From gnutls-devel at lists.gnutls.org Sat Jun 1 06:57:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Jun 2019 04:57:03 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#778) References: Message-ID: New Issue was created. Issue 778: https://gitlab.com/gnutls/gnutls/issues/778 Author: GnuTLS bot Assignees: The following issues require labels: - [ ] [set_read_funcs() breaks I/O on Windows](https://gitlab.com/gnutls/gnutls/issues/757) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/778 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 1 06:57:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Jun 2019 04:57:13 +0000 Subject: [gnutls-devel] GnuTLS | set_read_funcs() breaks I/O on Windows (#757) In-Reply-To: References: Message-ID: @lrn1986 This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/757#note_176868027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 1 06:57:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Jun 2019 04:57:16 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add CI tarball build (!809) In-Reply-To: References: Message-ID: @rockdaboot This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/809#note_176868039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 1 22:02:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Jun 2019 20:02:11 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switched fedora to latest version (!1015) References: Message-ID: New Merge Request !1015 https://gitlab.com/gnutls/gnutls/merge_requests/1015 Project:Branches: nmav/gnutls:tmp-fedora30 to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: This updates the fedora build images to fedora 30. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature ## Reviewer's checklist: * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1015 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 10:33:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 08:33:12 +0000 Subject: [gnutls-devel] GnuTLS | autogen is being run on the tarball even if --enable-local-libopts is given (#772) In-Reply-To: References: Message-ID: Daiki Ueno @dueno wrote > Is there any reason not to use help2man for (1)? help2man breaks cross-compilation, you will need some special handholding for cross-compiling (ship manpages in the tarball, only overwrite them with help2man output if not cross-building. Similar to the autogen .bak stuff now.) > I find Haskell dependency from pandoc rather problematic, though it's not a hard-dependency. Yeah, exchanging guile for haskell. ;-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/772#note_176969271 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 11:38:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 09:38:10 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switched fedora to latest version (!1015) In-Reply-To: References: Message-ID: Merge Request !1015 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1015 Project:Branches: nmav/gnutls:tmp-fedora30 to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1015 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 11:38:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 09:38:15 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switched fedora to latest version (!1015) In-Reply-To: References: Message-ID: Merge Request !1015 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1015 Project:Branches: nmav/gnutls:tmp-fedora30 to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1015 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 11:56:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 09:56:35 +0000 Subject: [gnutls-devel] GnuTLS | tools in src/ should not use libopts for parsing cmd line options (#775) In-Reply-To: References: Message-ID: > @ametzler Yeah, exchanging guile for haskell. ;-) Do you know of alternatives ? When adding/changing command line options within the C sources, the man pages and texinfo file should automatically be updated. This MR does it the following way: - build the tool - execute the tool with a special option - inject the output from the tool into a markdown template - use pandoc to generate manpage and texinfo from the resulting markdown file The workflow allows the developer to just work on the C code (adding an array entry and doing the implementation). No manual editing of texinfo, no out-of-sync of implementation and documentation ever again. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/775#note_176973731 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 12:44:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 10:44:56 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) References: Message-ID: New Merge Request !1016 https://gitlab.com/gnutls/gnutls/merge_requests/1016 Branches: tmp-fix-travis to master Author: Tim R?hsen Assignees: Fix OSX Travis CI runner. Clang < 4 does not implement warn_unused_result though the advertised gcc version implies it. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 12:45:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 10:45:38 +0000 Subject: [gnutls-devel] GnuTLS | Datum.c cleanup (!1002) In-Reply-To: References: Message-ID: Not sure which clang version the Travis OSX is using, but likely some 3.x. !1016 should fix it (tested locally with clang 3.5). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1002#note_176977159 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 15:40:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 13:40:53 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) In-Reply-To: References: Message-ID: Merge Request !1016 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1016 Branches: tmp-fix-travis to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 17:13:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 15:13:44 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) In-Reply-To: References: Message-ID: Merge Request !1016 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1016 Branches: tmp-fix-travis to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 18:09:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 16:09:36 +0000 Subject: [gnutls-devel] GnuTLS | tools in src/ should not use libopts for parsing cmd line options (#775) In-Reply-To: References: Message-ID: Tim R?hsen ? @rockdaboot wrote [...] > Do you know of alternatives? No, I had searched in vain multiple times. I have found myriads of C option parsing libraries, but many are orphaned and none of the ones I looked offered the autogeneration of docs as autogen did. (A typical example is gengetopt: It can produce manpages, but they are very bare-bone, and it is also dead upstream.) > When adding/changing command line options within the C sources, the man pages and texinfo file should automatically be updated. > > This MR does it the following way: > > build the tool > execute the tool with a special option > inject the output from the tool into a markdown template > use pandoc to generate manpage and texinfo from the resulting markdown file > > The workflow allows the developer to just work on the C code (adding an array entry and doing the implementation). No manual editing of texinfo, no out-of-sync of implementation and documentation ever again. That sounds very sensible and similar to the current solution. Thank you! (FWIW I think that moving away from autogen is something that will need to happen at some point, since it is a single-author project and upstream activity is declining.) Regarding markdown to man and/or texinfo converters: The alternatives are rare. ronn needs ruby and only does manpage output. lunamark (lua) might have been a candidate, but it is not even packaged for Debian. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/775#note_177011656 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 19:12:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 17:12:37 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) References: Message-ID: New Issue was created. Issue 779: https://gitlab.com/gnutls/gnutls/issues/779 Author: m-svo Assignees: ## Description of problem: ``` $ gnutls-cli lutris.net Processed 154 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.187.245:443'... *** Fatal error: Error in the pull function. ``` ## Version of gnutls used: 3.6.5 (Ubuntu) 3.6.8-1 (Arch Linux) ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu, Arch Linux ## How reproducible: Steps to Reproduce: * `gnutls-cli lutris.net` ## Actual results: ``` $ gnutls-cli lutris.net Processed 154 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.187.245:443'... *** Fatal error: Error in the pull function. ``` ## Expected results: Successful connection -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 22:03:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 20:03:36 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Ander Juaristi commented on a discussion on lib/auth/psk.h: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_177026254 > /* callback function, instead of reading the > * password files. > */ > - gnutls_psk_server_credentials_function *pwd_callback; > + union { > + gnutls_psk_server_credentials_function *cb1; Yes sorry, but I don't understand what you mean here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_177026254 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 22:31:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 20:31:36 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: I believe you are reporting an issue for a firewall that is in between your system and that site. ``` $ ./gnutls-cli lutris.net Processed 128 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.186.245:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=sni.cloudflaressl.com,O=CloudFlare\, Inc.,L=San Francisco,ST=CA,C=US', issuer `CN=CloudFlare Inc ECC CA-2,O=CloudFlare\, Inc.,L=San Francisco,ST=CA,C=US', serial 0x070999ccd2e22c5d2fb7c35247f15385, EC/ECDSA key 256 bits, signed using ECDSA-SHA256, activated `2018-09-14 00:00:00 UTC', expires `2019-09-14 12:00:00 UTC', pin-sha256="CPMCD7VB5kNrDN0RIWqN4QwSWNfyNms2PXwga7ZZ8+k=" Public Key ID: sha1:41b28bf80d40ec2ce1a21b5b0d245e6357e2cc3e sha256:08f3020fb541e6436b0cdd11216a8de10c1258d7f2366b363d7c206bb659f3e9 Public Key PIN: pin-sha256:CPMCD7VB5kNrDN0RIWqN4QwSWNfyNms2PXwga7ZZ8+k= - Certificate[1] info: - subject `CN=CloudFlare Inc ECC CA-2,O=CloudFlare\, Inc.,L=San Francisco,ST=CA,C=US', issuer `CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE', serial 0x0ff3e61639aa3d1a1265f41f8b34e5b6, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2015-10-14 12:00:00 UTC', expires `2020-10-09 12:00:00 UTC', pin-sha256="3kcNJzkUJ1RqMXJzFX4Zxux5WfETK+uL6Viq9lJNn4o=" - Status: The certificate is trusted. - Description: (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM) - Options: OCSP status request, - Handshake was completed - Simple Client Mode: ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177027749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 22:35:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 20:35:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: FWIW: I get the same result as Nikos. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177027872 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 22:41:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 20:41:38 +0000 Subject: [gnutls-devel] GnuTLS | set_read_funcs() breaks I/O on Windows (#757) In-Reply-To: References: Message-ID: Closing as addressed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/757#note_177028345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 22:41:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 20:41:47 +0000 Subject: [gnutls-devel] GnuTLS | set_read_funcs() breaks I/O on Windows (#757) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #757: https://gitlab.com/gnutls/gnutls/issues/757 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/757 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 2 22:42:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Jun 2019 20:42:06 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#778) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #778: https://gitlab.com/gnutls/gnutls/issues/778 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/778 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 06:47:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 04:47:08 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Yes, switching from my ISP to mobile network "fixes" the issue. Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177086185 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 06:47:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 04:47:11 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Issue was closed by m-svo Issue #779: https://gitlab.com/gnutls/gnutls/issues/779 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 09:46:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 07:46:48 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: There is possibly more `alloca()`: ``` $ grep -R 'alloca(' lib lib/nettle/backport/cfb8.h:# define TMP_ALLOC(name, size) (name = alloca(sizeof (*name) * (size))) lib/nettle/gost/nettle-internal.h:# define TMP_ALLOC(name, size) (name = alloca(sizeof (*name) * (size))) ``` Just got a PM from Jeffrey Walton: ``` I've almost got GnuTLS 3.6.8 building on Solaris. One build problem remains: Undefined first referenced symbol in file alloca ../lib/.libs/libgnutls.so ld: fatal: symbol referencing errors collect2: error: ld returned 1 exit status Recipe is here, and it includes CFLAGS += -D_XOPEN_SOURCE=600 for Solaris: https://github.com/noloader/Build-Scripts/blob/master/build-gnutls.sh ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_177141088 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 10:03:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 08:03:54 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: @nmav The code in nettle looks like it is straight forward to remove alloca() there. WDYT ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_177147810 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 11:55:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 09:55:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) In-Reply-To: References: Message-ID: It still fails: https://travis-ci.org/gnutls/gnutls A way to check directly the output of a change is to fork gnutls/gnutls in github and push there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016#note_177213676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 12:07:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 10:07:04 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: That's backported code from nettle. Modifying would mean having two implementations. As far as I see it uses alloca if HAVE_ALLOCA is defined, and falls back to C99 otherwise. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_177218338 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:00:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:00:09 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: Maybe a better place to address these is in nettle project itself. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_177237760 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:01:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:01:12 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.3.14 breaks against Guile with Clang (#6) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #6: https://gitlab.com/gnutls/gnutls/issues/6 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:01:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:01:11 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.3.14 breaks against Guile with Clang (#6) In-Reply-To: References: Message-ID: The 3.3.x branch is already EOL. Closing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/6#note_177238138 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:02:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:02:31 +0000 Subject: [gnutls-devel] GnuTLS | Building GnuTLS 3.5.19 fails to build with `guile/src/core.c:3338:31: error: expected ')' before '; ' token (void) gnutls_global_init (); ` (#551) In-Reply-To: References: Message-ID: [GnuTLS 3.5.x is EOL](https://gitlab.com/gnutls/gnutls/blob/master/RELEASES.md). Closing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/551#note_177238661 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:02:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:02:32 +0000 Subject: [gnutls-devel] GnuTLS | Building GnuTLS 3.5.19 fails to build with `guile/src/core.c:3338:31: error: expected ')' before '; ' token (void) gnutls_global_init (); ` (#551) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #551: https://gitlab.com/gnutls/gnutls/issues/551 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/551 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:04:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:04:33 +0000 Subject: [gnutls-devel] GnuTLS | Changes needed to compile Guile bindings against Guile 2.2.2 (#199) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #199: https://gitlab.com/gnutls/gnutls/issues/199 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/199 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:04:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:04:51 +0000 Subject: [gnutls-devel] GnuTLS | Changes needed to compile Guile bindings against Guile 2.2.2 (#199) In-Reply-To: References: Message-ID: Closing as the issue seems addressed. Please re-open with more information if not. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/199#note_177239515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:27:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:27:39 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: Nettle is missing #include , that seems to be needed on some systems. The thing is that GnuTLS suffers from nettle using alloca(). BTW, the fallback is C89 - the checks calls abort() if variable size exceeds the buffer size. `nettle-internal.h` is included by `gostdsa-sign.c` which also includes `gnutls_int.h`. How is this from nettle then ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_177251027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 13:32:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 11:32:25 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) In-Reply-To: References: Message-ID: I don't know what /System/Library/Frameworks/Security.framework/Headers/SecRandom.h is. The failure is in there - how ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016#note_177256594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 15:02:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 13:02:31 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) In-Reply-To: References: Message-ID: I'd speculate that it uses the definition `warn_unused_result`. I don't have macosx. A way to see that file could be using travis to print it out. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016#note_177297266 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 15:06:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 13:06:47 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: The `nettle/backports` directory contains files in nettle master which have not been released yet but are used by gnutls, and `nettle/gost/` contains files which are proposed for nettle but have not been included yet. The goal for these is to be copy-paste nettle code rather than files that have different contents than the files in nettle (or the code submitted to nettle). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_177299141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 15:07:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 13:07:56 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: If we update the upstream nettle code to have a fixed version of it, then we can update the gnutls copies to contain the new code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_177299627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 15:28:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 13:28:12 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: The fix would be to use C89 fixed array with fallback to malloc(). That requires slightly more than fixing the *.h files. It needs changes in the function implementation as well. It's trivial and obvious, but I dare to go into upstream discussions. I am too busy with other projects right now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_177309695 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 16:25:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 14:25:17 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Of course we still want to figure out what GnuTLS is doing to trigger the firewall...? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177337235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 16:51:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 14:51:35 +0000 Subject: [gnutls-devel] GnuTLS | optional: Support for deterministic ECDSA (#94) In-Reply-To: References: Message-ID: Reassigned Issue 94 https://gitlab.com/gnutls/gnutls/issues/94 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/94 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 16:51:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 14:51:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) In-Reply-To: References: Message-ID: I guess so as well. What about prefixing the attribute definitions ? E.g. gnutls_warn_unused_result, gnutls_nonnull, etc ? Or maybe gnutls_attr_... as prefix. WDYT ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016#note_177349474 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 17:17:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 15:17:48 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: my ISP just told me they do not use any firewall and sent me logs showing gnutls 3.3.29 connects fine to lutris.net I am going to check my router next (although firewall is disabled via the interface), will report back -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177360782 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 20:03:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 18:03:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Did some testing with and without my home router (it did not make any difference) Debian 9.9 GnuTLS **v.3.5.8** - connects to lutris.net successfully, tested on 2 machines Ubuntu 19.04 GnuTLS **v.3.6.5** - fails to connect Arch Linux (not updated for several months) GnuTLS **v.3.6.6** - fails to connect Debian 10 testing GnuTLS **v.3.6.7** - fails to connect Arch Linux GnuTLS **v.3.6.8-1** - fails to connect The error is always `*** Fatal error: Error in the pull function.` So, it looks like there is some firewall (maybe above my ISP?) and GnuTLS **v.3.5.8** does not trigger it. Anything else I can do? Should I try versions between 3.5.8 and 3.6.5 to see which introduces this? I believe it would be easy to downgrade a package in Arch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177413600 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 20:38:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 18:38:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) In-Reply-To: References: Message-ID: It makes sense to me if it addresses the problem -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016#note_177425742 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 20:44:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 18:44:32 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: The difference between gnutls 3.6.x and earlier (e.g. 3.5.x) is support for TLS1.3. What you can try with the latest gnutls: ``` # test whether tls1.2 works gnutls-cli --priority NORMAL:-VERS-TLS1.3 lutris.net # test whether any new groups cause issue gnutls-cli lutris.net --priority NORMAL:-GROUP-ALL:+GROUP-SECP256R1 # use the debug tool gnutls-cli-debug lutris.net ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177427258 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 21:07:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 19:07:54 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: This is with 3.6.8 ``` # test whether tls1.2 works $ gnutls-cli --priority NORMAL:-VERS-TLS1.3 lutris.net Processed 154 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.186.245:443'... *** Fatal error: Error in the pull function. # test whether any new groups cause issue $ gnutls-cli lutris.net --priority NORMAL:-GROUP-ALL:+GROUP-SECP256R1 Processed 154 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.186.245:443'... *** Fatal error: Error in the pull function. # use the debug tool $ gnutls-cli-debug lutris.net GnuTLS debug client 3.6.8 Checking lutris.net:443 whether we need to disable TLS 1.2... yes whether we need to disable TLS 1.1... yes whether we need to disable TLS 1.0... yes whether %NO_EXTENSIONS is required... yes whether %COMPAT is required... yes for TLS 1.0 (RFC2246) support... no for TLS 1.0 (RFC2246) support with TLS 1.0 record version... no for TLS 1.1 (RFC4346) support... no fallback from TLS 1.1 to... failed for TLS 1.2 (RFC5246) support... no for TLS 1.3 (RFC8446) support... no TLS1.2 neg fallback from TLS 1.6 to... failed (server requires fallback dance) Server does not support any of SSL 3.0, TLS 1.0, 1.1, 1.2 and 1.3 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177437020 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 3 22:29:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Jun 2019 20:29:05 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: That's strange, it seems something basic makes that firewall close this handshake. Can you try seeing the differences in the client hello as sent by gnutls and the client hello as sent with openssl (1.1.1 or later - assuming that this works)? You can use wireshark to visualize the two client hellos, and you can save them in a pcap file you can attach here so we can check as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_177455529 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:23:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:23:15 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) References: Message-ID: New Merge Request !1017 https://gitlab.com/gnutls/gnutls/merge_requests/1017 Branches: tmp-fix-travis2 to master Author: Tim R?hsen Assignees: Prefixing the gcc attributes works-around the namespace clash on OSX (Travis CI). See https://travis-ci.com/rockdaboot/gnutls ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:24:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:24:11 +0000 Subject: [gnutls-devel] GnuTLS | Fix warn_unused_result for clang < 4 (!1016) In-Reply-To: References: Message-ID: See !1017 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1016#note_177660803 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:30:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:30:05 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/merge_requests/1017#note_177663385 > -# define G_GNUC_WGET_NONNULL_ALL > -# define G_GNUC_WGET_NONNULL(a) > +# define attr_nonnull_all > +# define attr_nonnull(a) > #endif > > #if _GNUTLS_GCC_VERSION >= 30400 && (_GNUTLS_CLANG_VERSION == 0 || _GNUTLS_CLANG_VERSION >= 40000) > -# define warn_unused_result __attribute__((warn_unused_result)) > +# define attr_warn_unused_result __attribute__((warn_unused_result)) > #else > -# define warn_unused_result > +# define attr_warn_unused_result > #endif > > #if _GNUTLS_GCC_VERSION >= 70100 > -# define FALLTHROUGH __attribute__ ((fallthrough)) Is that intentional? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017#note_177663385 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:31:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:31:01 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) In-Reply-To: References: Message-ID: Merge Request !1017 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1017 Branches: tmp-fix-travis2 to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:31:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:31:10 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) In-Reply-To: References: Message-ID: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017#note_177663862 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:48:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:48:11 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/merge_requests/1017#note_177671585 > -# define G_GNUC_WGET_NONNULL_ALL > -# define G_GNUC_WGET_NONNULL(a) > +# define attr_nonnull_all > +# define attr_nonnull(a) > #endif > > #if _GNUTLS_GCC_VERSION >= 30400 && (_GNUTLS_CLANG_VERSION == 0 || _GNUTLS_CLANG_VERSION >= 40000) > -# define warn_unused_result __attribute__((warn_unused_result)) > +# define attr_warn_unused_result __attribute__((warn_unused_result)) > #else > -# define warn_unused_result > +# define attr_warn_unused_result > #endif > > #if _GNUTLS_GCC_VERSION >= 70100 > -# define FALLTHROUGH __attribute__ ((fallthrough)) No, it was in the old code. I removed it meanwhile. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017#note_177671585 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:48:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:48:11 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) In-Reply-To: References: Message-ID: All discussions on Merge Request !1017 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/1017 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:52:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:52:50 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/merge_requests/1017#note_177673737 > -# define G_GNUC_WGET_NONNULL_ALL > -# define G_GNUC_WGET_NONNULL(a) > +# define attr_nonnull_all > +# define attr_nonnull(a) > #endif > > #if _GNUTLS_GCC_VERSION >= 30400 && (_GNUTLS_CLANG_VERSION == 0 || _GNUTLS_CLANG_VERSION >= 40000) > -# define warn_unused_result __attribute__((warn_unused_result)) > +# define attr_warn_unused_result __attribute__((warn_unused_result)) > #else > -# define warn_unused_result > +# define attr_warn_unused_result > #endif > > #if _GNUTLS_GCC_VERSION >= 70100 > -# define FALLTHROUGH __attribute__ ((fallthrough)) Sorry, I removed the spacing because the purpose of aligning with other code is no longer given. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017#note_177673737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 11:53:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 09:53:30 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) In-Reply-To: References: Message-ID: All discussions on Merge Request !1017 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/1017 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 4 13:04:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Jun 2019 11:04:40 +0000 Subject: [gnutls-devel] GnuTLS | Prefix gcc attributes with 'attr_' (!1017) In-Reply-To: References: Message-ID: Merge Request !1017 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1017 Branches: tmp-fix-travis2 to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 08:19:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 06:19:42 +0000 Subject: [gnutls-devel] GnuTLS | gnutls does not depend on autogen for the generation of manpages/texinfo documentation (#773) In-Reply-To: References: Message-ID: I believe that could be an opportunity to re-organize the documentation. We don't necessarily need to include the tools' manpages into the manual, it may be sufficient to link to them (e.g., to autogenerated files in gnutls.org) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/773#note_178032744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 08:22:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 06:22:07 +0000 Subject: [gnutls-devel] GnuTLS | tools in src/ should not use libopts for parsing cmd line options (#775) In-Reply-To: References: Message-ID: Note that the combination of the manpages with the texinfo documentation was done because we could, though it may not be completely natural to find the manpage information of gnutls tools in the pdf. Re-organizing the documentation to point that the tool information is available as manpages, and getting these manpages online in gnutls.org could be another way to address that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/775#note_178033193 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 08:27:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 06:27:31 +0000 Subject: [gnutls-devel] GnuTLS | Guile updated by Ludo (!1018) References: Message-ID: New Merge Request !1018 https://gitlab.com/gnutls/gnutls/merge_requests/1018 Project:Branches: nmav/gnutls:tmp-guile-updates to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: This brings guile 3.0 support. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1018 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 11:10:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 09:10:17 +0000 Subject: [gnutls-devel] GnuTLS | OpenSSL backend and failures in cipher-api-test.c (#780) References: Message-ID: New Issue was created. Issue 780: https://gitlab.com/gnutls/gnutls/issues/780 Author: Jeffrey Walton Assignees: ## Description of problem: Running `make check` fails when OpenSSL is the back-end. ## Version of gnutls used: GnuTLS 3.6.8 ## Distributor of gnutls GnuTLS from 3.6.8 source tarball. Fetched from https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/. Working on Fedora 29 x86_64 fully patched. OpenSSL was built from 1.0.2s source tarball. ## How reproducible: This is very reproducible. It has been nagging me for the last couple of years. I build GnuTLS with OpenSSL as the back-end. It is done for expediency because OpenSSL has few to no dependencies. GnuTLS `make check` fails when using the OpenSSL back-end. The first failure is for the GCM tests in [`cipher-api-test.c`](https://github.com/gnutls/gnutls/blob/master/tests/slow/cipher-api-test.c). Nettle may not allow a second update of AAD data, but OpenSSL surely does. This patch gets GnuTLS beyond the GCM failure: ``` --- tests/slow/cipher-api-test.c +++ tests/slow/cipher-api-test.c @@ -137,9 +144,15 @@ if (ret < 0) fail("could not add auth data\n"); +#if defined(OPENSSL_VERSION_NUMBER) + ret = gnutls_cipher_add_auth(ch, data, 16); + if (ret < 0) + fail("failed in adding auth data after partial data were given\n"); +#else ret = gnutls_cipher_add_auth(ch, data, 16); if (ret >= 0) - fail("succeeded in adding auth data data after partial data were given\n"); + fail("succeeded in adding auth data after partial data were given\n"); +#endif gnutls_cipher_deinit(ch); ``` There is a failure after the GCM fix. It seems to be related to the test named *"3des-cbc"* (last message printed). I have not been able to track it down beyond the *"child died with signal 11"*. I tried stepping it under GDB, but GDB refuses to follow the child. About all I can do is watch the child die under GDB. This program may help in determining what OpenSSL can do: [test.c](/uploads/f560babf72c108674f47192fef88e86e/test.c). It creates a AES/GCM cipher, then inserts AAD, inserts AAD, inserts plaintext, inserts AAD. The third AAD insertion dies as expected. It may be noteworthy that I do ***not*** configure with Nettle. Nettle is available, but I don't configure with it. I'm not sure if running Nettle tests are expected (or not). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/780 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 11:42:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 09:42:56 +0000 Subject: [gnutls-devel] GnuTLS | Implement support for AES-GMAC (rfc4543) (#781) References: Message-ID: New Issue was created. Issue 781: https://gitlab.com/gnutls/gnutls/issues/781 Author: Andreas Schneider Assignees: Please implement support for AES-GMAC (rfc4543). This is used for SMB3 signing by Microsoft soon. So Samba needs it to support this new signing mechanism. See also: https://www.snia.org/sites/default/files/SDC/2018/presentations/SMB/George_Xin_SMB3_Landscape_Directions.pdf -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/781 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 13:47:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 11:47:18 +0000 Subject: [gnutls-devel] GnuTLS | Clarify semantics for our supported releases (#651) In-Reply-To: References: Message-ID: This is addressed by !1011 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/651#note_178155651 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 13:47:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 11:47:18 +0000 Subject: [gnutls-devel] GnuTLS | Clarify semantics for our supported releases (#651) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #651: https://gitlab.com/gnutls/gnutls/issues/651 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/651 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 14:20:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 12:20:56 +0000 Subject: [gnutls-devel] GnuTLS | Solaris build requires -D_XOPEN_SOURCE=600 -std=gnu99 (#782) References: Message-ID: New Issue was created. Issue 782: https://gitlab.com/gnutls/gnutls/issues/782 Author: Jeffrey Walton Assignees: ## Description of problem: GnuTLS 3.6.8 fails to compile on Solaris i86pc. ## Version of gnutls used: GnuTLS 3.6.8 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) GnuTLS from 3.6.8 source tarball. Fetched from https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/. ## How reproducible: It is consistently reproducible. Testing on Solaris 11.3 reveals `CFLAGS` needs `-D_XOPEN_SOURCE=600 -std=gnu99` to avoid some compile errors due to `alloca`. I believe it is due to the inclusion of Gnulib. Don't allow `-D_XOPEN_SOURCE=600` to cross-pollinate into `CXXFLAGS`, like by way of `CPPFLAGS`. `-D_XOPEN_SOURCE=600` breaks some C++ features due to the way Solaris enforces standard versions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/782 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 14:46:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 12:46:58 +0000 Subject: [gnutls-devel] GnuTLS | Solaris build requires -D_XOPEN_SOURCE=600 -std=gnu99 (#782) In-Reply-To: References: Message-ID: Please also see !684 (and the comments). At least we have alloca() introduced through nettle code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/782#note_178180045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 14:56:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 12:56:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutls does not depend on autogen for the generation of manpages/texinfo documentation (#773) In-Reply-To: References: Message-ID: So we could skip texinfo for the man pages ? Then markdown->man could be done by 'ronn'. markdown->html could be done by 'markdown' or plenty of other tools. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/773#note_178184762 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 17:58:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 15:58:02 +0000 Subject: [gnutls-devel] GnuTLS | tls13/key_update: ignore multiple key updates instead of error (!1019) References: Message-ID: New Merge Request !1019 https://gitlab.com/gnutls/gnutls/merge_requests/1019 Branches: tmp-keyupdate-fixes to master Author: Daiki Ueno Assignees: This fixes the multiple KeyUpdate messages handling in commit 65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is sent even if the limit doesn't exceed. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 20:23:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 18:23:37 +0000 Subject: [gnutls-devel] GnuTLS | gnutls does not depend on autogen for the generation of manpages/texinfo documentation (#773) In-Reply-To: References: Message-ID: I think that's a reasonable option. There may be some initial work to update any internal references to documentation with external html links, but that should be all. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/773#note_178305420 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 5 20:24:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Jun 2019 18:24:24 +0000 Subject: [gnutls-devel] GnuTLS | gnutls does not depend on autogen for the generation of manpages/texinfo documentation (#773) In-Reply-To: References: Message-ID: External links to manual sections would fail, though that's an issue that exists even today due to any re-organization. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/773#note_178305654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 05:16:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 03:16:27 +0000 Subject: [gnutls-devel] GnuTLS | Implement support for AES-GMAC (rfc4543) (#781) In-Reply-To: References: Message-ID: Hi Andreas, Isn't GMAC just the special case of GCM with no plaintext, and authentication data? In that case wouldn't the existing aead API for GCM be sufficient? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/781#note_178416531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 05:24:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 03:24:31 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/auth/psk.h: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_178417550 > /* callback function, instead of reading the > * password files. > */ > - gnutls_psk_server_credentials_function *pwd_callback; > + union { > + gnutls_psk_server_credentials_function *cb1; Here you introduce two options for callbacks. What I propose above is to store one callback only (the new), and when the old callback is requested by the application you set as the callback a wrapper which interfaces between them. See this approach in: https://gitlab.com/gnutls/gnutls/blob/master/lib/cert-cred.c#L707 There `get_cert_callback3` is the callback supported internally by the library, but when a previous version is requested by the application, a pwrapper function `call_legacy_cert_cb1`](https://gitlab.com/gnutls/gnutls/blob/master/lib/cert-cred.c#L564) is set. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_178417550 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 13:51:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 11:51:02 +0000 Subject: [gnutls-devel] GnuTLS | Implement support for AES-GMAC (rfc4543) (#781) In-Reply-To: References: Message-ID: I haven't looked into the details yet. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/781#note_178561041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 15:25:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 13:25:48 +0000 Subject: [gnutls-devel] GnuTLS | Guile updates by Ludo (!1018) In-Reply-To: References: Message-ID: Merge Request !1018 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1018 Project:Branches: nmav/gnutls:tmp-guile-updates to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1018 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 15:31:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 13:31:27 +0000 Subject: [gnutls-devel] GnuTLS | tls13/key_update: ignore multiple key updates instead of error (!1019) In-Reply-To: References: Message-ID: Merge Request !1019 was approved by Hubert Kario (@mention me if you need reply) Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1019 Branches: tmp-keyupdate-fixes to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 15:33:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 13:33:13 +0000 Subject: [gnutls-devel] GnuTLS | tls13/key_update: ignore multiple key updates instead of error (!1019) In-Reply-To: References: Message-ID: Merge Request !1019 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1019 Branches: tmp-keyupdate-fixes to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 18:01:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 16:01:52 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) References: Message-ID: New Merge Request !1020 https://gitlab.com/gnutls/gnutls/merge_requests/1020 Project:Branches: civodul/gnutls:wip-guile-3.0 to gnutls/gnutls:master Author: civodul Assignees: This adds support for Guile 3.0. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [X] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 18:33:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 16:33:34 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) References: Message-ID: New Merge Request !1021 https://gitlab.com/gnutls/gnutls/merge_requests/1021 Project:Branches: civodul/gnutls:guile-deprecate-openpgp to gnutls/gnutls:master Author: civodul Assignees: This deprecates OpenPGP support in the Guile bindings (at last!). ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 6 21:11:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Jun 2019 19:11:02 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Yes, openssl works fine for me. ``` $ openssl version OpenSSL 1.1.1c 28 May 2019 $ gnutls-cli --version gnutls-cli 3.6.8 ``` I hope I did it right. I can only say they are quite different, not sure what to look for. [OpenSSL.pcapng](/uploads/51829bcba661c8a7bcd902f73d438cdc/OpenSSL.pcapng) [GnuTLS.pcapng](/uploads/19c3328dfe624ad47732186ed2980499/GnuTLS.pcapng) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_178734962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 08:36:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 06:36:25 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple issue with TLS1.3 (#783) References: Message-ID: New Issue was created. Issue 783: https://gitlab.com/gnutls/gnutls/issues/783 Author: Nikos Mavrogiannopoulos Assignees: [reported by mail by Bj?rn Jacke of samba.org] I see again something weird with gnutls and ocsp. On imap.samba.org:993 we have a ocsp-must-staple enabled certificate, the server is haproxy/openssl from latest Debian buster with TLS 1.3 enabled. The certificate is working nicely with the stapled ocsp response from the server with all kind of clients, except recent gnutls versions. GnuTLS 3.5.18 for example works perfectly fine with: echo QUIT | gnutls-cli --sni-hostname=imap.samba.org imap.samba.org:993 --verbose | less The same test GnuTLS 3.6.7 from Debian Buster (on current Fedora also) fails with: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/783 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 08:40:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 06:40:24 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple issue with TLS1.3 (#783) In-Reply-To: References: Message-ID: I have verified that the issue exists (the OCSP response is included but gnutls doesn't recognize it). It seems that under TLS1.3 the verification does not take into account the included OCSP responses. I attach an OCSP capture and the associated keys (to see the certificate message). [ocsp.tar](/uploads/8ffe204184d944431e2fdc77ca20f8f3/ocsp.tar) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/783#note_178846483 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 10:24:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 08:24:55 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) References: Message-ID: New Merge Request !1022 https://gitlab.com/gnutls/gnutls/merge_requests/1022 Project:Branches: civodul/gnutls:guile-remove-alloca to gnutls/gnutls:master Author: civodul Assignees: This removes unbounded uses of `alloca` in the Guile bindings, as discussed in #684. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 10:53:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 08:53:24 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1022 was reviewed by Tim R?hsen -- Tim R?hsen started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178895374 > +#define FAST_ALLOC(size) \ > + (((size) <= ALLOCA_MAX_SIZE) \ > + ? alloca (size) \ Thanks for working on this ! It would be nice to not use alloca() at all. It's not trivially portable and someone recently had issues on Solaris 11.3. What about using C89 local arrays (size of 256 for paths seems to be enough) like e.g. `char c_file_buf[256];` and then amending your macro to result in something like ``` c_file = size <= sizeof(c_file_buf) ? c_file_buf : scm_gc_malloc_pointerless(...) ``` ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 10:54:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 08:54:04 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: The differences are `record_size_limit` (only sent by gnutls), `psk_key_exchange_modes` (gnutls includes psk_ke), `renegotiation_info` (only sent by gnutls), `key_share` is larger by gnutls, `status_request` sent by gnutls. Let's try not sending few of them. For `record_size_limit` I do not think we have a knob, though if you can connect with firefox there, which also sends it, it should be ok. * For `psk_key_exchange_modes` to send only the one requested by openssl, do `--priority NORMAL:+DHE-PSK` * To remove `renegotiation_info` do `--priority NORMAL:%DISABLE_SAFE_RENEGOTIATION` * The key share you already tried with the groups test above; so it shouldn't be it * It is not possible to remove the `status_request` You can also try adding the `%COMPAT` to the priority string. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_178895594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 10:55:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 08:55:03 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: btw. I assume that the RST in gnutls you saw just after the client hello was sent, is that correct? (the pcap file only contained the hello message) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_178895940 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 10:57:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 08:57:44 +0000 Subject: [gnutls-devel] GnuTLS | OpenSSL backend and failures in cipher-api-test.c (#780) In-Reply-To: References: Message-ID: Hi, I am not sure what do you mean with openssl as back-end? gnutls has only nettle as option for back-end. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/780#note_178896884 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 10:59:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 08:59:39 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Thanks, will try that today. Yes, RST in gnutls was right after the client hello. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_178897742 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 11:04:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 09:04:30 +0000 Subject: [gnutls-devel] GnuTLS | OpenSSL backend and failures in cipher-api-test.c (#780) In-Reply-To: References: Message-ID: Thanks Nikos. I configure with `--with-libcrypto-prefix="$MY_PREFIX"`. I believe that is OpenSSL's `libcrypto.{a|so}`. If it is wrong, then there's another problem afoot here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/780#note_178899770 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 11:11:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 09:11:04 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: Hi Tim, I'm reluctant to the solution you propose, because it would make things more complex. Could you point me to the portability issues you had about `alloca`? Autoconf and/or Gnulib should do the right thing. (Besides, isn't Solaris reaching EOL?) Thanks for your feedback! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178902239 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 11:21:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 09:21:06 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: Hi, please see the description of #684 (title says "eliminate alloca..."). Recent Solaris complaint: #782. If Solaris reaches EOL or not. Alloca() seems to be the only blocker of a straight-forward GnuTLS build there. But this just being said, the main points are mentioned in #684. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178906153 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 11:46:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 09:46:54 +0000 Subject: [gnutls-devel] GnuTLS | Solaris build requires -D_XOPEN_SOURCE=600 -std=gnu99 (#782) In-Reply-To: References: Message-ID: Sorry, edited my last commit to point to issue 684, not MR 684 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/782#note_178916226 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 11:55:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 09:55:40 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: I see, thanks for the pointers. According to `m4/gnulib-cache.m4`, we're using Gnulib's `alloca` module. I think #782 should be reported to `bug-gnulib at gnu.org`; this module is meant to give us `alloca` on all platforms without further ado. WDYT? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178919510 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 12:31:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 10:31:49 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: > I think #782 should be reported to bug-gnulib at gnu.org Possibly, but it needs more investigations by someone who has access to Solaris 11.3 before it can be reported seriously to gnulib. But in the meantime we still want to eliminate alloca(). Are you going to amend this MR ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178932216 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 12:46:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 10:46:52 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: I don't think it's a good idea to eliminate `alloca` just because we stumbled upon a portability bug, and one that's not unsolvable (`alloca` portability was one of the first tasks for Autoconf decades ago :-)). The patch I submitted eliminates what's problematic about existing uses of `alloca`: unbounded stack growth. I now realize it's not what you had in mind for #684, but I think it's an improvement nonetheless. WDYT? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178936965 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 12:51:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 10:51:24 +0000 Subject: [gnutls-devel] GnuTLS | OpenSSL backend and failures in cipher-api-test.c (#780) In-Reply-To: References: Message-ID: I'm going to close this out. I'll open another report for the `cipher-api-test.c` failures during `make check`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/780#note_178938502 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 12:51:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 10:51:25 +0000 Subject: [gnutls-devel] GnuTLS | OpenSSL backend and failures in cipher-api-test.c (#780) In-Reply-To: References: Message-ID: Issue was closed by Jeffrey Walton Issue #780: https://gitlab.com/gnutls/gnutls/issues/780 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/780 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 14:00:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 12:00:19 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.8 and one failed self test on Fedora 29, x86_64 (#784) References: Message-ID: New Issue was created. Issue 784: https://gitlab.com/gnutls/gnutls/issues/784 Author: Jeffrey Walton Assignees: ## Description of problem: One failed self test on Fedora 29, x86_64, fully patched. Running `make check` results in: ``` PASS: gendh PASS: test-ciphers.sh PASS: override-ciphers PASS: test-hash-large.sh PASS: crypto FAIL: test-ciphers-api.sh PASS: test-ciphers-openssl.sh ``` ## Version of gnutls used: GnuTLS 3.6.8 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) GnuTLS from 3.6.8 source tarball. Fetched from https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/. ## How reproducible: This is very reproducible. It has been nagging me for the last couple of years. Steps to Reproduce: * select an alternate location for GnuTLS and all dependencies. I select `prefix=/usr/local` and `libdir=/usr/local/lib64` * select flags for GnuTLS and all dependencies. I select `CPPFLAGS = -I/usr/local/include -DNDEBUG`, `CFLAGS = -g2 -O2 -march=native -fPIC -pthread`, `CXXFLAGS = -g2 -O2 -march=native -fPIC -pthread` and `LDFLAGS = -L/usr/local/lib64 -Wl,-R,'$$ORIGIN/../lib64' -Wl,-R,/usr/local/lib64 -Wl,--enable-new-dtags`. * build all GnuTLS dependencies * build GnuTLS * run `make check` before install ## Build GnuTLS The previous step says "build GnuTLS". Here is the configure used. The various variables like `INSTX_PREFIX` and `BUILD_PKGCONFIG` are internal variables passed onto Autotools. ``` PKG_CONFIG_PATH="${BUILD_PKGCONFIG[*]}" \ CPPFLAGS="${BUILD_CPPFLAGS[*]}" \ CFLAGS="${BUILD_CFLAGS[*]}" \ CXXFLAGS="${BUILD_CXXFLAGS[*]}" \ LDFLAGS="${BUILD_LDFLAGS[*]}" \ LIBS="${BUILD_LIBS[*]}" \ ./configure --enable-shared \ --prefix="$INSTX_PREFIX" \ --libdir="$INSTX_LIBDIR" \ --enable-seccomp-tests \ --disable-guile \ --disable-ssl2-support \ --disable-ssl3-support \ --disable-gtk-doc \ --disable-gtk-doc-html \ --disable-gtk-doc-pdf \ --with-p11-kit \ --with-libregex \ --with-nettle-prefix="$INSTX_PREFIX" \ --with-libiconv-prefix="$INSTX_PREFIX" \ --with-libintl-prefix="$INSTX_PREFIX" \ --with-libseccomp-prefix="$INSTX_PREFIX" \ --with-unbound-root-key-file="$SH_UNBOUND_ROOTKEY_FILE" ``` ## Actual results: ``` $ make check ... PASS: gendh PASS: test-ciphers.sh PASS: override-ciphers PASS: test-hash-large.sh PASS: crypto FAIL: test-ciphers-api.sh PASS: test-ciphers-openssl.sh ``` ## Expected results: All tests pass ## Files of interest [config.log.zip](/uploads/870555967057aaeb286dc6e4a25fe5f3/config.log.zip) [test-suite.log.zip](/uploads/417c58948084bd5e4b62e929da4474a1/test-suite.log.zip) ## Runtime Paths I think this looks OK. ``` $ objdump -p gnutls-3.6.8/tests/slow/cipher-api-test gnutls-3.6.8/tests/slow/cipher-api-test: file format elf64-x86-64 ... Dynamic Section: NEEDED libgnutls.so.30 NEEDED libp11-kit.so.0 NEEDED libffi.so.6 NEEDED libidn2.so.0 NEEDED libunistring.so.2 NEEDED libiconv.so.2 NEEDED libtasn1.so.6 NEEDED libnettle.so.6 NEEDED libhogweed.so.4 NEEDED libgmp.so.10 NEEDED libdl.so.2 NEEDED libpthread.so.0 NEEDED libc.so.6 RUNPATH $ORIGIN/../lib64:/usr/local/lib64:/home/jwalton/Build-Scripts/gnutls-3.6.8/lib/.libs:/usr/local/lib64/../lib64 INIT 0x0000000000401000 FINI 0x0000000000402888 INIT_ARRAY 0x0000000000405d38 INIT_ARRAYSZ 0x0000000000000008 FINI_ARRAY 0x0000000000405d40 FINI_ARRAYSZ 0x0000000000000008 ... ``` It seems like `RUNPATH` should include the build directory first. Other than that, all the non-system dependencies are located at `/usr/local/lib64` and should be found. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/784 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 14:06:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 12:06:59 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.8 and one failed self test on Fedora 29, x86_64 (#784) In-Reply-To: References: Message-ID: If you want to do the build script thing I use for ancient systems, then perform the following. It should be copy/paste. ``` git clone https://github.com/noloader/Build-Scripts.git cd Build-Scripts ./setup-cacerts.sh ./setup-wget.sh ./build-gnutls.sh ``` After 20 or 30 minutes GnuTLS should be finished. You can delete the Build-Scripts artifacts with: * `rm -rf /usr/local` * `rm -rf ~/.cacerts` * `rm -rf ~/bootstrap` * `rm -rf ~/.build-scripts` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/784#note_178963106 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 14:13:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 12:13:53 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: > I now realize it's not what you had in mind for #684, but I think it's an improvement nonetheless. It's definitely an improvement ! Please also realize that removing alloca() is not about portability regarding #684. It's about security concerns *in general*. The touched code might be perfectly save - but the goal is to have an automated check via CI that errors out when someone introduces uses of alloca() (potentially unsafe). To make that as simple-as-possible (no list of exceptions), we would like to get rid of alloca() everywhere. It's like the use of strncpy() - you can use it safely, but it's easy to overlook misuses - so better not use it. Could you please remove the 'Closes #684' from the commit message (and just push --force to update the MR) !? Then I can approve/merge :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178965591 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 14:25:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 12:25:00 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: Done, thanks! Quite a few uses of `alloca` will vanish when we remove OpenPGP support entirely from the Guile bindings, and at that point it will probably simpler to revisit this issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178969742 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 14:47:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 12:47:44 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: All discussions on Merge Request !1022 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/1022 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 14:48:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 12:48:11 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: Merge Request !1022 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1022 Project:Branches: civodul/gnutls:guile-remove-alloca to gnutls/gnutls:master Author: civodul Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 14:53:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 12:53:56 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: Good to know and thanks for your work ! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178989424 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:06:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:06:03 +0000 Subject: [gnutls-devel] GnuTLS | Solaris build requires -D_XOPEN_SOURCE=600 -std=gnu99 (#782) In-Reply-To: References: Message-ID: @noloader I guess you are talking about this: ``` I've almost got GnuTLS 3.6.8 building on Solaris. One build problem remains: Undefined first referenced symbol in file alloca ../lib/.libs/libgnutls.so ld: fatal: symbol referencing errors collect2: error: ld returned 1 exit status ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/782#note_178994148 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:13:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:13:04 +0000 Subject: [gnutls-devel] GnuTLS | Solaris build requires -D_XOPEN_SOURCE=600 -std=gnu99 (#782) In-Reply-To: References: Message-ID: @rockdaboot, Yes. When I grep the source tree looking for `alloca`, I see it in the `gl/` directory. I believe that is Gnulib but I could be wrong. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/782#note_178997074 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:18:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:18:04 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) References: Message-ID: New Merge Request !1023 https://gitlab.com/gnutls/gnutls/merge_requests/1023 Branches: tmp-small-records-tests to master Author: Daiki Ueno Assignees: As suggested in !1006. This also adds `--httpdata` option to `gnutls-serv` to enable testing with fixed sized HTTP response data. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:18:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:18:39 +0000 Subject: [gnutls-devel] GnuTLS | priority: add new option to allow small records (>= 64) (!1006) In-Reply-To: References: Message-ID: @tomato42 filed !1023 along these lines. Could you please check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1006#note_178999220 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:24:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:24:34 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) References: Message-ID: New Issue was created. Issue 785: https://gitlab.com/gnutls/gnutls/issues/785 Author: Jeffrey Walton Assignees: ## Description of problem: Solaris experiences some self test failures. ## Version of gnutls used: GnuTLS 3.6.8 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) GnuTLS from 3.6.8 source tarball. Fetched from https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/. ## How reproducible: It is consistently reproducible. Testing on Solaris 11.3 reveals some tool problems. Some examples of the issue are shown below. I expect GnuTLS is OK. ``` FAIL: fastopen.sh ================= Checking Fast open ./fastopen.sh[55]: eval[50]: local: not found [No such file or directory] ./fastopen.sh[55]: eval[51]: local: not found [No such file or directory] PORT=27767 rc=1 myrandom=31881 ./fastopen.sh[144]: local: not found [No such file or directory] ./fastopen.sh[145]: local: not found [No such file or directory] ... ``` And: ``` ... ./fastopen.sh[56]: local: not found [No such file or directory] ./fastopen.sh[57]: local: not found [No such file or directory] /usr/bin/netstat: illegal option -- l usage: /usr/bin/netstat [-anuvR] [-f address_family] [-P protocol] /usr/bin/netstat [-n] [-f address_family] [-P protocol] [-T d|u] [-g | -p | -s [interval [count]]] /usr/bin/netstat -m [-v] [-T d|u] [interval [count]] /usr/bin/netstat -i [-I interface] [-an] [-f address_family] [-T d|u] [interval [count]] /usr/bin/netstat -r [-anv] [-f address_family|filter] [-T d|u] /usr/bin/netstat -M [-ns] [-f address_family] [-T d|u] /usr/bin/netstat -D [-I interface] [-f address_family] [-T d|u] ./fastopen.sh[50]: local: not found [No such file or directory] ./fastopen.sh[51]: local: not found [No such file or directory] ... ``` Solaris provides some anemic tools. They managed to provide `sed` and `awk` more anemic than Posix. `/usr/bin/netstat` is probably equally anemic. I typically use the tools in `/usr/gnu/bin/` to side-step it. Unfortunately, there is no corresponding tool in `/usr/gnu/bin`. ``` $ ls /usr/gnu/bin/netstat /usr/gnu/bin/netstat: No such file or directory ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:29:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:29:44 +0000 Subject: [gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022) In-Reply-To: References: Message-ID: Merge Request !1022 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1022 Project:Branches: civodul/gnutls:guile-remove-alloca to gnutls/gnutls:master Author: civodul Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:29:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:29:44 +0000 Subject: [gnutls-devel] GnuTLS | Eliminate alloca() use in the guile bindings (#684) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #684: https://gitlab.com/gnutls/gnutls/issues/684 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:42:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:42:23 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: `local` seems to be a shell internal command (bash, zsh). Maybe you can just switch your shell ? `netstat` some arbitrary tool (Debian packages it within 'net-tools'). The test suite prefers `ss` (e.g. Debian package 'iproute2') over `netstat`. Any chance to install a standard `ss` or `netstat` ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179009021 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:46:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:46:29 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: > Maybe you can just switch your shell ? Well, I use Bash as my login shell. All my scripts use a shebang of `/usr/bin env bash`. ``` $ bash --version GNU bash, version 4.1.17(1)-release (i386-pc-solaris2.11) $ zsh --version zsh 5.0.7 (i386-pc-solaris2.11) ``` What do you suggest? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179010564 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:47:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:47:07 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: @nmav Something wrong with the f29 CI image (you are the Fedora expert ;-)) ? ``` configure: checking for guile 3.0 configure: checking for guile 2.2 configure: found guile 2.2 checking for guile... /usr/bin/guile configure: error: found development files for Guile 2.2, but /usr/bin/guile has effective version 2.0 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_179010857 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:51:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:51:03 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: What does `local --help` in bash say ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179012539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:52:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:52:36 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: > What does `local --help` in bash say ? ``` $ local --help -bash: local: can only be used in a function ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179013145 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 15:55:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 13:55:59 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Both fedora (29/30) images contain guile-devel (2.0), guile22-devel (2.2). Could that cause the problem? (btw. current builds succeed) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_179014499 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 16:02:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 14:02:28 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: That makes sense and shows that bash understands 'local'. What does /bin/sh link to ? In tests/fastopen.sh the shebang is /bin/sh... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179017129 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 16:04:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 14:04:56 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: ``` $ /bin/sh --version version sh (AT&T Research) 93u 2011-02-08 $ /bin/sh h:W$ h:W$ local --help /bin/sh: h:W$: not found [No such file or directory] ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179018155 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 16:13:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 14:13:25 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: This MR basically just changes one line in configure.ac, that looks pretty straight forward to me (adding check for guile 3.0). I wonder why the Debian runners work and not Fedora (though this pipeline has to be restarted with 2h timeout, @civodul Could you restart the pipeline ?). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_179021553 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 16:16:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 14:16:22 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: Work-around: link /bin/sh -> /bin/bash That might save you trouble elsewhere as well (/bin/sh shebang is quite common). @nmav We had the discussion if we should change the shebangs to `/bin/bash` - at that time I resisted, but now: maybe we should do it. No bash, no GnuTLS test suite. BTW: 'local' is not POSIX: https://stackoverflow.com/questions/18597697/posix-compliant-way-to-scope-variables-to-a-function-in-a-shell-script -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179022681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 16:37:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 14:37:47 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: > Work-around: link /bin/sh -> /bin/bash For the long term fix I recommend a shebang of `/usr/bin/env bash`. As far as I know it is the only portable way to specify bash as the interpreter. It will avoid problems on OpenBSD. OpenBSD does not include Bash by default. Once you install it through the package manager, OpenBSD places Bash at /usr/local/bin`, not `/usr/bin`. Also see [Why is #!/usr/bin/env bash superior to #!/bin/bash?](https://stackoverflow.com/q/21612980/608639) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179035501 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 18:04:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 16:04:00 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: @rockdaboot I've restarted the pipeline. @nmav Under what name is the `guile` executable for 2.2 available? Could you check what `config.log` says? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_179069206 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 19:34:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 17:34:20 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: @civodul You can click on the failed pipeline/job. On the right is a 'browse' button that shows you the artefacts (we save all kinds of *.log files on failure). For example: https://gitlab.com/civodul/gnutls/-/jobs/227421061/artifacts/file/config.log -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_179092593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 20:27:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 18:27:13 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: Some systems don't have `env` in `/usr/bin/`, so instead of using `#!env bash` why not `#!bash` and document to set PATH appropriate before `make check` ? That way people (say: developers) are even able to run the test suite with different versions of bash. BTW, I do have different versions of bash installed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179107886 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 20:30:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 18:30:22 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: Ok, I see `#!bash` isn't working, even with PATH set: ``` $ ./fastopen.sh bash: ./fastopen.sh: bash: bad interpreter: No such file or directory ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179108727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 20:50:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 18:50:08 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: > Some systems don't have `env` in `/usr/bin/`, Oh, that is interesting. `/usr/bin/env` is Posix. I would expect it to be mostly ubiquitous. I have not encountered one of those systems (yet). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179113007 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 21:03:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 19:03:14 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: `env` is POSIX, but it's path is not. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179115513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 21:09:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 19:09:29 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Tested with Firefox to be sure, it sends both `record_size_limit` and `status_request`, no RST there. ``` $ gnutls-cli lutris.net --pskusername psk_identity --pskkey e2585b90ec28396c441e59ff49825e0e849750597bbee137c4b2f587d6778d28 --priority NORMAL:+DHE-PSK Processed 154 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.186.245:443'... *** Fatal error: Error in the pull function. $ gnutls-cli lutris.net --pskusername psk_identity --pskkey e2585b90ec28396c441e59ff49825e0e849750597bbee137c4b2f587d6778d28 --priority NORMAL:+DHE-PSK %COMPAT Processed 154 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.186.245:443'... *** Fatal error: Error in the pull function. $ gnutls-cli lutris.net --priority NORMAL:%DISABLE_SAFE_RENEGOTIATION Processed 154 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.186.245:443'... *** Fatal error: Error in the pull function. $ gnutls-cli lutris.net --priority NORMAL:%DISABLE_SAFE_RENEGOTIATION %COMPAT Processed 154 CA certificate(s). Resolving 'lutris.net:443'... Connecting to '104.27.186.245:443'... *** Fatal error: Error in the pull function. ``` I guess we are out of options then? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_179116581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 7 23:46:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 21:46:39 +0000 Subject: [gnutls-devel] GnuTLS | Improve the OCSP (status request) testing (!1024) References: Message-ID: New Merge Request !1024 https://gitlab.com/gnutls/gnutls/merge_requests/1024 Project:Branches: nmav/gnutls:tmp-fix-ocsp to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: This patch set cleans up the OCSP tests, and adds a new test to check the sanity case of OCSP must staple under TLS1.2 and TLS1.3. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Test suite updated with functionality tests ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1024 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 00:31:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 22:31:21 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: Tthe shebang conversion worked well. It was performed after `configure`. ``` echo "Patching Shell Scripts" for file in $(find "$PWD" -name '*.sh') do # Fix shell cp -p "$file" "$file.fixed" sed -e 's|#!/bin/sh|#!/usr/bin/env bash|g' "$file" > "$file.fixed" mv "$file.fixed" "$file" done ``` The `cp -p` retained the original filetimes so Autotools did not do its shit. ----- After the change the `netsat` issue remains. It looks like the `-l` (lower el) option is not available. ``` usage: /usr/bin/netstat [-anuvR] [-f address_family] [-P protocol] /usr/bin/netstat [-n] [-f address_family] [-P protocol] [-T d|u] [-g | -p | -s [interval [count]]] /usr/bin/netstat -m [-v] [-T d|u] [interval [count]] /usr/bin/netstat -i [-I interface] [-an] [-f address_family] [-T d|u] [interval [count]] /usr/bin/netstat -r [-anv] [-f address_family|filter] [-T d|u] /usr/bin/netstat -M [-ns] [-f address_family] [-T d|u] /usr/bin/netstat -D [-I interface] [-f address_family] [-T d|u] try 1 /usr/bin/netstat: illegal option -- l ... ``` The [`-l` option](https://linux.die.net/man/8/netstat) lists listening sockets. It looks like `netstat -a | grep -i -E 'listen'` will handle that: ``` $ netstat -a ... TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ------- ------ ------- ------ ----------- solaris3.5999 *.* 0 0 128000 0 LISTEN solaris3.4999 *.* 0 0 128000 0 LISTEN *.sunrpc *.* 0 0 128000 0 LISTEN *.* *.* 0 0 128000 0 IDLE *.sunrpc *.* 0 0 128000 0 LISTEN *.* *.* 0 0 128000 0 IDLE ... TCP: IPv6 Local Address Remote Address Swind Send-Q Rwind Recv-Q State If --------------------------------- --------------------------------- ------- ------ ------- ------ ----------- ----- solaris3.5999 *.* 0 0 128000 0 LISTEN *.sunrpc *.* 0 0 128000 0 LISTEN *.* *.* 0 0 128000 0 IDLE ... ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179147218 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 00:43:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 22:43:00 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: Just noticed this, too: ``` $ /usr/gnu/bin/grep -IR 'netstat' gnutls-3.6.8 ... gnutls-3.6.8/tests/scripts/common.sh: for file in $(which netstat 2> /dev/null) /bin/netstat /usr/bin/netstat /usr/local/bin/netstat;do ... ``` `$(command -v netstat)` is probably a better choice than which. `command -v` is Posix with well defined behavior. `which` can produce unusual results, depending on paths, aliases and several other factors. Also see [How to check if a program exists from a Bash script?](https://stackoverflow.com/q/592620/608639) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179148311 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 00:53:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 22:53:04 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: Looking at `gnutls-3.6.8/tests/scripts/common.sh`, it looks like you can remove `-l` for Linux and Solaris. The `-a` is present, and the `grep` is present: ``` check_if_port_listening() { local PORT="$1" local PFCMD; have_port_finder $PFCMD -anl|grep "[\:\.]$PORT"|grep LISTEN >/dev/null 2>&1 } ``` Do you know why `-l` is present? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179149183 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 01:15:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 23:15:16 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: This change got me down to 4 failures: ``` if [[ "$IS_SOLARIS" -ne 0 ]] then # Fix shell script file=tests/scripts/common.sh cp -p "$file" "$file.fixed" sed -e 's|PFCMD -anl|PFCMD -an|g' "$file" > "$file.fixed" mv "$file.fixed" "$file" fi ``` The 4 failures: ``` FAIL: tls-force-etm FAIL: client-fastopen FAIL: dtls/dtls FAIL: dtls/dtls-resume ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179150852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 01:21:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Jun 2019 23:21:50 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple issue with TLS1.3 (#783) In-Reply-To: References: Message-ID: the reason for the failure was actually that the server sent the server certificate twice (0:server cert, 1:server cert (again), 2:intermediate cert) but the stapled response only once for the first sent certificate. This was only an issue with TLS 1.3 also. So this has not been strictly a GnuTLS bug - I don't know if it would be desirable or not if this would be handled more gracefully. fwiw: mozilla nss is getting along with such a situation. (no need to mention openssl, which does not ocsp checking at all) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/783#note_179151274 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 09:12:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 07:12:38 +0000 Subject: [gnutls-devel] GnuTLS | Name Constraints applied to intermediate CA CN because CA certificate does not have Extended key usage (2.5.29.37) (#776) In-Reply-To: References: Message-ID: For (1) I am not sure what guidelines you refer to. CAs don't have DNS names or IP addresses and thus name constraints as implemented by gnutls (we implement no DN contraints), do not apply. Thus the comment seems correct. For (2) again I'm not sure what's the invalid behavior you are pointing out. As above certificates which can act as server certificates (with any purpose, or server purpose) are checked, because these are the only that DNS or IP names make sense. (3) I'm not sure whether that adds any value. What is the actual problem you are pointing? Are there valid certificate chains that will fail this name constraints check? The CN check is a hack because many certificates set this field instead of the correct (dns_name). If however a server certificate doesn't set the `dns_name` whether we fallback to CN with an invalid name or simply reject it, it seems to me that it does very little difference. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776#note_179180442 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 09:21:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 07:21:19 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple issue with TLS1.3 (#783) In-Reply-To: References: Message-ID: So the situation is that the chain contains: ``` 1. [server cert] || [ocsp response] 2. [server cert] 3. [ca cert] ``` The server cert has the extension that requires an OCSP response, and the code that enforces it goes through the list of the certificates as sent by the server and enforces the flag. It fails at point (2) because the certificate is not accompanied by a corresponding response. Indeed the response was previously sent in step 1, so gnutls could have used it. We could introduce some logic to handle it, though I am not sure whether the problem is significant enough to warrant additional complexity. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/783#note_179180932 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 09:23:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 07:23:18 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple issue on incorrect list (#786) References: Message-ID: New Issue was created. Issue 786: https://gitlab.com/gnutls/gnutls/issues/786 Author: Nikos Mavrogiannopoulos Assignees: When a server chain is received that contains: ``` 1. [server cert] || [ocsp response] 2. [server cert] 3. [ca cert] ``` and the server cert has the extension that requires an OCSP response, then gnutls will fail to verify that chain. The code that enforces it goes through the list of the certificates as sent by the server and enforces the flag. It fails at point (2) because the certificate is not accompanied by a corresponding response. Indeed the response was previously sent in step 1, so gnutls could have used it. We could introduce some logic to handle it, though I am not sure whether the problem is significant enough to warrant additional complexity. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/786 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 09:24:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 07:24:28 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple issue with TLS1.3 (#783) In-Reply-To: References: Message-ID: Closing it in favor of https://gitlab.com/gnutls/gnutls/issues/786 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/783#note_179181106 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 09:24:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 07:24:28 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple issue with TLS1.3 (#783) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #783: https://gitlab.com/gnutls/gnutls/issues/783 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/783 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 09:27:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 07:27:52 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: I have removed `guile-devel` (2.0) from the [fedora30 image](https://gitlab.com/gnutls/build-images). Though I'm not sure what we should be testing compilation against. In fedora there are no packages that depend on guile2.2, all depend on 2.0, though for gnutls' `make dist` we require the 2.2 version. Ludo any suggestion? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_179181336 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 18:20:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 16:20:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Have you tried combinations of these options? Also have you seen where the rst comes from? I am also linking this here which may be related. https://gitlab.com/openconnect/ocserv/issues/212 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_179241584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 19:03:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 17:03:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli lutris.net fails (#779) In-Reply-To: References: Message-ID: Just tried combination of these with and without `%COMPAT` option, no difference. If I read it right, RST comes from lutris.net, attached is RST pcap. Thanks, I will watch the other issue too. [RST.pcapng](/uploads/3ffb6b06104c49866fe8a3de2ff0e992/RST.pcapng) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/779#note_179244249 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 19:25:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 17:25:54 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) In-Reply-To: References: Message-ID: It makes sense to me the deprecation. As I know nothing of guile my approval is based on the fact that the CI succeeds. @civodul let me know if that's sufficient to merge. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021#note_179245590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 19:25:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 17:25:55 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) In-Reply-To: References: Message-ID: Merge Request !1021 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1021 Project:Branches: civodul/gnutls:guile-deprecate-openpgp to gnutls/gnutls:master Author: civodul Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 8 20:04:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Jun 2019 18:04:21 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple can fail on incorrect certificate list under TLS1.3 (#786) In-Reply-To: References: Message-ID: Failing the verification seems to be correct. If we had a 'relaxed verification' mode, it should succeed here. But being 'relaxed' might also introduce new issues, despite from the additional code complexity you mention. Except this turns out to be a 'common' server issue, we should not change behavior. To find out how widespread this scenario is, we could make stats about the top 1M web sites... if you have an example source code to connect and write stats, I'll run it through the 1M sites. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/786#note_179248968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 9 10:59:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 09 Jun 2019 08:59:32 +0000 Subject: [gnutls-devel] GnuTLS | Solaris self test failures (#785) In-Reply-To: References: Message-ID: Re shebang, I would suggest to tell the test harness to use bash through `SH_LOG_COMPILER`, rather than modifying those test scripts: https://www.gnu.org/software/automake/manual/automake.html#Parallel-Test-Harness -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/785#note_179310141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 10 08:22:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 06:22:53 +0000 Subject: [gnutls-devel] GnuTLS | OCSP must staple can fail on incorrect certificate list under TLS1.3 (#786) In-Reply-To: References: Message-ID: I do not have any script like that. I remember I did it in the past using a bash for-loop and saving the output and host if connection would fail. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/786#note_179463992 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 10 11:01:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 09:01:23 +0000 Subject: [gnutls-devel] GnuTLS | Use https:// for arbitrary files #1 (699cd8bd) In-Reply-To: References: Message-ID: Gisle Vanem started a new discussion on doc/cha-library.texi: https://gitlab.com/gnutls/gnutls/commit/699cd8bd5a8e6d7eea28842e2011a25e1963daf6#note_179513213 > provides the trusted certificates, but allows the categorization of them using purpose, > e.g., CAs can be restricted for e-mail usage only, or administrative restrictions of CAs, for > examples by restricting a CA to only issue certificates for a given DNS domain using NameConstraints. > -A publicly available PKCS #11 trust module is p11-kit's trust module at footnote{@url{http://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}. > +A publicly available PKCS #11 trust module is p11-kit's trust module at footnote{@url{https://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}. This link gives me a 404 at Github. Shouldn't it be `https://p11-glue.github.io/p11-glue/trust-module.html` as in `cha-cert-auth.texi`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/699cd8bd5a8e6d7eea28842e2011a25e1963daf6#note_179513213 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 10 12:01:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 10:01:13 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_179540786 @nmav thank you, I will review this MR later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_179540786 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 10 15:01:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 13:01:36 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: Issue was reopened by David Woodhouse Issue 139: https://gitlab.com/gnutls/gnutls/issues/139 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 10 15:05:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 13:05:41 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: ocserv on Fedora 30 seems to negotiate EtM with an OpenSSL 1.1.1 client, then the client doesn't like the Finished message. I've worked around this with https://gitlab.com/openconnect/openconnect/commit/97cafd182f5a5c2d13f57d7faeac8432aea9bbf8 but as discussed on IRC earlier I think there's something wrong on the GnuTLS side. I fixed OpenSSL thus: https://github.com/openssl/openssl/commit/e23d5071ec4c7aa6bb2b and my commit comment (which I have no reason to disbelieve) says that I tested with GnuTLS both with and without EtM at the time. But today, running against ocserv on Fedora 30, it fails again. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_179626567 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 10 21:43:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 19:43:56 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: and if you run with gnutls on f29 or f28 it works? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_179771409 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 10 21:51:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 19:51:50 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: Please provide more information if you think that this is an issue in gnutls. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_179776110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 10 22:15:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 20:15:55 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag (!1025) References: Message-ID: New Merge Request !1025 https://gitlab.com/gnutls/gnutls/merge_requests/1025 Branches: tmp-fix-raw-flag-in-newapi to master Author: Nikos Mavrogiannopoulos Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1025 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 00:02:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Jun 2019 22:02:34 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) In-Reply-To: References: Message-ID: @nmav I think it is sufficient, thanks for taking a look! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021#note_179811872 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 10:49:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Jun 2019 08:49:25 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: I think we should primarily test against the current stable version of Guile, which is 2.2. As a bonus, we could also test against 2.0, but it's definitely less critical. (I test it periodically with Guix, which makes it easy.) I've restarted the pipeline, so hopefully we're all set? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_179943291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 11:12:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Jun 2019 09:12:05 +0000 Subject: [gnutls-devel] GnuTLS | Implement gnutls_aead_cipher_(en|de)crypt_vec() (#718) In-Reply-To: References: Message-ID: At the SambaXP conference Microsoft gave a talk about the future of SMB3. They mentioned that they will add compression support to the protocol and that there are also ciphers which do some compression. @metze pointed out, that we might want to add parameters to make sure we can support compressing ciphers in future with this API. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/718#note_179958847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 11:40:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Jun 2019 09:40:22 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on src/tests.c: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_179979625 > #define ALL_MACS "+MAC-ALL:+MD5:+SHA1" > #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" > #define INIT_STR "NONE:" > -char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL"; > +char rest[128] = "%UNSAFE_RENEGOTIATION:%ALLOW_SMALL_RECORDS:+SIGN-ALL:+GROUP-ALL"; What I'm thinking this can cause, normal connections to fail, though gnutls-cli-debug working properly. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_179979625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 11:44:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Jun 2019 09:44:52 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Other than the comment LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_179981628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 11:47:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Jun 2019 09:47:02 +0000 Subject: [gnutls-devel] GnuTLS | Implement gnutls_aead_cipher_(en|de)crypt_vec() (#718) In-Reply-To: References: Message-ID: Do you know which ciphers they were referring to? In terms of standardized protocols like TLS, compression and encryption combination is considered a bad practice. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/718#note_179982657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 16:37:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Jun 2019 14:37:12 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) In-Reply-To: References: Message-ID: This seems to conflict with the previous merge on guile code. Could you rebase it on current master? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021#note_180129788 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 16:45:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Jun 2019 14:45:42 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: It seems to fail again but seeing the log, it is downloading the f29 image. You may need to rebase on current master. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_180134260 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 11 16:55:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Jun 2019 14:55:16 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1013 was reviewed by Jakub Jelen -- Jakub Jelen started a new discussion on configure.ac: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138780 > +AC_DEFINE([INI_STOP_ON_FIRST_ERROR], 1, [whether to stop on first error]) > +AC_DEFINE_UNQUOTED([INI_INLINE_COMMENT_PREFIXES], [";#"], [The comment prefixes]) > +AC_DEFINE_UNQUOTED([INI_START_COMMENT_PREFIXES], [";#"], [The comment prefixes]) The comment should say here "`The inline comment prefixes`". -- Jakub Jelen started a new discussion on lib/name_val_array.h: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138781 > +/* > + * Copyright (C) 2011-2012 Free Software Foundation, Inc. Should this come with more recent (c)? -- Jakub Jelen started a new discussion on tests/system-override-hash.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138783 > +/* > + * Copyright (C) 2016 Red Hat, Inc. 2019? -- Jakub Jelen started a new discussion on tests/system-override-sig-hash.sh: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138784 > +#!/bin/sh > + > +# Copyright (C) 2017 Nikos Mavrogiannopoulos 2019? -- Jakub Jelen started a new discussion on tests/system-override-sig.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138785 > + > +/* This test verifies whether a system-wide configuration which disables SHA256 > + * and SHA512 is seen from the library side. This comment is copy&paste from the previous test file, while this test actually disables the `rsa-sha256` for certs and `rsa-sha512,rsa-sha1` for signatures. -- Jakub Jelen started a new discussion on tests/system-override-sig.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138788 > +/* > + * Copyright (C) 2016 Red Hat, Inc. 2019? -- Jakub Jelen started a new discussion on tests/system-override-invalid.sh: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138791 > +#!/bin/sh > + > +# Copyright (C) 2017 Nikos Mavrogiannopoulos 2019? -- Jakub Jelen started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138795 > + * Returns: a constant pointer to the config file loaded, or %NULL if none > + * > + * Since: 3.6.8 Should this say `3.6.9`? -- Jakub Jelen started a new discussion on doc/cha-config.texi: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138796 > + at cindex System-wide configuration > + > + at acronym{GnuTLS} 3.6.8 introduced a system-wide configuration of the library `3.6.9` -- Jakub Jelen started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138798 > + > +** API and ABI modifications: > +No changes since last version. Added `gnutls_get_system_config_file` -- Jakub Jelen started a new discussion on tests/system-override-profiles.sh: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180138803 > + > +# 224 bits > +min-verification-profile=medim Is this typo intentional `medim`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 09:58:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 07:58:07 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: I've rebased on master, not sure if it helped. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_180398117 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 10:00:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 08:00:02 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) In-Reply-To: References: Message-ID: Done! Let me know how it goes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021#note_180398784 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 10:06:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 08:06:59 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: Does your test suite include OpenSSL 1.1.1 (which actually requests EtM) as a DTLS client to GnuTLS? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_180401269 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 10:33:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 08:33:14 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: I applied this hack to OpenSSL 1.1.0 to make it *not* do EtM even when it's negotiated it: ``` --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -370,7 +370,7 @@ # define GET_MAX_FRAGMENT_LENGTH(session) \ (512U << (session->ext.max_fragment_len_mode - 1)) -# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) +# define SSL_READ_ETM(s) (0 && s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) # define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) /* Mostly for SSLv3 */ ``` Now it talks to GnuTLS just fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_180412842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 11:56:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 09:56:58 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) In-Reply-To: References: Message-ID: Oops, I had inadvertently pushed two unrelated commits, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021#note_180449424 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 11:53:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 09:53:01 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) References: Message-ID: New Merge Request !1026 https://gitlab.com/gnutls/gnutls/merge_requests/1026 Project:Branches: civodul/gnutls:guile-reauth to gnutls/gnutls:master Author: civodul Assignees: These patches update bits of the Guile bindings: - `make-session` now allows users to specify connection flags, such as `GNUTLS_AUTO_REAUTH`; - the session record port properly loops upon `GNUTLS_E_AGAIN` and `GNUTLS_E_INTERRUPTED`; - `gnutls_error_is_fatal` is finally accessible from Guile. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [X] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 14:22:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 12:22:40 +0000 Subject: [gnutls-devel] GnuTLS | fips: run selftests over overriden AES-CBC algorithm (!1027) References: Message-ID: New Merge Request !1027 https://gitlab.com/gnutls/gnutls/merge_requests/1027 Branches: tmp-aes-cbc-selftest to master Author: Daiki Ueno Assignees: Previously, we only tested nettle's AES-CBC in `_gnutls_fips_perform_self_checks1()`, which is called before the implementation is overriden. This adds an AES-CBC self-test in `_gnutls_fips_perform_self_checks2()` so it can test the actual implementation. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 14:33:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 12:33:23 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021#note_180510149 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 14:46:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 12:46:38 +0000 Subject: [gnutls-devel] GnuTLS | fips: run selftests over overriden AES-CBC algorithm (!1027) In-Reply-To: References: Message-ID: Merge Request !1027 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1027 Branches: tmp-aes-cbc-selftest to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 14:57:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 12:57:41 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_180530266 > const fill_port_data_t *args = (fill_port_data_t *) data; > > c_port = args->c_port; > - result = gnutls_record_recv (args->c_session, > - c_port->read_buf, c_port->read_buf_size); > + > + do > + result = gnutls_record_recv (args->c_session, > + c_port->read_buf, c_port->read_buf_size); > + while (result == GNUTLS_E_AGAIN || result == GNUTLS_E_INTERRUPTED); This may be very CPU intensive when e.g. when socket readability isn't given. To not waste CPU / energy (and prevent possible DOS attacks), the thread could release CPU in case of GNUTLS_E_AGAIN. The POSIX function is sched_yield(), an alternative is a short sleep (which has it's caveats, e.g. unwantedly limiting bandwidth). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_180530266 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:01:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:01:01 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: Otherwise LGTM (though I can't really judge guile code). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_180533206 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:23:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:23:20 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1013 was reviewed by Jakub Jelen -- Jakub Jelen started a new discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180543940 > exclude_file_name_regexp--sc_prohibit_undesirable_word_seq = ^tests/nist-pkits/gnutls-nist-tests.html$$ > -exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ > +exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|tests/system-override-curves.sh|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ I am not sure if I understand this change and how it is related to the rest of the changes in this commit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:33:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:33:07 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Jakub Jelen commented on a discussion on lib/name_val_array.h: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180548711 > +/* > + * Copyright (C) 2011-2012 Free Software Foundation, Inc. Or is this also some copylib from somewhere? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180548711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:35:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:35:53 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: @nmav I am done with the first round of review. Please, let me know when you will have them addressed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550001 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:38:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:38:07 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1013 was reviewed by Nikos Mavrogiannopoulos -- Nikos Mavrogiannopoulos commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550919 > +AC_DEFINE([INI_STOP_ON_FIRST_ERROR], 1, [whether to stop on first error]) > +AC_DEFINE_UNQUOTED([INI_INLINE_COMMENT_PREFIXES], [";#"], [The comment prefixes]) > +AC_DEFINE_UNQUOTED([INI_START_COMMENT_PREFIXES], [";#"], [The comment prefixes]) Thanks done. -- Nikos Mavrogiannopoulos commented on a discussion on lib/name_val_array.h: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550926 > +/* > + * Copyright (C) 2011-2012 Free Software Foundation, Inc. Thanks, updated. -- Nikos Mavrogiannopoulos commented on a discussion on tests/system-override-hash.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550931 > +/* > + * Copyright (C) 2016 Red Hat, Inc. Updated. -- Nikos Mavrogiannopoulos commented on a discussion on tests/system-override-sig-hash.sh: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550937 > +#!/bin/sh > + > +# Copyright (C) 2017 Nikos Mavrogiannopoulos Updated. -- Nikos Mavrogiannopoulos commented on a discussion on tests/system-override-sig.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550943 > +/* > + * Copyright (C) 2016 Red Hat, Inc. Updated -- Nikos Mavrogiannopoulos commented on a discussion on tests/system-override-sig.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550946 > + > +/* This test verifies whether a system-wide configuration which disables SHA256 > + * and SHA512 is seen from the library side. Nice catch. Fixed. -- Nikos Mavrogiannopoulos commented on a discussion on tests/system-override-invalid.sh: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550950 > +#!/bin/sh > + > +# Copyright (C) 2017 Nikos Mavrogiannopoulos Updated. -- Nikos Mavrogiannopoulos commented on a discussion on doc/cha-config.texi: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180550956 > + at cindex System-wide configuration > + > + at acronym{GnuTLS} 3.6.8 introduced a system-wide configuration of the library Updated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:40:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:40:13 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180552136 > exclude_file_name_regexp--sc_file_system = ^doc/doxygen/Doxyfile > exclude_file_name_regexp--sc_prohibit_cvs_keyword = ^lib/nettle/.*$$ > exclude_file_name_regexp--sc_prohibit_undesirable_word_seq = ^tests/nist-pkits/gnutls-nist-tests.html$$ > -exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ > +exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|tests/system-override-curves.sh|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ gnulib provides a `make syntax-check` which checks for various improper formatting (tabs at the end of line, space-tab sequence, etc). This tells that check that the file system-override-curves.sh should not be included. It intentionally contains this kind of invalid input to test the space/tab removal code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180552136 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:42:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:42:50 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Jakub Jelen commented on a discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180553414 > exclude_file_name_regexp--sc_file_system = ^doc/doxygen/Doxyfile > exclude_file_name_regexp--sc_prohibit_cvs_keyword = ^lib/nettle/.*$$ > exclude_file_name_regexp--sc_prohibit_undesirable_word_seq = ^tests/nist-pkits/gnutls-nist-tests.html$$ > -exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ > +exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|tests/system-override-curves.sh|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ Thank you. That is fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180553414 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:48:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:48:31 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1013 was reviewed by Nikos Mavrogiannopoulos -- Nikos Mavrogiannopoulos commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180555998 > + * Returns: a constant pointer to the config file loaded, or %NULL if none > + * > + * Since: 3.6.8 Correct. -- Nikos Mavrogiannopoulos commented on a discussion on NEWS: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180556001 > + > +** API and ABI modifications: > +No changes since last version. Nice catch. -- Nikos Mavrogiannopoulos commented on a discussion on tests/system-override-profiles.sh: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180556002 > + > +# 224 bits > +min-verification-profile=medim No, it was not. It should have been 'ultra'. Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 15:51:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 13:51:13 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Thank you. I incidentally started addressing the findings while you were writing this. I think I addressed all the issues you identified. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_180557252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 16:32:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 14:32:15 +0000 Subject: [gnutls-devel] GnuTLS | guile: Deprecate OpenPGP bindings. (!1021) In-Reply-To: References: Message-ID: Merge Request !1021 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1021 Project:Branches: civodul/gnutls:guile-deprecate-openpgp to gnutls/gnutls:master Author: civodul Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1021 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 18:04:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 16:04:01 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: Hi Tim, I was under the impression that `GNUTLS_E_AGAIN` does not directly map to `EAGAIN`; for a real `EAGAIN`, and when the transport is a file descriptor, the built-in pull function simply `poll`s or `select`s, right? I've only ever seen `gnutls_recv` return `GNUTLS_E_AGAIN` when a re-authentication request was received. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_180650492 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 19:39:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 17:39:11 +0000 Subject: [gnutls-devel] GnuTLS | fips: run selftests over overridden AES-CBC algorithm (!1027) In-Reply-To: References: Message-ID: Merge Request !1027 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1027 Branches: tmp-aes-cbc-selftest to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 20:40:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 18:40:54 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: Hi Ludo, in Wget2 we use our own timeout function (select/poll) with non-blocking sockets. We check for readability before calling gnutls_record_recv(). And we don't use gnutls_record_set_timeout(). Code at https://gitlab.com/gnuwget/wget2/blob/master/libwget/ssl_gnutls.c#L1937. I had the wget2 code in mind - maybe your are using sockets and timeout in a different manner and that's perfectly fine. Just resolve the discussion above if you are sure about it. Then please rebase onto master and let's hope the psk test doesn't fail any more (likly it doesn't has anything to do with this MR). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_180698031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 12 22:34:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Jun 2019 20:34:18 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: In pratice, `GNUTLS_E_AGAIN` does not correspond to an actual `EAGAIN` in my case because the underlying file descriptor is blocking. `GNUTLS_E_AGAIN`is actually returned in case of a short read internally. Nevertheless, I went for the "smarter" approach on Guile 2.2+, which allows Guile to `poll` before it calls our `gnutls_record_recv` wrapper again. It looks better this way! Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_180729089 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 13 08:29:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Jun 2019 06:29:58 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: I am reading the description above and I am not sure what fails and when. In openconnect/ocserv there is support multiple scenarios. What fails? - [ ] DTLS-0.9 resumption with AES-CBC - [ ] PSK-NEGOTIATE (DTLS1.x) with AES-CBC The first, there is no notion of encrypt-then-mac because that's a constructed resumed session, and based on the way it was created there is no encrypt-then-mac extension on the original session. On the second, you write that ocserv doesn't negotiate EtM anyway. So I'm not sure what fails. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_180816743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 13 08:32:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Jun 2019 06:32:40 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: btw. I verified that there is interop of openssl 1.1.1c with gnutls master branch on DTLS. It doesn't explicitly negotiate AES-CBC, but I attach to a patch to do just that, and it still works. [patch.txt](/uploads/c437ae630431fa7b70f6ceadc70aabe4/patch.txt) Could you send a reproducer with gnutls-serv and openssl command line? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_180817351 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 13 17:20:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Jun 2019 15:20:07 +0000 Subject: [gnutls-devel] GnuTLS | optional: Support for deterministic ECDSA (#94) In-Reply-To: References: Message-ID: Posted patches to nettle: https://lists.lysator.liu.se/pipermail/nettle-bugs/2019/007558.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/94#note_181081694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 13 21:59:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Jun 2019 19:59:49 +0000 Subject: [gnutls-devel] GnuTLS | Add gnutls_hmac_copy() (#787) In-Reply-To: References: Message-ID: It looks like a nice to have thing, though I wonder whether there is any practical use for such an API in 2019. The TLS protocol used to use such optimizations until version 1.2, but today it feels like nitpicking optimizing hash operations. I wouldn't object to such an API though. Marking it for consideration, if there is still use for it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/787#note_181167145 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 13 22:10:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Jun 2019 20:10:02 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: >From gnutls root: ``` $ openssl s_server -dtls1_2 -accept 5555 -keyform pem -certform pem -key doc/credentials/x509/key-rsa.pem -cert doc/credentials/x509/cert-rsa.pem -cipher PSK -psk_identity test -psk 00000000 ... $ gnutls-cli localhost -p 5555 --udp --insecure --priority NORMAL:-CIPHER-ALL:+AES-256-CBC:-KX-ALL:+PSK ... - PSK authentication. Connected as 'test' - Options: extended master secret, safe renegotiation, EtM, ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_181170295 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 01:33:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Jun 2019 23:33:36 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181221189 > if (p != NULL) > system_priority_file = p; > > + p = secure_getenv("GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID"); Why do you need such special mode? I'd expect that all config errors should make GnuTLS unusable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181221189 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 01:36:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Jun 2019 23:36:14 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181221425 > } > > system_wide_verification_profile = profile; > + } else if (c_strcasecmp(name, "tls-disabled-ciphers")==0) { I'd suggest changing to `tls-disabled-cipher/mac/...` and allowing just one value, so that we don't need `strtok_r()` here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181221425 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 06:56:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 04:56:44 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181273166 > if (p != NULL) > system_priority_file = p; > > + p = secure_getenv("GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID"); Indeed that can be confusing. The advantage I saw when writing this, was using a configuration for a different version which may have newer algorithms can still be safe. For example when someone downgrades gnutls while the policy is untouched, the older version still works, even if the new version had a curve that the last did not support. Also you could ship the same config to multiple hosts irrespective of the gnutls version. The simplicity of just failing though, will make it much easier identify errors in configuration files. What do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181273166 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 06:58:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 04:58:25 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181273375 > } > > system_wide_verification_profile = profile; > + } else if (c_strcasecmp(name, "tls-disabled-ciphers")==0) { Quite a clever work-around, thanks. Thinking of it though, I think it looks a little foreign, though not sure. As a user/writer of such file, which one would you prefer? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181273375 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 08:38:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 06:38:43 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181289974 > } > > system_wide_verification_profile = profile; > + } else if (c_strcasecmp(name, "tls-disabled-ciphers")==0) { I'd prefer single-item lines as it is easier to push hash sign at the beginning of the line to disable single config option. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181289974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 10:08:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 08:08:27 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov started a new discussion on lib/algorithms/ecc.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181319598 > /* Supported ECC curves > */ > > -static const gnutls_ecc_curve_entry_st ecc_curves[] = { > +#ifdef DISABLE_SYSTEM_CONFIG > +/* When we have no configuration this list is read-only */ > +static const > +#else > +static > +#endif It might be easier to just define `SYSTEM_CONFIG_OR_CONST` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181319598 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 10:09:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 08:09:37 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov started a new discussion on lib/algorithms/ecc.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181319996 > int i = 0; > > GNUTLS_ECC_CURVE_LOOP( > - if (_gnutls_pk_curve_exists(p->id)) > + if (p->supported) p->supported should be filled by calling `_gnutls_pk_curve_exists`-like function, as different nettle versions may support different curves. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181319996 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 10:18:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 08:18:58 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181323349 > if (p != NULL) > system_priority_file = p; > > + p = secure_getenv("GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID"); Hmm, on a second thought, default-permissive mode makes sense, as disabling-only config file benefits from just warning on unsupported values. E.g. admin might like to install config files disabling md5, sha1 and e.g. sm3 and not to worry about GnuTLS version and if it supports this algorithm really or not. So I'd withdraw my original comment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181323349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 10:26:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 08:26:04 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag (!1025) In-Reply-To: References: Message-ID: Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1025#note_181325659 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 10:26:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 08:26:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag (!1025) In-Reply-To: References: Message-ID: Merge Request !1025 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1025 Branches: tmp-fix-raw-flag-in-newapi to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1025 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 10:27:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 08:27:20 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag (!1025) In-Reply-To: References: Message-ID: Merge Request !1025 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1025 Branches: tmp-fix-raw-flag-in-newapi to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1025 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 10:28:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 08:28:12 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag (!1025) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1025#note_181326523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 14 10:29:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Jun 2019 08:29:11 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/tests.c: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_181326880 > #define ALL_MACS "+MAC-ALL:+MD5:+SHA1" > #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" > #define INIT_STR "NONE:" > -char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL"; > +char rest[128] = "%UNSAFE_RENEGOTIATION:%ALLOW_SMALL_RECORDS:+SIGN-ALL:+GROUP-ALL"; I've turned it into a new test rather than adding the option unconditionally. Could you please check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_181326880 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 06:44:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 04:44:54 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#788) References: Message-ID: New Issue was created. Issue 788: https://gitlab.com/gnutls/gnutls/issues/788 Author: GnuTLS bot Assignees: The following issues require labels: - [ ] [Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7](https://gitlab.com/gnutls/gnutls/issues/758) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/788 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 06:44:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 04:44:57 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: @lumag This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_181638489 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 06:44:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 04:44:56 +0000 Subject: [gnutls-devel] GnuTLS | WIP: AF_ALG support for GnuTLS (!555) In-Reply-To: References: Message-ID: @smuellerDD This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/555#note_181638491 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 06:44:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 04:44:54 +0000 Subject: [gnutls-devel] GnuTLS | Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7 (#758) In-Reply-To: References: Message-ID: @YmrDtnJu This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/758#note_181638486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 06:44:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 04:44:56 +0000 Subject: [gnutls-devel] GnuTLS | WIP: tpm: Try to use password from the PIN callback if srk_password is NULL (!796) In-Reply-To: References: Message-ID: @stefanberger This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/796#note_181638490 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 09:56:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 07:56:53 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on src/tests.c: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_181647440 > #define ALL_MACS "+MAC-ALL:+MD5:+SHA1" > #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" > #define INIT_STR "NONE:" > -char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL"; > +char rest[128] = "%UNSAFE_RENEGOTIATION:%ALLOW_SMALL_RECORDS:+SIGN-ALL:+GROUP-ALL"; Thanks that's great. Would it make sense to verify that the check works as expected under gnutls, via `tests/gnutls-cli-debug.sh`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_181647440 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 11:44:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 09:44:19 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: Fix syntax error [ci skip] (!1028) References: Message-ID: New Merge Request !1028 https://gitlab.com/gnutls/gnutls/merge_requests/1028 Project:Branches: ametzler/gnutls:tmp-ametzler-doc-syntax-fix to gnutls/gnutls:master Author: Andreas Metzler Assignees: CONTRIBUTING.md was missing Closing ``` in the "Header guards" paragraph ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1028 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 20:08:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 18:08:07 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: Fix syntax error [ci skip] (!1028) In-Reply-To: References: Message-ID: Merge Request !1028 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1028 Project:Branches: ametzler/gnutls:tmp-ametzler-doc-syntax-fix to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1028 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 20:08:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 18:08:10 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: Fix syntax error [ci skip] (!1028) In-Reply-To: References: Message-ID: Merge Request !1028 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1028 Project:Branches: ametzler/gnutls:tmp-ametzler-doc-syntax-fix to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1028 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 20:08:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 18:08:33 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: Fix syntax error [ci skip] (!1028) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1028#note_181691203 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 20:33:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 18:33:57 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/algorithms/ecc.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181692697 > int i = 0; > > GNUTLS_ECC_CURVE_LOOP( > - if (_gnutls_pk_curve_exists(p->id)) > + if (p->supported) Makes sense. Reverted this part. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181692697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 20:34:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 18:34:04 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/algorithms/ecc.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181692702 > /* Supported ECC curves > */ > > -static const gnutls_ecc_curve_entry_st ecc_curves[] = { > +#ifdef DISABLE_SYSTEM_CONFIG > +/* When we have no configuration this list is read-only */ > +static const > +#else > +static > +#endif Done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181692702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 15 20:35:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Jun 2019 18:35:19 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181692780 > } > > system_wide_verification_profile = profile; > + } else if (c_strcasecmp(name, "tls-disabled-ciphers")==0) { Let me think about it. If we'd like to make a robust parser, even for that we would need to modify the input (to remove trailing space), or copy the output and process the copy. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181692780 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 16 14:05:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Jun 2019 12:05:21 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#788) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #788: https://gitlab.com/gnutls/gnutls/issues/788 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/788 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 16 14:10:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Jun 2019 12:10:47 +0000 Subject: [gnutls-devel] GnuTLS | Use https:// for arbitrary files #1 (699cd8bd) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on doc/cha-library.texi: https://gitlab.com/gnutls/gnutls/commit/699cd8bd5a8e6d7eea28842e2011a25e1963daf6#note_181740006 > provides the trusted certificates, but allows the categorization of them using purpose, > e.g., CAs can be restricted for e-mail usage only, or administrative restrictions of CAs, for > examples by restricting a CA to only issue certificates for a given DNS domain using NameConstraints. > -A publicly available PKCS #11 trust module is p11-kit's trust module at footnote{@url{http://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}. > +A publicly available PKCS #11 trust module is p11-kit's trust module at footnote{@url{https://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}. Thank you, updated. If you encounter similar broken links or issues, the quickest way to address them is to propose a merge request with the updated link. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/699cd8bd5a8e6d7eea28842e2011a25e1963daf6#note_181740006 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 17 20:32:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Jun 2019 18:32:02 +0000 Subject: [gnutls-devel] GnuTLS | Mark the register crypto API as deprecated (#789) References: Message-ID: New Issue was created. Issue 789: https://gitlab.com/gnutls/gnutls/issues/789 Author: Nikos Mavrogiannopoulos Assignees: We provide an API to replace bundled cipher implementations in gnutls. However, that API is rarely used (no users in codesearch), has a nice use case (an application replacing the crypto implementation with a faster), but has significant side effects. Any internal re-organization and extension of the cipher API (e.g., #787), cannot be implemented without breaking that API. I propose to deprecate this API in 3.6.x series, and make it a no-op in 3.7.0. This bug is about marking it as deprecated in 3.6.x. It impacts: ``` gnutls_crypto_register_cipher gnutls_crypto_register_aead_cipher gnutls_crypto_register_mac gnutls_crypto_register_digest ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/789 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 17 20:32:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Jun 2019 18:32:57 +0000 Subject: [gnutls-devel] GnuTLS | Phase out the cipher implementation override API (#790) References: Message-ID: New Issue was created. Issue 790: https://gitlab.com/gnutls/gnutls/issues/790 Author: Nikos Mavrogiannopoulos Assignees: We provide an API to replace bundled cipher implementations in gnutls. However, that API is rarely used (no users in codesearch), has a nice use case (an application replacing the crypto implementation with a faster), but has significant side effects. Any internal re-organization and extension of the cipher API (e.g., #787), cannot be implemented without breaking that API. I propose to deprecate this API in 3.6.x series, and make it a no-op in 3.7.0. This issue is about making it a no-op in 3.7.x. It impacts: ``` gnutls_crypto_register_cipher gnutls_crypto_register_aead_cipher gnutls_crypto_register_mac gnutls_crypto_register_digest ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 18 14:18:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Jun 2019 12:18:13 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) References: Message-ID: New Merge Request !1029 https://gitlab.com/gnutls/gnutls/merge_requests/1029 Project:Branches: kaoh/gnutls:patch-1 to gnutls/gnutls:master Author: Karsten Ohme Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 18 15:07:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Jun 2019 13:07:16 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) References: Message-ID: New Merge Request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 Project:Branches: kaoh/gnutls:registeredidsupport to gnutls/gnutls:master Author: Karsten Ohme Assignees: The certtool or gnutls in general did not support the GeneralName `registeredID`. This is needed e.g. for certificates following the SGP.22 specification. This is a test certificate of the specification: http://s000.tinyupload.com/index.php?file_id=83702513347403399347 The following command will fail with an "Unknown Subjection Alternative Name": certtool -i --infile CERT_S_SM_DPauth_ECDSA_NIST.pem With the supplied patch it can be handled. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 02:01:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 00:01:38 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * 5ca2f574 - Support for registeredID in subject alt name -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 02:18:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 00:18:20 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * 115e74a4 - Support for registeredID in subject alt name -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 04:10:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 02:10:22 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * 13efaa70 - Support for registeredID in subject alt name -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 04:41:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 02:41:59 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * 1c930b91 - Support for registeredID in subject alt name -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 04:48:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 02:48:29 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * fbda457e - Support for registeredID in subject alt name -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 07:43:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 05:43:30 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * a1a6f3e6 - Support for registeredID in subject alt name -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 07:49:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 05:49:12 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1029 https://gitlab.com/gnutls/gnutls/merge_requests/1029 * 543441d8 - Notes about Ubuntu specific software versions not available. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 10:52:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 08:52:43 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Would you like to add a test on certtool verifying that it gets the expected output from such a certificate? You could use `tests/cert-tests/tlsfeature-test` for inspiration. That way we can be sure that this addition doesn't regress in the future. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182929438 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 10:55:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 08:55:10 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: You do not need to include the `devel/libdane-latest-x86_64.abi` in this commit. I believe they are not necessary. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182931102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 10:57:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 08:57:35 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182932412 > certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \ > certs-interesting/cert6.der certs-interesting/cert6.der.err \ > certs-interesting/cert7.der certs-interesting/cert8.der \ > - certs-interesting/cert9.der certs-interesting/cert5.der.err \ > + certs-interesting/cert9.der certs-interesting/cert10.der \ These are certificates which caused some issue, e.g., a crash or an out-of-memory exception in some older gnutls releases, and the certificates added make sure that they fail gracefully. Why do you remove the cert5 error, and why is cert10 added? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182932412 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 11:22:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 09:22:11 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Please make sure that CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout). Then restart the failed jobs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_182944310 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 11:32:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 09:32:33 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1029 was reviewed by Tim R?hsen -- Tim R?hsen started a new discussion on README.md: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_182949378 > ``` > > +__NOTE:__ `libasan1` is not available anymore in Ubuntu 18.04 and not needed anymore for the build process. libasanX and libubsanX are automatically pulled in when installing gcc, except on very old Debian/Ubuntu versions, where you had to explicitly install them. So I would suggest to remove "libubsan0 libasan1" from the apt-get line and change to commit to say that on older versions of Debian/Ubuntu you have to install those packages manually. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 12:19:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 10:19:45 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182979491 > certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \ > certs-interesting/cert6.der certs-interesting/cert6.der.err \ > certs-interesting/cert7.der certs-interesting/cert8.der \ > - certs-interesting/cert9.der certs-interesting/cert5.der.err \ > + certs-interesting/cert9.der certs-interesting/cert10.der \ cert5 has a "Registered ID" in its Subject Alternative Name (which is supported now) and failed with "Unknown Subject Alternative Name" before. It does not fail anymore with the patch and cannot be used as bad example. cert10 has an Registered ID only in its "Subject Alternative Name". -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182979491 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 12:20:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 10:20:42 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182979851 I hoped, yes. But I added a new field and the build process was failing. All identifiers where shifted by 1 by inclusion of this field. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182979851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 12:21:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 10:21:47 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182980289 So far I just added the cert10 test certificate for the cert test. I can have a look into this test hopefully later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_182980289 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 12:33:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 10:33:57 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion on README.md: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_182985153 > > Debian/Ubuntu: > ``` > -apt-get install -y valgrind libasan1 libubsan0 nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect > +apt-get install -y valgrind libubsan0 libasan1 nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect > apt-get install -y dieharder libpolarssl-runtime openssl abigail-tools socat net-tools ppp lockfile-progs > ``` > > +__NOTE:__ `libasan1` is not available anymore in Ubuntu 18.04 and not needed anymore for the build process. OK. Fine for me, you are merging this this way? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_182985153 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 13:10:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 11:10:46 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on README.md: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_182999577 > > Debian/Ubuntu: > ``` > -apt-get install -y valgrind libasan1 libubsan0 nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect > +apt-get install -y valgrind libubsan0 libasan1 nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect > apt-get install -y dieharder libpolarssl-runtime openssl abigail-tools socat net-tools ppp lockfile-progs > ``` > > +__NOTE:__ `libasan1` is not available anymore in Ubuntu 18.04 and not needed anymore for the build process. No, it's your MR. I am just suggesting - you make the change :-) Just in case you are unsure: - edit that file locally - change your local commit with `git commit --amend README.md` - force push to update this MR: `git push --force-with-lease` Then I look at it again and approve/merge if ok. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_182999577 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 13:25:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 11:25:15 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_183005015 > certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \ > certs-interesting/cert6.der certs-interesting/cert6.der.err \ > certs-interesting/cert7.der certs-interesting/cert8.der \ > - certs-interesting/cert9.der certs-interesting/cert5.der.err \ > + certs-interesting/cert9.der certs-interesting/cert10.der \ I think it is fine to remove cert5 then. Is it easy to create a certificate which has a different unknown field in the SAN? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_183005015 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 13:50:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 11:50:35 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1013 https://gitlab.com/gnutls/gnutls/merge_requests/1013 * bad2cae9 - config: simplified to avoid use of strtok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 13:56:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 11:56:15 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183017291 > } > > system_wide_verification_profile = profile; > + } else if (c_strcasecmp(name, "tls-disabled-ciphers")==0) { Proposed a patch for that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183017291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 15:15:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 13:15:58 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1023 https://gitlab.com/gnutls/gnutls/merge_requests/1023 * 1c5a1c86 - gnutls-serv: add --recordsize option * 70ed45cf - gnutls-cli-debug: check if %ALLOW_SMALL_RECORDS is required * 5f8a670e - gnutls-serv: add --httpdata option to respond with fixed sized data * 100d9bcf - tlsfuzzer: use fixed HTTP response for record_size_limit tests * d2d225d3 - tlsfuzzer: test both with and without %ALLOW_SMALL_RECORDS -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 15:41:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 13:41:01 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1029 https://gitlab.com/gnutls/gnutls/merge_requests/1029 * cea0b0cd - Notes about Ubuntu specific software versions not available. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 15:41:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 13:41:18 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion on README.md: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_183074348 > > Debian/Ubuntu: > ``` > -apt-get install -y valgrind libasan1 libubsan0 nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect > +apt-get install -y valgrind libubsan0 libasan1 nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect > apt-get install -y dieharder libpolarssl-runtime openssl abigail-tools socat net-tools ppp lockfile-progs > ``` > > +__NOTE:__ `libasan1` is not available anymore in Ubuntu 18.04 and not needed anymore for the build process. OK. Pushed again. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_183074348 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 15:50:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 13:50:06 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: All discussions on Merge Request !1023 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/1023 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 15:50:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 13:50:07 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/tests.c: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_183080046 > #define ALL_MACS "+MAC-ALL:+MD5:+SHA1" > #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" > #define INIT_STR "NONE:" > -char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL"; > +char rest[128] = "%UNSAFE_RENEGOTIATION:%ALLOW_SMALL_RECORDS:+SIGN-ALL:+GROUP-ALL"; Yes, I've added a test there, along with `--recordsize` option in gnutls-serv to test it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_183080046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 15:50:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 13:50:32 +0000 Subject: [gnutls-devel] GnuTLS | Implement gnutls_aead_cipher_(en|de)crypt_vec() (#718) In-Reply-To: References: Message-ID: I have no idea. Maybe then it is better to don't use them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/718#note_183080371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 16:20:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 14:20:29 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1023 https://gitlab.com/gnutls/gnutls/merge_requests/1023 * 1e6f6ae8 - gnutls-cli-debug.sh: sanity check of %ALLOW_SMALL_RECORDS test -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 16:20:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 14:20:52 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Merge Request !1023 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1023 Branches: tmp-small-records-tests to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 16:21:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 14:21:25 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: LGTM: I've only added a sanity check on top. Please check if that's ok. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_183095715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 16:25:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 14:25:52 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_183097696 Yes, that makes sense. Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023#note_183097696 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 16:26:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 14:26:09 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: All discussions on Merge Request !1023 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/1023 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 17:31:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 15:31:48 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) References: Message-ID: New Merge Request !1031 https://gitlab.com/gnutls/gnutls/merge_requests/1031 Branches: tmp-pkcs11-login-error to master Author: Daiki Ueno Assignees: If a token is a general access device, it is expected that login attempt to that token returns error: https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852 On the other hand, _pkcs11_traverse_tokens treats the error as fatal and stops iteration. This behavior prevents object search without token specifier if such tokens are registered in the system. Reported by Stanislav Zidek in https://bugzilla.redhat.com/show_bug.cgi?id=1705478 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 18:23:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 16:23:54 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * 4cf55535 - Support for registeredID in subject alt name -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 18:24:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 16:24:25 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_183151962 > certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \ > certs-interesting/cert6.der certs-interesting/cert6.der.err \ > certs-interesting/cert7.der certs-interesting/cert8.der \ > - certs-interesting/cert9.der certs-interesting/cert5.der.err \ > + certs-interesting/cert9.der certs-interesting/cert10.der \ One way would be to use an hex editor and change the tag of the Registered ID in the cert5.der to some nonsense. This seems to give the previous result. I added this test as cert11.der. This should cover now the positive and negative tests. I have pushed an update, let's see if it builds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_183151962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 21:18:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 19:18:14 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1023 https://gitlab.com/gnutls/gnutls/merge_requests/1023 * effb92c7 - gnutls-cli-debug.sh: sanity check of %ALLOW_SMALL_RECORDS test -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 21:45:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 19:45:34 +0000 Subject: [gnutls-devel] GnuTLS | Mark the register crypto API as deprecated (#789) In-Reply-To: References: Message-ID: Reassigned Issue 789 https://gitlab.com/gnutls/gnutls/issues/789 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/789 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 19 21:44:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 19:44:52 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) References: Message-ID: New Merge Request !1032 https://gitlab.com/gnutls/gnutls/merge_requests/1032 Branches: tmp-deprecate-registration-apis to master Author: Nikos Mavrogiannopoulos Assignees: This is to warn for a future conversion of these APIs to a no-op. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 01:06:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Jun 2019 23:06:04 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) In-Reply-To: References: Message-ID: Is this of any concert for internal GnuTLS code (like cryptodev or now-closed afalg MR). Also should we also deprecate `gnutls_single_FOO_register()` family? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032#note_183292298 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 08:39:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 06:39:27 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) In-Reply-To: References: Message-ID: Internally we can keep a registration API which we can have full control of (e.g., adding, removing functionality). Thus any internal code will not be affected by the deprecation. The intent is to remove any public API so that when we need to add `hmac_copy` for example, we do not have to account for applications that may have overriden the internal implementation with one that doesn't implement copy. The `gnutls_single_FOO_register()` is not exported (as far as I see), thus we should be fine with it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032#note_183373620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 10:03:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 08:03:31 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve record_size_limit tests (!1023) In-Reply-To: References: Message-ID: Merge Request !1023 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1023 Branches: tmp-small-records-tests to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 10:41:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 08:41:23 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Airtower started a new discussion on README.md: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_183415692 > apt-get install -y texinfo texlive texlive-generic-recommended texlive-extra-utils > ``` > > +__NOTE:__ Some software versions might not be available in older releases, e.g. `nettle-dev`. > +Certificates like APT-Pinning might be necessary to install these versions (and dependencies) from a newer release Why does it say "Certificates" here? I'm also not sure if recommending mixing releases is a good idea, any incompatiblities can lead to issues that are tricky to debug. Installing e.g. Nettle from source seems like the safer option to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_183415692 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 10:44:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 08:44:15 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) In-Reply-To: References: Message-ID: Merge Request !1032 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1032 Branches: tmp-deprecate-registration-apis to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 10:44:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 08:44:47 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1032#note_183417127 Fine with me then. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032#note_183417127 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 10:52:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 08:52:10 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1013 was reviewed by Dmitry Eremin-Solenikov -- Dmitry Eremin-Solenikov started a new discussion on lib/algorithms/ecc.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183420206 > return p->gost_curve && p->size == 32; > > return pk == p->pk; This one does not look correct: 1. There is no return line if `DISABLE_SYSTEM_CONFIG` is defined. 2. It does not check for `p->supported`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 10:53:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 08:53:41 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183420787 > } > > system_wide_verification_profile = profile; > + } else if (c_strcasecmp(name, "tls-disabled-ciphers")==0) { Yes, this looks better now, thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183420787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 10:57:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 08:57:21 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) In-Reply-To: References: Message-ID: All discussions on Merge Request !1032 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1032 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 11:14:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 09:14:31 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: @nmav Ping! :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_183430701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:30:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:30:09 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1029 https://gitlab.com/gnutls/gnutls/merge_requests/1029 * 1166b17b - Notes about Ubuntu specific software versions not available. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:45:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:45:43 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1032 https://gitlab.com/gnutls/gnutls/merge_requests/1032 * 7736f574 - Marked the crypto backend registration APIs as deprecated -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:48:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:48:17 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: I have changed the typo and added the option to compile it also from source. >From a user perspective the APT-Pinning set-up can be done following a tutorial in 30 minutes. Compiling all sources manually would mean here possibly compiling all modules the software is depending on in the right version, too. This can be simple but if the module has dependencies also to software not available in the target Ubuntu/Debian release this can cascade to other modules. Then this is more a multi hour approach. Finally, if this compilation succeeds, the binaries have to be installed, overwriting actually the versions of the installed packages so that `pkgconfig` or `make` can find it. I.e. the package system is not in sync anymore. Is there a simple solution for this problem? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_183469203 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:51:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:51:48 +0000 Subject: [gnutls-devel] GnuTLS | Corrected call for updating ABI files (!1033) References: Message-ID: New Merge Request !1033 https://gitlab.com/gnutls/gnutls/merge_requests/1033 Project:Branches: kaoh/gnutls:makefile-patch to gnutls/gnutls:master Author: Karsten Ohme Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1033 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:53:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:53:14 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/algorithms/ecc.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183470802 > return p->gost_curve && p->size == 32; > > return pk == p->pk; Right. I do not remember why I even added the `DISABLE_SYSTEM_CONFIG`. I don't look it is necessary at all. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183470802 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:53:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:53:40 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1013 https://gitlab.com/gnutls/gnutls/merge_requests/1013 * dfc4dfaf - config: provide ability to disable certain curves * 6ecddbaa - config: added option to set a minimum verification profile * 778096ea - config: added options to disable groups, ciphers and MACs for TLS * f53c90e7 - doc update for new global configuration options * ff8665d0 - updated auto-generated files * 7d6967c4 - config: be more robust in reading values with spaces and tabs * 6420adf4 - config: added option to disable key exchange methods for TLS * dfaf45d6 - algorithms: simplified the set of const structures * b4dedb8a - config: simplified to avoid use of strtok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:55:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:55:23 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/algorithms/ecc.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183471504 > return p->gost_curve && p->size == 32; > > return pk == p->pk; looks correct now -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183471504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:55:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:55:23 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: All discussions on Merge Request !1013 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1013 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 12:56:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 10:56:56 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Merge Request !1013 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1013 Project:Branches: nmav/gnutls:tmp-inih to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 13:17:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 11:17:37 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_183478998 I'd say, use backports instead of installing from source. Or build packages with new versions (backporting) and install them. But this is a decision that each user has to make for himself. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_183478998 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 14:32:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 12:32:46 +0000 Subject: [gnutls-devel] GnuTLS | Mark the register crypto API as deprecated (#789) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1032 (https://gitlab.com/gnutls/gnutls/merge_requests/1032) Issue #789: https://gitlab.com/gnutls/gnutls/issues/789 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/789 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 14:32:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 12:32:46 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) In-Reply-To: References: Message-ID: Merge Request !1032 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1032 Branches: tmp-deprecate-registration-apis to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 15:58:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 13:58:02 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1013 https://gitlab.com/gnutls/gnutls/merge_requests/1013 * 4eead23f...4292c1ae - 12 commits from branch `master` * 90142f2d - Use inih to parse configuration file * e9366c86 - config: added ability to override and mark algorithms as disabled * 601786cd - updated auto-generated files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 15:59:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 13:59:03 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Thank you both @lumag and @jjelen. I've rebased and squashed the commits, as well as added a minor update to the curve config patch to make it closer to the original behavior. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_183553268 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 17:26:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 15:26:25 +0000 Subject: [gnutls-devel] GnuTLS | Corrected call for updating ABI files (!1033) In-Reply-To: References: Message-ID: Merge Request !1033 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1033 Project:Branches: kaoh/gnutls:makefile-patch to gnutls/gnutls:master Author: Karsten Ohme Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1033 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 17:26:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 15:26:31 +0000 Subject: [gnutls-devel] GnuTLS | Corrected call for updating ABI files (!1033) In-Reply-To: References: Message-ID: Merge Request !1033 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1033 Project:Branches: kaoh/gnutls:makefile-patch to gnutls/gnutls:master Author: Karsten Ohme Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1033 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 17:26:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 15:26:39 +0000 Subject: [gnutls-devel] GnuTLS | Corrected call for updating ABI files (!1033) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1033#note_183598750 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 17:37:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 15:37:51 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Merge Request !1013 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1013 Project:Branches: nmav/gnutls:tmp-inih to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 20 17:37:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Jun 2019 15:37:51 +0000 Subject: [gnutls-devel] GnuTLS | Provide a configuration file (#587) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1013 (https://gitlab.com/gnutls/gnutls/merge_requests/1013) Issue #587: https://gitlab.com/gnutls/gnutls/issues/587 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 06:41:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 04:41:43 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_183771589 > info, flags); > if (ret < 0) { > gnutls_assert(); > - return ret; > + continue; I am thinking that while this works when no identifier for a token was specified, doing this unconditionally can be tricky when a token was specified and the pin was wrong. The wrong error will be received by the application in that case. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_183771589 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 06:43:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 04:43:07 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_183771791 > info, flags); > if (ret < 0) { Not part of this change but seeing this error handling, shouldn't it call `pkcs11_close_session` as well? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_183771791 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 14:10:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 12:10:27 +0000 Subject: [gnutls-devel] GnuTLS | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: This should have probably gone in long ago. Just one question: is there a need to expand `tests/slow/test-ciphers-common.sh` to include sha_ni ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989#note_183979516 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 15:39:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 13:39:52 +0000 Subject: [gnutls-devel] GnuTLS | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !989 https://gitlab.com/gnutls/gnutls/merge_requests/989 * 53200082...7d8fd3ae - 132 commits from branch `master` * 95398c87 - Updated asm files to latest version under cryptogams license * accf905b - Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would be -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 15:40:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 13:40:33 +0000 Subject: [gnutls-devel] GnuTLS | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: Nice suggestion. `test-hash-large` may also be a good fit. I've added it, though in practice in our CI we don't test with SHA_NI (it seems to be found only in low-end cpus) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989#note_184016302 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 15:53:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 13:53:18 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) References: Message-ID: New Merge Request !1034 https://gitlab.com/gnutls/gnutls/merge_requests/1034 Branches: tmp-fips-drbg-continuous to master Author: Daiki Ueno Assignees: This adds a continuous random number generator test as defined in FIPS 140-2 4.9.2, by iteratively fetching fixed sized block from the system and comparing consecutive blocks. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 17:09:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 15:09:59 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1034 https://gitlab.com/gnutls/gnutls/merge_requests/1034 * f03198c0 - nettle/rnd-fips: add FIPS 140-2 continuous RNG test -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 17:32:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 15:32:21 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1034 https://gitlab.com/gnutls/gnutls/merge_requests/1034 * 253887ef - nettle/rnd-fips: add FIPS 140-2 continuous RNG test -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 22:00:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 20:00:02 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184173922 > certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \ > certs-interesting/cert6.der certs-interesting/cert6.der.err \ > certs-interesting/cert7.der certs-interesting/cert8.der \ > - certs-interesting/cert9.der certs-interesting/cert5.der.err \ > + certs-interesting/cert9.der certs-interesting/cert10.der \ Thank you. In that case let's drop cert5.der (or replace cert5 with cert11), as it has no value in that set any more. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184173922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 22:00:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 20:00:49 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184174180 > GNUTLS_SAN_OTHERNAME = 5, > GNUTLS_SAN_DN = 6, > GNUTLS_SAN_MAX = GNUTLS_SAN_DN, > + GNUTLS_SAN_REGISTERED_ID = 7, The MAX value must be after the added one, and should have the same value with it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184174180 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 22:02:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 20:02:44 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184174612 > * @GNUTLS_SAN_IPADDRESS: IP address SAN. > * @GNUTLS_SAN_OTHERNAME: OtherName SAN. > * @GNUTLS_SAN_DN: DN SAN. > + * @GNUTLS_SAN_REGISTERED_ID: RegisteredID. Given that this value is not defined in rfc5280 should we document which standard it is defined at? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184174612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 22:12:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 20:12:53 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184177220 Ok, I'll mark this as WIP so that it is not merged without its test. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184177220 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 22:18:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 20:18:37 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184180178 Ok, in that case would you like to split it in a different commit (with a simple message such as "update auto-generated files")? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184180178 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 21 22:38:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 20:38:50 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184189978 > * @GNUTLS_SAN_IPADDRESS: IP address SAN. > * @GNUTLS_SAN_OTHERNAME: OtherName SAN. > * @GNUTLS_SAN_DN: DN SAN. > + * @GNUTLS_SAN_REGISTERED_ID: RegisteredID. It is. See https://tools.ietf.org/html/rfc5280 GeneralName ::= CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER } -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184189978 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 00:59:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 22:59:17 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * 0b7a554a - Support for Generalname registeredID from RFC 5280 in subject alt name * ba2d7083 - Updated abi files to meet new field in gnutls_x509_subject_alt_name_t -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 01:00:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 23:00:32 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184215799 Done this split. I think the commit message is saying something about "abi update" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184215799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 01:01:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 23:01:11 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184215952 > certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \ > certs-interesting/cert6.der certs-interesting/cert6.der.err \ > certs-interesting/cert7.der certs-interesting/cert8.der \ > - certs-interesting/cert9.der certs-interesting/cert5.der.err \ > + certs-interesting/cert9.der certs-interesting/cert10.der \ OK. Replaced cert5.der and sert5.err.der with the new error case for an unsupported SAN. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184215952 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 01:01:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 23:01:53 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184216110 > GNUTLS_SAN_OTHERNAME = 5, > GNUTLS_SAN_DN = 6, > GNUTLS_SAN_MAX = GNUTLS_SAN_DN, > + GNUTLS_SAN_REGISTERED_ID = 7, Done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184216110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 01:35:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Jun 2019 23:35:43 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * 4eec59d0 - update auto-generated files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 02:15:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 22 Jun 2019 00:15:42 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * 514a97be - Support for Generalname registeredID from RFC 5280 in subject alt name * 281ccd44 - update auto-generated files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 04:43:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 22 Jun 2019 02:43:54 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * f795efe5...7d8fd3ae - 15 commits from branch `master` * b138fbdd - Support for Generalname registeredID from RFC 5280 in subject alt name * c09d7658 - update auto-generated files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 11:49:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 22 Jun 2019 09:49:43 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: All discussions on Merge Request !1030 were resolved by Karsten Ohme https://gitlab.com/gnutls/gnutls/merge_requests/1030 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 11:49:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 22 Jun 2019 09:49:43 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184267897 The needed changes are now in the sources. I have pulled in the latest changes from master and removed WIP. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184267897 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 12:16:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 22 Jun 2019 10:16:45 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: All discussions on Merge Request !1029 were resolved by Karsten Ohme https://gitlab.com/gnutls/gnutls/merge_requests/1029 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 17:47:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 22 Jun 2019 15:47:07 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !920 https://gitlab.com/gnutls/gnutls/merge_requests/920 * a2261899...7d8fd3ae - 108 commits from branch `master` * 344c6758 - lib: define TC26 GOST curves * ddfe73a0 - nettle/gost: provide GOST 28147-89 CNT mode * 5d582d7a - nettle/gost: provide GOST 28147-89 IMIT MAC mode * 3819db39 - lib: provide GOST 28147-89 CNT mode support * 26769dcb - lib: provide GOST 28147-89 IMIT MAC support * 2dd98f7e - nettle: provide GOST 28147-89 CNT mode support * 0ebf5589 - nettle: provide GOST 28147-89 IMIT MAC support * 0254ee63 - nettle/gost: provide GOST keywrapping support * e276fddc - nettle/gost: add support for GOST VKO algorithm * ab589537 - _gnutls_pk_derive: add argument for nonce * d06ae21d - nettle: add support for GOST key derivation * ff5bb42a - Add MAC api to support copying of instances * db6cf1c5 - Add MAC copying support to nettle backend * a5bedb0d - mpi: add _gnutls_mpi_bprint_size_le() * 77042bde - pk: support little endian GOST signatures * c2bf167f - Allow using implicit IV for stream ciphers with TLS * ea865b9f - Support GOST certificate request values * ec95b11c - Add GOST key transport support * a010094c - groups: add function to return group by curve * 9804705a - Add support for VKO GOST key exchange * f06b3557 - Support GOST cipher suite MAC calculation * 3d8af685 - Add GOST cipher suites * 2d2e121b - Declare groups corresponding to GOST curves * 3cca14f4 - Add GOST values to cipher suites priorities * 70ddb376 - Swap TLS signatures in case we are signing them with GOST keys * b21b1d86 - prf: add GOST R 34.11-94 and Streebog PRF support * c9f6274e - tests: add tests for KX-GOST-VKO using different key variants * 6dfa3b62 - lib: fix group selection in case of GOST cipher suites * ec9bc948 - tests: added testcases for ciphersuite/KX negotiation with VKO-GOST * 9f822378 - lib/algorithms: add AID values assigned by IANA * 164333d5 - lib: pubkey vs TLS signature compatibility for GOST algorithms * fbdff785 - cli-debug: include GOST VKO into KX list * f65a14da - priority: add GROUP-GOST-ALL keyword * e24e67ae - psk-file: fix dhe test * cb9fd1f7 - nettle/pk: add support for "new" TC26 256 B curve -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 22 18:25:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 22 Jun 2019 16:25:33 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: This pull request **introduces 3 alerts** when merging cb9fd1f73b554b969f15439c0b66e41b7a060dce into 7d8fd3aee4d71e1cd79ab5c980d137b363283a33 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-794ec7bc048e67cd823a360aace73c2ac5f8473b) **new alerts:** * 2 for FIXME comment * 1 for Missing header guard --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_184296900 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 23 10:04:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Jun 2019 08:04:57 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Thank you. Checking it further I'm not sure it is ready to be included because although it adds the definition for the registered ID, it cannot be used to write or read this ID. I'm adding a small patch to test reading and writing, though it is still not passing as more changes are required. [patch.txt](/uploads/49b9becbcacd7afbcfbd2683be059260/patch.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184342966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 23 12:24:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Jun 2019 10:24:27 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Thank you. I was just coming from p11tool which was not able to import such a certificate into a SoftHSM2 token, but having full support for reading and writing it, would be even better. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184352234 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 23 12:48:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Jun 2019 10:48:35 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: The only issue I saw after my patch is applied, is a terminating null being included in the size of the value. It may be easy to fix, but I didn't figure the root cause. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184354086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 23 13:00:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Jun 2019 11:00:00 +0000 Subject: [gnutls-devel] GnuTLS | Implement support for AES-GMAC (rfc4543) (#781) In-Reply-To: References: Message-ID: @cryptomilk might want to have GMAC to be available using MAC interface. However we definitely need more info on this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/781#note_184354902 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 23 13:19:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Jun 2019 11:19:43 +0000 Subject: [gnutls-devel] GnuTLS | Consider implementing stricter support for Supported Groups extension (#792) References: Message-ID: New Issue was created. Issue 792: https://gitlab.com/gnutls/gnutls/issues/792 Author: Dmitry Eremin-Solenikov Assignees: [RFC 8442](https://tools.ietf.org/html/rfc8422#section-5.3) mandates that the server MUST respect client's choice of Elliptic Curves expressed through Supported Elliptic Curves (renamed to Supported Groups) extension. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 23 13:43:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Jun 2019 11:43:18 +0000 Subject: [gnutls-devel] GnuTLS | Add gnutls_hmac_copy() (#787) In-Reply-To: References: Message-ID: MAC copy operation (in backend) is a part of GOST patchset. It is not exposed to external users, however I can add external API. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/787#note_184357794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 23 16:49:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Jun 2019 14:49:15 +0000 Subject: [gnutls-devel] GnuTLS | Add gnutls_hmac_copy() (#787) In-Reply-To: References: Message-ID: The problem is that the operation won't be available for externally-provided MACs. So we either have to make `gnutls_hmac_copy()` return whether the operation is available or not, or we have to completely remove `gnutls_mac_register` interface. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/787#note_184371993 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 23 21:18:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Jun 2019 19:18:00 +0000 Subject: [gnutls-devel] GnuTLS | Add gnutls_hmac_copy() (#787) In-Reply-To: References: Message-ID: I think given the deprecation of registration API, we can provide this new functionality with such a (documented) limitation and simply fail if operating under an application that used the registration API. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/787#note_184390573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 24 07:17:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Jun 2019 05:17:49 +0000 Subject: [gnutls-devel] GnuTLS | Implement support for AES-GMAC (rfc4543) (#781) In-Reply-To: References: Message-ID: Yes, it would be great to have this using the gnutls_hmac* functions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/781#note_184448222 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 24 16:44:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Jun 2019 14:44:29 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) References: Message-ID: New Merge Request !1035 https://gitlab.com/gnutls/gnutls/merge_requests/1035 Project:Branches: GostCrypt/gnutls:hmac-copy to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 24 16:46:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Jun 2019 14:46:03 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1035 https://gitlab.com/gnutls/gnutls/merge_requests/1035 * a34f583f - api: add gnutls_hmac_copy() function * 0bc61ae1 - crypto-selftests: add test for gnutls_hmac_copy() -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 24 19:32:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Jun 2019 17:32:10 +0000 Subject: [gnutls-devel] GnuTLS | api: add support for AES-GMAC (!1036) References: Message-ID: New Merge Request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 Project:Branches: GostCrypt/gnutls:mac-gmac to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: Support AES-GMAC-128/-192/-256. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 24 19:32:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Jun 2019 17:32:27 +0000 Subject: [gnutls-devel] GnuTLS | api: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 * 7f8e8124 - lib: add support for AES-GMAC -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 24 19:46:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Jun 2019 17:46:17 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1035 https://gitlab.com/gnutls/gnutls/merge_requests/1035 * 5f973e40 - api: add gnutls_hmac_copy() function * 241639ae - crypto-selftests: add test for gnutls_hmac_copy() -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 24 22:43:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Jun 2019 20:43:00 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1035 https://gitlab.com/gnutls/gnutls/merge_requests/1035 * aec55da9 - api: add gnutls_hmac_copy() function * 14a89959 - crypto-selftests: add test for gnutls_hmac_copy() -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 24 23:13:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Jun 2019 21:13:11 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 * 43fdbc04 - lib: add support for AES-GMAC * 12c846a9 - nettle: return true for gnutls_mac_exists(AES-CMAC*) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 13:30:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 11:30:47 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185062909 > digest); > } > > +/** > + * gnutls_hmac_copy: > + * @handle: is a #gnutls_hmac_hd_t type > + * > + * This function will create a copy of MAC context, containing all its current > + * state. > + * Should we explicitly say that this function will return null when gnutls_crypto_register_mac() is used? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185062909 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 13:31:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 11:31:28 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: LGTM. Do we need to export the hash_copy as well? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185063681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 13:45:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 11:45:13 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Hmm, I don't know. Neither I nor bug reporter had need for `hash_copy` API. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185071386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 14:38:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 12:38:30 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: I understand, the report is for using hmac_copy for a replacement API in gnome. What I probably should have said, is that seeing this functionality in isolation for HMAC, wouldn't it make the hash and HMAC APIs imbalanced? I.e., do we have a reason not to provide the copy in hash, if we provide it in HMAC? (doesn't necessarily need to be part of this MR, we can only note this as something to address in the future) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185130841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 14:53:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 12:53:54 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1034 was reviewed by Nikos Mavrogiannopoulos -- Nikos Mavrogiannopoulos started a new discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_185143935 > #include > > +#define ENTROPY_BLOCK_SIZE SHA256_DIGEST_SIZE Should we document here why we selected the sha2 digest size? -- Nikos Mavrogiannopoulos started a new discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_185143939 > /* Reseed a generator. */ > -static int drbg_reseed(struct drbg_aes_ctx *ctx) > +static int drbg_reseed(struct drbg_aes_ctx *ctx, is that function necessary to be separate after this rewrite? -- Nikos Mavrogiannopoulos started a new discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_185143944 > } > > +static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length) Would this be reliable on a multi-threaded application? It looks to me that when called in parallel values may be overwritten. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 14:57:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 12:57:46 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_185146402 > + return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); > + } > + memcpy(fctx->hash, hash, sizeof(hash)); > + memcpy(buffer, block, MIN(length - total, sizeof(block))); > + total += sizeof(block); > + buffer += sizeof(block); > + } > + zeroize_key(block, sizeof(block)); > + > + return 0; > +} > + > #define PSTRING "gnutls-rng" > #define PSTRING_SIZE (sizeof(PSTRING)-1) > -static int drbg_init(struct drbg_aes_ctx *ctx) > +static int drbg_init(struct drbg_aes_ctx *ctx, why not pass the fips context here, and do internally the call to get entropy? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_185146402 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 14:58:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 12:58:44 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_185146804 > - if (ret < 0) > - return gnutls_assert_val(ret); > - > - ret = drbg_aes_init(ctx, sizeof(buffer), buffer, PSTRING_SIZE, (void*)PSTRING); > + ret = drbg_aes_init(ctx, length, buffer, PSTRING_SIZE, (void*)PSTRING); > if (ret == 0) > return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); > > - zeroize_key(buffer, sizeof(buffer)); > - > return 0; > } > > /* Reseed a generator. */ > -static int drbg_reseed(struct drbg_aes_ctx *ctx) > +static int drbg_reseed(struct drbg_aes_ctx *ctx, Alternatively, why not pass the fips context and do the call to get_entropy as before? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_185146804 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 14:58:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 12:58:44 +0000 Subject: [gnutls-devel] GnuTLS | fuzzying: enable raw public keys (#687) In-Reply-To: References: Message-ID: Reassigned Issue 687 https://gitlab.com/gnutls/gnutls/issues/687 Assignee changed to Tom -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 15:36:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 13:36:13 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Sounds reasonable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185170367 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 19:14:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 17:14:43 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1031 https://gitlab.com/gnutls/gnutls/merge_requests/1031 * 2d5f8e21 - pkcs11: ignore login error when traversing tokens -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 19:17:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 17:17:46 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_185275297 > info, flags); > if (ret < 0) { > gnutls_assert(); > - return ret; > + continue; Indeed that is a good point. Maybe, we could error out if CKF_LOGIN_REQUIRED is set and the pkcs11_login failed. I have updated that part along these lines. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_185275297 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 19:18:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 17:18:05 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_185275390 > info, flags); > if (ret < 0) { Sure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_185275390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 25 19:19:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Jun 2019 17:19:15 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: I've extended destructive/p11-kit-load.sh to cover this, though it's currently failing in my environment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_185275667 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 06:51:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 04:51:14 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1031 https://gitlab.com/gnutls/gnutls/merge_requests/1031 * bd268e90 - pkcs11: ignore login error when traversing tokens -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 08:28:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 06:28:16 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_185428255 Never mind, I didn't realize that the test is now in tests/p11-kit-load.sh. After moving the check there, it works. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_185428255 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 10:02:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 08:02:00 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1035 https://gitlab.com/gnutls/gnutls/merge_requests/1035 * de42342c - api: add gnutls_hmac_copy() function * 6b41d6ce - crypto-selftests: add test for gnutls_hmac_copy() * c034cf9f - lib: add support for gnutls_hash_copy() -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 10:02:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 08:02:15 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185459803 > digest); > } > > +/** > + * gnutls_hmac_copy: > + * @handle: is a #gnutls_hmac_hd_t type > + * > + * This function will create a copy of MAC context, containing all its current > + * state. > + * done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185459803 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 10:02:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 08:02:17 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: All discussions on Merge Request !1035 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1035 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 10:03:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 08:03:02 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: - Added a note to `gnutls_hmac_copy()` documentation - Adjusted selftest to copy intermediate context rather than final one - Added `gnutls_hash_copy()` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185460107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 11:29:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 09:29:52 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: What do you think about these patches in addition to yours? These enable the copy functionality for all internal implementations and test for it when running the test suite. [0001-accelerated-ciphers-implement-hmac-and-hash-copy.patch](/uploads/127390e05ba37a0e4bd06ec0d9196463/0001-accelerated-ciphers-implement-hmac-and-hash-copy.patch) [0002-gnutls_hash-hmac_copy-check-its-usability-in-all-cas.patch](/uploads/59a8d58f963a9bf3b1497ce9884d00a7/0002-gnutls_hash-hmac_copy-check-its-usability-in-all-cas.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185508094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 11:31:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 09:31:13 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: A NEWS entry would be needed as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185509084 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 13:24:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 11:24:57 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1035 https://gitlab.com/gnutls/gnutls/merge_requests/1035 * 30f86026 - accelerated ciphers: implement hmac and hash copy * 5d7284a8 - gnutls_hash/hmac_copy: check its usability in all cases * 4d1967a3 - NEWS: document gnutls_hash/hmac_copy addition -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 13:25:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 11:25:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Done. Thank you, I missed a point about accelerated implementations. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185592141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 13:32:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 11:32:23 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Merge Request !1035 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1035 Project:Branches: GostCrypt/gnutls:hmac-copy to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 13:32:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 11:32:33 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035#note_185594904 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 17:12:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 15:12:43 +0000 Subject: [gnutls-devel] GnuTLS | Add gnutls_hmac_copy() (#787) In-Reply-To: References: Message-ID: Issue was closed by Dmitry Eremin-Solenikov via merge request !1035 (https://gitlab.com/gnutls/gnutls/merge_requests/1035) Issue #787: https://gitlab.com/gnutls/gnutls/issues/787 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 26 17:12:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Jun 2019 15:12:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_copy() API (!1035) In-Reply-To: References: Message-ID: Merge Request !1035 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1035 Project:Branches: GostCrypt/gnutls:hmac-copy to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 06:46:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 04:46:44 +0000 Subject: [gnutls-devel] GnuTLS | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !989 https://gitlab.com/gnutls/gnutls/merge_requests/989 * 92daa954...e1eaba41 - 9 commits from branch `master` * bc36db1e - Updated asm files to latest version under cryptogams license * d9f22bc6 - Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would be -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 12:53:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 10:53:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/nettle/mac.c: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186022873 > case GNUTLS_MAC_SHA512: > case GNUTLS_MAC_UMAC_96: > case GNUTLS_MAC_UMAC_128: > + case GNUTLS_MAC_AES_CMAC_128: +1 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186022873 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 12:54:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 10:54:02 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: All discussions on Merge Request !1036 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1036 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 12:58:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 10:58:54 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Looks good to me. What I noticed while reviewing this, is that we don't really test `gnutls_hmac_fast` with anything than MD5,SHA1 (in `tests/gnutls_hmac_fast.c`), and we may miss a bug introduced there. Would it make sense to test it together with everything else in `test_mac()` of self-tests, or should we add a individual tests in `tests/gnutls_hmac_fast.c`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186026582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 14:44:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 12:44:23 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186077749 I'd refer to #597 . BTW: `gnutls_hmac_fast()` won't work for AES-GMAC: it does not have nonce parameter. Should we add `gnutls_hmac_fast2()`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186077749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 14:46:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 12:46:28 +0000 Subject: [gnutls-devel] GnuTLS | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: Merge Request !989 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/989 Project:Branches: nmav/gnutls:tmp-asm to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 14:46:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 12:46:34 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: LGTM now -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989#note_186078716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 14:47:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 12:47:15 +0000 Subject: [gnutls-devel] GnuTLS | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: Merge Request !989 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/989 Project:Branches: nmav/gnutls:tmp-asm to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 14:47:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 12:47:18 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989#note_186079065 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 14:47:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 12:47:33 +0000 Subject: [gnutls-devel] GnuTLS | Updated asm files to latest version under cryptogams license (!989) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.9 (May 29, 2019?Jul 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/22 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 14:57:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 12:57:26 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186083926 Interesting. There are [few users of this api](https://codesearch.debian.net/search?q=gnutls_hmac_fast&perpkg=1), and it seems they could potentially use the new variant if they use the new algorithm. I'd say it is nice to have. About this MR, I think we should test that a call to `gnutls_hmac_fast()` fails with a known error (probably in `tests/gnutls_hmac_fast.c`), so that we avoid a future regression, or an accidental crash. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186083926 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 15:00:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 13:00:33 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hmac_fast: cannot be used with MACs that require nonce (#793) References: Message-ID: Nikos Mavrogiannopoulos created an issue: Our current quick MAC function (`gnutls_hmac_fast`) does not allow passing a parameter for nonce, and thus cannot be used for MACs that require a nonce. There currently are: - UMAC (potentially GMAC as well) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 15:01:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 13:01:06 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186086852 I've opened https://gitlab.com/gnutls/gnutls/issues/793 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186086852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 15:34:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 13:34:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186107688 Great! I'm also thinking about changing setkey callback signature to return int, so that we can return an error for UMAC/CMAC/GMAC instead of calling abort(). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186107688 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 15:35:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 13:35:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186108308 > return 0; > } > > +static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length) Given fctx is thread local, the function should be thread safe. However, it raises another question: if multiple threads are simultaneously retrieve entropy through this function, that would invalidate the continuous check. Maybe we need to add a global storage and control access using a lock. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186108308 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 15:40:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 13:40:47 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186111650 It would be great to also change `set_nonce`, but it looks like it will require changing/extending API, so it's a different story. Regarding `hmac_fast`, nice catch. It actually results in "use of initialized value" for GMAC. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186111650 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 16:07:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 14:07:01 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_list_import2 returns 0, and not the number of certificates read (#794) References: Message-ID: Sam Hall created an issue: ## Description of problem: The function gnutls_x509_crt_list_import2 is documented as returning a negative value if an error occurs, or the number of certificates read if the import was successful. However, at the end of the function in the source code (gitlab master), 0 is always returned on success. There is an integer 'ret' used throughout the function, which stores the result of the internal call to gnutls_x509_crt_list_import2, but this is only returned if it is less than 0. I believe that either ret should be returned, or the documentation should be updated to describe the observed behaviour. ## Version of gnutls used: 3.5.8 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Debian 9.8 (stretch) Steps to Reproduce: * 1. Generate one certificate and store it in DER format. * 2. Use this function to import the certificate. ## Actual results: The call to gnutls_x509_crt_list_import2 returns 0. ## Expected results: The call to gnutls_x509_crt_list_import2 should return 1. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 18:10:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 16:10:29 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186184496 It looks like `_gnutls_mac_fast` also needs fixing. It has probably never worked for UMAC. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186184496 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 18:35:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 16:35:02 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1034 https://gitlab.com/gnutls/gnutls/merge_requests/1034 * 5514e8d3 - nettle/rnd-fips: add FIPS 140-2 continuous RNG test -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 18:40:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 16:40:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Tom?? Mr?z commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186193461 > return 0; > } > > +static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length) This should be clarified with FIPS lab. I do not think the check would be necessarily invalidated as it is also not invalidated by multiple simultaneous processes pulling the data from the kernel RNG. The threads could be regarded as individual instances of the DRBG so they have an individual view on the system entropy data. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186193461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 22:09:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 20:09:13 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: Any progress here? The last issue is related to your additions? Except from this the patch is ready to go? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_186247438 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 23:28:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 21:28:29 +0000 Subject: [gnutls-devel] GnuTLS | WIP: lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 * d37dd967 - fixup! lib: add support for AES-GMAC * 3961a51d - tests/gnutls_hmac_fast: run test for AES-GMAC-128 * 86959aba - nettle/mac: in mac_fast call set_nonce after set_key -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 27 23:57:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Jun 2019 21:57:59 +0000 Subject: [gnutls-devel] GnuTLS | WIP: lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 * ecdf48eb - lib: add support for AES-GMAC * a5862a3f - nettle: return true for gnutls_mac_exists(AES-CMAC*) * 5d41c1d6 - tests/gnutls_hmac_fast: run test for AES-GMAC-128 * 4c23b017 - nettle/mac: in mac_fast call set_nonce after set_key -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 08:14:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 06:14:35 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186333392 > return 0; > } > > +static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length) @smuellerDD what do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186333392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 08:20:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 06:20:50 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Stephan Mueller commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186335005 > return 0; > } > > +static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length) Hi Daiki, > Daiki Ueno commented on a discussion on lib/nettle/rnd-fips.c: > https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186333392 > > return 0; > > > > } > > > > +static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t > > length) > @smuellerDD what do you think? Both view-points are possible, either have the continuous test thread-based or global. Ciao Stephan -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186335005 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 08:21:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 06:21:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_list_import2 returns 0, and not the number of certificates read (#794) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.9 (May 29, 2019?Jul 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/22 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 08:22:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 06:22:28 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | gnutls_x509_crt_list_import2 returns 0, and not the number of certificates read (#794) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you for the report. Indeed that's an issue. Since this behavior is from the initial version of this function and the certificate list is returned via other means, that looks like a documentation bug. I think it makes sense to document the current behavior. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/794#note_186335371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 08:22:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 06:22:53 +0000 Subject: [gnutls-devel] GnuTLS | Tmp fix gnutls x509 crt list import2 (!1037) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1037 Branches: tmp-fix-gnutls_x509_crt_list_import2 to master Author: Nikos Mavrogiannopoulos Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 08:23:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 06:23:54 +0000 Subject: [gnutls-devel] GnuTLS | Tmp fix gnutls x509 crt list import2 (!1037) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1037 https://gitlab.com/gnutls/gnutls/merge_requests/1037 * 92daa954...687626ed - 12 commits from branch `master` * 91ac4d74 - gnutls_x509_crt_list_import2: updated doc to reflect the actual return value options -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 08:27:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 06:27:35 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186336466 > * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm. > * @GNUTLS_MAC_AES_CMAC_128: The AES-CMAC-128 MAC algorithm. > * @GNUTLS_MAC_AES_CMAC_256: The AES-CMAC-256 MAC algorithm. > + * @GNUTLS_MAC_AES_GMAC_128: The AES-GMAC-128 MAC algorithm. Maybe here we make explicit that this algorithm requires a nonce to be used. I do not see whether we have a better way to distinguish the different kind of MAC algorithms. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186336466 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 08:36:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 06:36:27 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/nettle/mac.c: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186338766 > if (ret < 0) > return gnutls_assert_val(ret); > > + ctx.set_key(&ctx, key_size, key); > if (ctx.set_nonce) > ctx.set_nonce(&ctx, nonce_size, nonce); > - ctx.set_key(&ctx, key_size, key); Wouldn't returning an error on NULL nonce and a `set_nonce` make this API safer to misuse? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186338766 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 10:25:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 08:25:10 +0000 Subject: [gnutls-devel] GnuTLS | Tmp fix gnutls x509 crt list import2 (!1037) In-Reply-To: References: Message-ID: Merge Request !1037 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1037 Branches: tmp-fix-gnutls_x509_crt_list_import2 to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 10:30:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 08:30:04 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Tmp fix gnutls x509 crt list import2 (!1037) In-Reply-To: References: Message-ID: Tim R?hsen commented: `gnutls_x509_crt_list_import()` seems to have the same documentation issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1037#note_186382070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 14:59:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 12:59:55 +0000 Subject: [gnutls-devel] GnuTLS | Tmp fix gnutls x509 crt list import2 (!1037) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1037 https://gitlab.com/gnutls/gnutls/merge_requests/1037 * d4414495 - tests: gnutls_x509_crt_list_import: verify that return code is as documented -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 15:25:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 13:25:42 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 * b89e4cf8 - nettle/mac: fail mac calculation if nonce is required but not provided -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 15:29:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 13:29:22 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 * 92daa954...687626ed - 12 commits from branch `master` * 2f376419 - lib: add support for AES-GMAC * d78fefec - nettle: return true for gnutls_mac_exists(AES-CMAC*) * 53e7dae7 - tests/gnutls_hmac_fast: run test for AES-GMAC-128 * 6ac0c976 - nettle/mac: in mac_fast call set_nonce after set_key * 6b8f7786 - nettle/mac: fail mac calculation if nonce is required but not provided * adc4ea5d - NEWS: add an entry for AES-GMAC algorithms -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 15:29:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 13:29:42 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/nettle/mac.c: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186511672 > if (ret < 0) > return gnutls_assert_val(ret); > > + ctx.set_key(&ctx, key_size, key); > if (ctx.set_nonce) > ctx.set_nonce(&ctx, nonce_size, nonce); > - ctx.set_key(&ctx, key_size, key); done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186511672 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 15:46:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 13:46:56 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 * 41f7f2c6 - nettle/mac: in mac_fast call set_nonce after set_key * 35774126 - nettle/mac: fail mac calculation if nonce is required but not provided * 52a9463a - tests/gnutls_hmac_fast: run test for AES-GMAC-128/-192/-256 * 1aba82f7 - NEWS: add an entry for AES-GMAC algorithms * 565faef2 - nettle: return true for gnutls_mac_exists(AES-CMAC*) * f3054866 - tests/gnutls_hmac_fast: run test for AES-UMAC-96/-128 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 15:52:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 13:52:44 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186520947 Done. `hmac_fast2` will be handled in a separate issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186520947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 15:55:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 13:55:00 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1036 https://gitlab.com/gnutls/gnutls/merge_requests/1036 * 7afa9278 - lib: document gnutls_hmac_fast vs nonce relationship -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 15:55:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 13:55:06 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: All discussions on Merge Request !1036 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1036 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 15:55:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 13:55:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186521951 > * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm. > * @GNUTLS_MAC_AES_CMAC_128: The AES-CMAC-128 MAC algorithm. > * @GNUTLS_MAC_AES_CMAC_256: The AES-CMAC-256 MAC algorithm. > + * @GNUTLS_MAC_AES_GMAC_128: The AES-GMAC-128 MAC algorithm. done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186521951 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 16:21:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 14:21:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Tmp fix gnutls x509 crt list import2 (!1037) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I've added a test for it as part of the MR, and seems to be ok. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1037#note_186533080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 16:26:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 14:26:59 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Merge Request !1036 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1036 Project:Branches: GostCrypt/gnutls:mac-gmac to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 16:27:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 14:27:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: LGTM, thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036#note_186535095 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 17:30:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 15:30:47 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1034 https://gitlab.com/gnutls/gnutls/merge_requests/1034 * c7a419e7 - nettle/rnd-fips: add FIPS 140-2 continuous RNG test -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 17:34:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 15:34:51 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: All discussions on Merge Request !1034 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/1034 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 17:34:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 15:34:52 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1034 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186559964 > #include > > +#define ENTROPY_BLOCK_SIZE SHA256_DIGEST_SIZE It's actually chosen arbitrarily, but I've added a comment. -- Daiki Ueno commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186559971 > /* Reseed a generator. */ > -static int drbg_reseed(struct drbg_aes_ctx *ctx) > +static int drbg_reseed(struct drbg_aes_ctx *ctx, Indeed, passing the fips context makes the code simpler. -- Daiki Ueno commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186559974 > } > > +static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length) OK, so I will keep it thread-local. Thank you for the confirmation. -- Daiki Ueno commented on a discussion on lib/nettle/rnd-fips.c: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186559977 > #define PSTRING_SIZE (sizeof(PSTRING)-1) > -static int drbg_init(struct drbg_aes_ctx *ctx) > +static int drbg_init(struct drbg_aes_ctx *ctx, Done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 21:23:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 19:23:55 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1038 Branches: tmp-fix-desc to master Author: Nikos Mavrogiannopoulos Assignees: When gnutls_session_set_premaster() is used (under openconnect), it is possible that gnutls_session_get_desc will print a string like this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)" With this change we ensure that we do not print non-null values. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 21:25:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 19:25:26 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1038 https://gitlab.com/gnutls/gnutls/merge_requests/1038 * cc99f997 - gnutls_session_get_desc: avoid printing a NULL value -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 21:26:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 19:26:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1038 https://gitlab.com/gnutls/gnutls/merge_requests/1038 * 8cec350f - gnutls_session_get_desc: avoid printing a NULL value -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 21:31:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 19:31:53 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Hi, No I'm not working on it. What I should have made more clear is that we cannot add the enumerated value without making `gnutls_x509_crt_get_subject_alt_name2` and `gnutls_x509_crt_set_subject_alt_name` functional as well. It would be misleading having this enumeration but with no support to read or write it. On the patch I attached above I try to show the way, but it is not fully functional to make this MR ready. If you'd like to complete it I'd really appreciate it, otherwise me or someone of the other devs would have to get back to it at some point. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_186617265 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 21:32:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 19:32:57 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1038 https://gitlab.com/gnutls/gnutls/merge_requests/1038 * 94bc4f02 - gnutls_session_get_desc: avoid printing a NULL value -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 21:36:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 19:36:42 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_list_import2 returns 0, and not the number of certificates read (#794) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1037 (https://gitlab.com/gnutls/gnutls/merge_requests/1037) Issue #794: https://gitlab.com/gnutls/gnutls/issues/794 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 21:36:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 19:36:42 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_x509_crt_list_import2() documentation (!1037) In-Reply-To: References: Message-ID: Merge Request !1037 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1037 Branches: tmp-fix-gnutls_x509_crt_list_import2 to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 28 21:42:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Jun 2019 19:42:36 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: If you are sharing a branch which I can fetch in my fork with my and your current works status I can probably continue it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_186619054 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 06:20:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 04:20:06 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_list_import2 returns 0, and not the number of certificates read (#794) In-Reply-To: References: Message-ID: Reassigned Issue 794 https://gitlab.com/gnutls/gnutls/issues/794 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 06:20:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 04:20:33 +0000 Subject: [gnutls-devel] GnuTLS | Implement support for AES-GMAC (rfc4543) (#781) In-Reply-To: References: Message-ID: Reassigned Issue 781 https://gitlab.com/gnutls/gnutls/issues/781 Assignee changed to Dmitry Eremin-Solenikov -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/781 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 06:20:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 04:20:36 +0000 Subject: [gnutls-devel] GnuTLS | Implement support for AES-GMAC (rfc4543) (#781) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.9 (May 29, 2019?Jul 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/22 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/781 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 06:21:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 04:21:27 +0000 Subject: [gnutls-devel] GnuTLS | Add gnutls_hmac_copy() (#787) In-Reply-To: References: Message-ID: Reassigned Issue 787 https://gitlab.com/gnutls/gnutls/issues/787 Assignee changed to Dmitry Eremin-Solenikov -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 06:21:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 04:21:31 +0000 Subject: [gnutls-devel] GnuTLS | Add gnutls_hmac_copy() (#787) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.9 (May 29, 2019?Jul 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/22 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 06:21:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 04:21:37 +0000 Subject: [gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013) In-Reply-To: References: Message-ID: Reassigned Merge Request 1013 https://gitlab.com/gnutls/gnutls/merge_requests/1013 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 06:21:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 04:21:44 +0000 Subject: [gnutls-devel] GnuTLS | Marked the crypto backend registration APIs as deprecated (!1032) In-Reply-To: References: Message-ID: Reassigned Merge Request 1032 https://gitlab.com/gnutls/gnutls/merge_requests/1032 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 06:26:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 04:26:53 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: My patch in the comment above is all of my work on it: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_184342966 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_186663355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 08:45:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 06:45:24 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1038 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/session.c: https://gitlab.com/gnutls/gnutls/merge_requests/1038#note_186669149 > group_name, sign_str); > - else > + else if (group_name) This check looks redundant to the outer `if`. -- Daiki Ueno started a new discussion on tests/openconnect-dtls12.c: https://gitlab.com/gnutls/gnutls/merge_requests/1038#note_186669150 > + fail("client: gnutls_session_get_desc: NULL\n"); > + > + if (strstr(desc, "null") != NULL) Wouldn't it make sense to check against the actual string returned from `gnutls_session_get_desc`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 11:09:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 09:09:36 +0000 Subject: [gnutls-devel] GnuTLS | lib: add support for AES-GMAC (!1036) In-Reply-To: References: Message-ID: Merge Request !1036 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1036 Project:Branches: GostCrypt/gnutls:mac-gmac to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 11:09:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 09:09:36 +0000 Subject: [gnutls-devel] GnuTLS | Implement support for AES-GMAC (rfc4543) (#781) In-Reply-To: References: Message-ID: Issue was closed by Dmitry Eremin-Solenikov via merge request !1036 (https://gitlab.com/gnutls/gnutls/merge_requests/1036) Issue #781: https://gitlab.com/gnutls/gnutls/issues/781 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/781 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 16:49:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 14:49:06 +0000 Subject: [gnutls-devel] GnuTLS | weak import of symbol '____chkstk_darwin' (#795) References: Message-ID: Marius Schamschula created an issue: ## Description of problem: A test build of gnutls under 10.15 Beta (19A487l) using Xcode 11.0 beta (11M336w) fails due to > weak import of symbol '____chkstk_darwin' ## Version of gnutls used: 3.6.8 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) MacPorts under macOS 10.15 Catalina ## How reproducible: Steps to Reproduce: * using MacPorts to build ## Actual results: ` libtool: link: /usr/bin/clang -dynamiclib -o .libs/libgnutls.30.dylib .libs/range.o .libs/record.o .libs/compress.o .libs/debug.o .libs/cipher.o .libs/handshake-tls13.o .libs/mbuffers.o .libs/buffers.o .libs/handshake.o .libs/num.o .libs/errors.o .libs/dh.o .libs/kx.o .libs/cipher-cbc.o .libs/priority.o .libs/hash_int.o .libs/cipher_int.o .libs/session.o .libs/db.o .libs/x509_b64.o .libs/hello_ext.o .libs/auth.o .libs/sslv2_compat.o .libs/datum.o .libs/session_pack.o .libs/mpi.o .libs/pk.o .libs/cert-cred.o .libs/global.o .libs/constate.o .libs/anon_cred.o .libs/pkix_asn1_tab.o .libs/gnutls_asn1_tab.o .libs/mem.o .libs/fingerprint.o .libs/tls-sig.o .libs/ecc.o .libs/alert.o .libs/privkey_raw.o system/.libs/certs.o system/.libs/threads.o system/.libs/fastopen.o system/.libs/sockets.o .libs/str-iconv.o .libs/system.o .libs/profiles.o .libs/str.o .libs/str-unicode.o .libs/str-idna.o .libs/state.o .libs/cert-cred-x509.o .libs/file.o .libs/supplemental.o .libs/random.o .libs/crypto-api.o .libs/privkey.o .libs/pcert.o .libs/pubkey.o .libs/locks.o .libs/dtls.o .libs/system_override.o .libs/crypto-backend.o .libs/verify-tofu.o .libs/pin.o .libs/tpm.o .libs/fips.o .libs/safe-memfuncs.o .libs/atfork.o .libs/randomart.o .libs/urls.o .libs/prf.o .libs/auto-verify.o .libs/dh-session.o .libs/cert-session.o .libs/handshake-checks.o .libs/dtls-sw.o .libs/dh-primes.o .libs/openpgp_compat.o .libs/crypto-selftests.o .libs/crypto-selftests-pk.o .libs/secrets.o .libs/extv.o .libs/hello_ext_lib.o .libs/ocsp-api.o .libs/stek.o .libs/cert-cred-rawpk.o system/.libs/keys-dummy.o tls13/.libs/encrypted_extensions.o tls13/.libs/certificate_request.o tls13/.libs/certificate_verify.o .libs/tls13-sig.o tls13/.libs/finished.o tls13/.libs/key_update.o tls13/.libs/hello_retry.o tls13/.libs/session_ticket.o tls13/.libs/certificate.o tls13/.libs/early_data.o tls13/.libs/post_handshake.o tls13/.libs/psk_ext_parser.o tls13/.libs/anti_replay.o .libs/pkcs11.o .libs/pkcs11x.o .libs/pkcs11_privkey.o .libs/pkcs11_write.o .libs/pkcs11_secret.o .libs/pkcs11_int.o .libs/srp.o .libs/psk.o -Wl,-force_load,../gl/.libs/libgnu.a -Wl,-force_load,x509/.libs/libgnutls_x509.a -Wl,-force_load,ext/.libs/libgnutls_ext.a -Wl,-force_load,auth/.libs/libgnutls_auth.a -Wl,-force_load,algorithms/.libs/libgnutls_alg.a -Wl,-force_load,extras/.libs/libgnutls_extras.a -Wl,-force_load,accelerated/.libs/libaccelerated.a -Wl,-force_load,nettle/.libs/libcrypto.a -framework Security -framework CoreFoundation -L/opt/local/lib -lp11-kit -lidn2 -lunistring -ltasn1 -lnettle -lhogweed -lgmp -lintl -Os -arch x86_64 -Wl,-headerpad_max_install_names -Wl,-syslibroot -Wl,/Applications/Xcode-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -arch x86_64 -Wl,-no_weak_imports -Wl,-framework -Wl,CoreFoundation -framework Security -framework CoreFoundation -install_name /opt/local/lib/libgnutls.30.dylib -compatibility_version 55 -current_version 55.0 -Wl,-single_module -Wl,-exported_symbols_list,.libs/libgnutls-symbols.expsym ld: warning: cannot export hidden symbol __gnutls_x86_cpuid_s from accelerated/.libs/libaccelerated.a(x86-common.o) ld: weak import of symbol '____chkstk_darwin' not supported because of option: -no_weak_imports for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[4]: *** [libgnutls.la] Error 1 ` For full log, see https://trac.macports.org/ticket/58636 ## Expected results: Clean build of gnutls 3.6.8, as for previous OS versions -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:36:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:36:24 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1038 https://gitlab.com/gnutls/gnutls/merge_requests/1038 * 3489f2f6 - gnutls_session_get_desc: avoid printing a NULL value -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:36:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:36:45 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/session.c: https://gitlab.com/gnutls/gnutls/merge_requests/1038#note_186716832 > return NULL; > } > > - if (kx == GNUTLS_KX_ECDHE_ECDSA || kx == GNUTLS_KX_ECDHE_RSA || > - kx == GNUTLS_KX_ECDHE_PSK) { > + if ((kx == GNUTLS_KX_ECDHE_ECDSA || kx == GNUTLS_KX_ECDHE_RSA || > + kx == GNUTLS_KX_ECDHE_PSK) && group_name) { > if (sign_str) > snprintf(kx_name, sizeof(kx_name), "(ECDHE-%s)-(%s)", > group_name, sign_str); > - else > + else if (group_name) Thanks, removed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038#note_186716832 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:37:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:37:27 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: All discussions on Merge Request !1038 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1038 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:37:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:37:27 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/openconnect-dtls12.c: https://gitlab.com/gnutls/gnutls/merge_requests/1038#note_186716864 > + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); > + > + if (ret < 0) { > + fail("client: Handshake failed\n"); > + gnutls_perror(ret); > + exit(1); > + } else { > + if (debug) > + success("client: Handshake was completed\n"); > + } > + > + desc = gnutls_session_get_desc(session); > + if (desc == NULL) > + fail("client: gnutls_session_get_desc: NULL\n"); > + > + if (strstr(desc, "null") != NULL) Indeed, it will cover other possible regressions too. Updated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038#note_186716864 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:47:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:47:21 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Merge Request !1034 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1034 Branches: tmp-fips-drbg-continuous to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:48:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:48:13 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.9 (May 29, 2019?Jul 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/22 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:49:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:49:06 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034#note_186717448 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:49:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:49:14 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Reassigned Merge Request 1034 https://gitlab.com/gnutls/gnutls/merge_requests/1034 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:51:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:51:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_186717541 > info, flags); > if (ret < 0) { > gnutls_assert(); > - return ret; > + continue; Makes sense to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_186717541 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:51:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:51:09 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: All discussions on Merge Request !1031 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1031 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:53:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:53:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Hmm, I think this file is there by mistake. The destructive tests were replaced by `pkcs11/list-tokens.c` and `p11-kit-load.sh` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_186717660 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 20:56:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 18:56:48 +0000 Subject: [gnutls-devel] GnuTLS | Unencrypted Finished msg is rejected with incorrect Alert (#643) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 21:03:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 19:03:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug: test whether RSA key exchange is supported (!1039) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1039 Project:Branches: nmav/gnutls:tmp-cli-debug to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 29 21:03:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Jun 2019 19:03:26 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug should test whether RSA key exchange is enabled (#449) In-Reply-To: References: Message-ID: Reassigned Issue 449 https://gitlab.com/gnutls/gnutls/issues/449 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/449 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 07:15:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 05:15:25 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Merge Request !1038 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1038 Branches: tmp-fix-desc to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 07:15:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 05:15:53 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038#note_186744782 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 07:16:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 05:16:54 +0000 Subject: [gnutls-devel] GnuTLS | nettle/rnd-fips: add FIPS 140-2 continuous RNG test (!1034) In-Reply-To: References: Message-ID: Merge Request !1034 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1034 Branches: tmp-fips-drbg-continuous to master Author: Daiki Ueno Assignee: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 08:24:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 06:24:26 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1031 https://gitlab.com/gnutls/gnutls/merge_requests/1031 * d40f28fd - tests: remove unused destructive/p11-kit-load.sh -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 08:25:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 06:25:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_186756364 OK, removed the file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_186756364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 08:25:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 06:25:26 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: All discussions on Merge Request !1031 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/1031 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 09:19:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 07:19:03 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Merge Request !1038 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1038 Branches: tmp-fix-desc to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 09:22:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 07:22:06 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | gnutls_session_get_desc: avoid printing a NULL value (!1038) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1038#note_186767376 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 30 16:33:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Jun 2019 14:33:59 +0000 Subject: [gnutls-devel] GnuTLS | OCSP response generation (#796) References: Message-ID: Kumar Mallikarjuna created an issue: I'm trying to create an OCSP responder for [Wget2](https://gitlab.com/gnuwget/wget2)'s testsuite. For the same, I need to generate OCSP responses. Are there any docs/examples which describe how to do this with GnuTLS? TIA -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/796 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: