lib/gnutls_ui.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index f557f6c..f5e8530 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -362,6 +362,9 @@ int gnutls_dh_get_prime_bits(gnutls_session_t session)
return GNUTLS_E_INVALID_REQUEST;
}
+ if(dh->prime.size == 0)
+ return 0;
+
return mpi_buf2bits(&dh->prime);
}
--
2.1.4
From nmav at gnutls.org Sun May 24 13:29:18 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 24 May 2015 13:29:18 +0200
Subject: [gnutls-devel] [PATCH] gnutls_dh_get_prime_bits: return 0 if DH
is not used
In-Reply-To: <1432438554.1451.17.camel@waverley>
References: <1432438554.1451.17.camel@waverley>
Message-ID: <1432466958.7883.2.camel@gnutls.org>
On Sat, 2015-05-23 at 23:30 -0400, Armin Burgmeier wrote:
> Before, the number of bits of a zero-length number was attempted to be
> extracted, resulting in an error. The changed behaviour is consistent with
> the documentation which explicitly states that 0 should be returned if no DH
> key exchange was performed.
Applied. Thank you.
From armin at arbur.net Sun May 24 18:12:24 2015
From: armin at arbur.net (Armin Burgmeier)
Date: Sun, 24 May 2015 12:12:24 -0400
Subject: [gnutls-devel] RSA vs. DHE-RSA with default priority string
Message-ID: <1432483944.2026.13.camel@arbur.net>
Hi,
I have a server [0] which allows use of DHE-RSA but does not enforce it.
It does not support any ECC, though.
When connecting with gnutls-cli from master (and 3.3), it chooses RSA
key exchange instead of DHE-RSA. I only get DHE-RSA when I specify
--priority=PFS.
I compared this to gnutls-cli from gnutls 2.12.23: with the default
priority string, I get DHE-RSA. I could switch to RSA with
--priority=PERFORMANCE.
The behaviour of gnutls 2.12 seems more reasonable to me. How would I
make the current version of gnutls prefer DHE-RSA but still allow RSA if
the server does not support DH? I understand --priority=PFS completely
disables any non-PFS kx algorithms. I'd prefer not to hand-craft a
priority string that explicitly contains algorithm names, so that I stay
upwards-compatible.
Thanks,
Armin
[0] https://server01.komline.de
From nmav at gnutls.org Sun May 24 18:34:23 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 24 May 2015 18:34:23 +0200
Subject: [gnutls-devel] RSA vs. DHE-RSA with default priority string
In-Reply-To: <1432483944.2026.13.camel@arbur.net>
References: <1432483944.2026.13.camel@arbur.net>
Message-ID: <1432485263.14036.5.camel@gnutls.org>
On Sun, 2015-05-24 at 12:12 -0400, Armin Burgmeier wrote:
> Hi,
>
> I have a server [0] which allows use of DHE-RSA but does not enforce it.
> It does not support any ECC, though.
>
> When connecting with gnutls-cli from master (and 3.3), it chooses RSA
> key exchange instead of DHE-RSA. I only get DHE-RSA when I specify
> --priority=PFS.
The priorities were adjusted for DHE to be in the end of the list
sometime during the 3.x branch because of the compatibility issues these
ciphersuites have. That is if as a client you connect to a server which
presents inadequate length of prime the handshake would fail (as seen in
http://www.gnutls.org/faq.html#prime-not-acceptable ).
There is no way to avoid that, thus the solution was to move DHE in the
end of the list by the time we had reliable ECDHE support. Said that, if
you want to prioritize DHE over RSA you can do:
"PFS:+RSA", or "NORMAL:-RSA:+RSA"
regards,
Nikos
From armin at arbur.net Sun May 24 18:47:41 2015
From: armin at arbur.net (Armin Burgmeier)
Date: Sun, 24 May 2015 12:47:41 -0400
Subject: [gnutls-devel] RSA vs. DHE-RSA with default priority string
In-Reply-To: <1432485263.14036.5.camel@gnutls.org>
References: <1432483944.2026.13.camel@arbur.net>
<1432485263.14036.5.camel@gnutls.org>
Message-ID: <1432486061.2026.17.camel@arbur.net>
On Sun, 2015-05-24 at 18:34 +0200, Nikos Mavrogiannopoulos wrote:
> On Sun, 2015-05-24 at 12:12 -0400, Armin Burgmeier wrote:
> > Hi,
> >
> > I have a server [0] which allows use of DHE-RSA but does not enforce it.
> > It does not support any ECC, though.
> >
> > When connecting with gnutls-cli from master (and 3.3), it chooses RSA
> > key exchange instead of DHE-RSA. I only get DHE-RSA when I specify
> > --priority=PFS.
>
> The priorities were adjusted for DHE to be in the end of the list
> sometime during the 3.x branch because of the compatibility issues these
> ciphersuites have. That is if as a client you connect to a server which
> presents inadequate length of prime the handshake would fail (as seen in
> http://www.gnutls.org/faq.html#prime-not-acceptable ).
>
> There is no way to avoid that, thus the solution was to move DHE in the
> end of the list by the time we had reliable ECDHE support. Said that, if
> you want to prioritize DHE over RSA you can do:
> "PFS:+RSA", or "NORMAL:-RSA:+RSA"
Thanks for the explanation and the suggestions! I'll go with that.
Armin
From ann.lai at oracle.com Tue May 26 20:22:32 2015
From: ann.lai at oracle.com (Ann Lai)
Date: Tue, 26 May 2015 11:22:32 -0700
Subject: [gnutls-devel] gnutls 3.4 build failed to build on Solaris
because of missing SOCK_CLOEXEC symbol
In-Reply-To:
References: <5553D24E.7000907@oracle.com>
Message-ID: <5564B9E8.8060109@oracle.com>
On 5/15/2015 2:48 AM, Nikos Mavrogiannopoulos wrote:
> On Thu, May 14, 2015 at 12:38 AM, Ann Lai wrote:
>> Hi,
>> gnutls 3.4.0 failed to build on Solaris systems because SOCK_CLOEXEC symbol.
>> Below is a proposed patch to fix.
> Hi,
> Wasn't that fixed in 3.4.1 release?
Yes it's fixed in 3.4.1. Thanks.
From ann.lai at oracle.com Sat May 30 04:00:24 2015
From: ann.lai at oracle.com (Ann Lai)
Date: Fri, 29 May 2015 19:00:24 -0700
Subject: [gnutls-devel] --disable-ecdhe does not take out all ecdh
Message-ID: <556919B8.1060809@oracle.com>
Hi,
It looks like with this flag --disable-ecdhe on in configure, there are
still ecdh code in /./lib/nettle/pk.c. The code failed to compiled when
this flag is enabled.
I made a fix by adding ifdef around the ecdhe parts in file pk.c below:
--- ORIGINAL/./lib/nettle/pk.c 2015-05-21 16:21:09.544206257 -0700
+++ gnutls-3.4.1/./lib/nettle/pk.c 2015-05-21 16:42:37.914953878 -0700
@@ -45,13 +45,17 @@
#include
#include
#include
+#if defined(ENABLE_ECDHE)
#include
#include
#include
+#endif
#include
#include
+#if defined(ENABLE_ECDHE)
static inline const struct ecc_curve *get_supported_curve(int curve);
+#endif
static void rnd_func(void *_ctx, size_t length, uint8_t * data)
{
@@ -64,6 +68,7 @@
}
}
+#if defined(ENABLE_ECDHE)
static void
ecc_scalar_zclear (struct ecc_scalar *s)
{
@@ -77,6 +82,7 @@
zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t));
ecc_point_clear(p);
}
+#endif
static void
_dsa_params_get(const gnutls_pk_params_st * pk_params,
@@ -113,6 +119,7 @@
pub->size = nettle_mpz_sizeinbase_256_u(pub->n);
}
+#if defined(ENABLE_ECDHE)
static int
_ecc_params_to_privkey(const gnutls_pk_params_st * pk_params,
struct ecc_scalar *priv,
@@ -161,6 +168,7 @@
return;
}
+#endif
#define MAX_DH_BITS DEFAULT_MAX_VERIFY_BITS
/* This is used when we have no idea on the structure
@@ -245,6 +253,7 @@
break;
}
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
{
struct ecc_scalar ecc_priv;
@@ -290,6 +299,7 @@
goto cleanup;
break;
}
+#endif
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -447,6 +457,7 @@
const mac_entry_st *me;
switch (algo) {
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC: /* we do ECDSA */
{
struct ecc_scalar priv;
@@ -495,6 +506,7 @@
}
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_params pub;
@@ -601,6 +613,7 @@
bigint_t tmp[2] = { NULL, NULL };
switch (algo) {
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC: /* ECDSA */
{
struct ecc_point pub;
@@ -647,6 +660,7 @@
ecc_point_clear(&pub);
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_params pub;
@@ -726,6 +740,7 @@
return ret;
}
+#if defined(ENABLE_ECDHE)
static inline const struct ecc_curve *get_supported_curve(int curve)
{
switch (curve) {
@@ -750,6 +765,7 @@
{
return ((get_supported_curve(curve)!=NULL)?1:0);
}
+#endif
/* Generates algorithm's parameters. That is:
* For DSA: p, q, and g are generated.
@@ -854,9 +870,11 @@
break;
}
case GNUTLS_PK_RSA:
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
ret = 0;
break;
+#endif
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
@@ -884,6 +902,7 @@
const gnutls_datum_t *priv_key, const
gnutls_datum_t *pu
b_key,
const gnutls_datum_t *peer_key,
gnutls_datum_t *Z);
+#if defined(ENABLE_ECDHE)
int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve,
const gnutls_datum_t *x, const
gnutls_datum_t *y,
const gnutls_datum_t *k,
@@ -893,6 +912,7 @@
int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
gnutls_datum_t *x, gnutls_datum_t *y,
gnutls_datum_t *k);
+#endif
int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params,
@@ -988,6 +1008,7 @@
return ret;
}
+#if defined(ENABLE_ECDHE)
int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
gnutls_datum_t *x, gnutls_datum_t *y,
gnutls_datum_t *k)
@@ -1116,6 +1137,7 @@
gnutls_pk_params_clear(&priv);
return ret;
}
+#endif /*ENABLE_ECDHE*/
#endif
@@ -1308,6 +1330,7 @@
break;
}
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
@@ -1350,6 +1373,7 @@
break;
}
+#endif
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
@@ -1494,6 +1518,7 @@
}
break;
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
{
struct ecc_point r, pub;
@@ -1567,6 +1592,7 @@
mpz_clear(y2);
}
break;
+#endif
default:
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
@@ -1584,6 +1610,7 @@
case GNUTLS_PK_RSA:
case GNUTLS_PK_DSA:
return 0;
+#if defined(ENABLE_ECDHE)
case GNUTLS_PK_EC:
{
/* just verify that x and y lie on the curve */
@@ -1624,6 +1651,7 @@
ecc_point_clear(&pub);
}
break;
+#endif
default:
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
@@ -1725,5 +1753,7 @@
.generate_keys = wrap_nettle_pk_generate_keys,
.pk_fixup_private_params = wrap_nettle_pk_fixup,
.derive = _wrap_nettle_pk_derive,
+#if defined(ENABLE_ECDHE)
.curve_exists = _wrap_nettle_pk_curve_exists,
+#endif
};
Thanks,
Ann
From broodling6 at yahoo.com Sun May 31 01:47:47 2015
From: broodling6 at yahoo.com (Benjamin)
Date: Sat, 30 May 2015 23:47:47 +0000 (UTC)
Subject: [gnutls-devel] different lib directories for gnutls and nettle
References: <437hbgql64.wl%bjg@gnu.org>
Message-ID:
Brian Gough gnu.org> writes:
>
>
> checking whether to use nettle... yes
> checking for libnettle... no
> configure: error:
> ***
> *** Libnettle 2.1 was not found.
>
> make: *** [configure-work/gnutls-2.12.0/configure] Error 1
>
> See http://chapters.gnu.org/~bjg/gsrc/logs/gnutls.txt for a complete
> example.
>
Yes, I have gotten that same error as well. Your post was useful to know
that I was not alone in that bug, however you omit a solution to that
problem. What is the solution for Ubuntu 15.04? I am new Linux user by the way.
From nmav at gnutls.org Sun May 31 08:55:26 2015
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 31 May 2015 08:55:26 +0200
Subject: [gnutls-devel] --disable-ecdhe does not take out all ecdh
In-Reply-To: <556919B8.1060809@oracle.com>
References: <556919B8.1060809@oracle.com>
Message-ID: <1433055326.1711.1.camel@gnutls.org>
On Fri, 2015-05-29 at 19:00 -0700, Ann Lai wrote:
> Hi,
>
> It looks like with this flag --disable-ecdhe on in configure, there are
> still ecdh code in /./lib/nettle/pk.c. The code failed to compiled when
> this flag is enabled.
>
> I made a fix by adding ifdef around the ecdhe parts in file pk.c below:
Hi,
This patch doesn't apply in master. The best is to use git am to
produce the patches.
regards,
Nikos