From gnutls-devel at lists.gnutls.org Tue Oct 1 11:03:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 01 Oct 2019 09:03:41 +0000 Subject: [gnutls-devel] GnuTLS | cipher-alignment: migrate LDADD/CFLAGS after rename (!1082) In-Reply-To: References: Message-ID: Merge Request !1082 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1082 Project:Branches: ametzler/gnutls:tmp-20190929-junk-from-renamed-test to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1082 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 1 11:03:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 01 Oct 2019 09:03:46 +0000 Subject: [gnutls-devel] GnuTLS | cipher-alignment: migrate LDADD/CFLAGS after rename (!1082) In-Reply-To: References: Message-ID: Merge Request !1082 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1082 Project:Branches: ametzler/gnutls:tmp-20190929-junk-from-renamed-test to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1082 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 1 11:14:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 01 Oct 2019 09:14:12 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Tim R?hsen commented: That's a great step forward to track it down ! Maybe it's possible to reduce the number of iterations ? (One error would be enough.) Then use tcpdump/wireshark to create a pcap file. At the same time use GNUTLS_DEBUG_LEVEL=9 and redirect the output into a log file. Attach both files here. I will try to reproduce the errors from here as well with GnuTLS 3.6.9 and with latest master, in the next days (no time today). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_224331921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 1 20:18:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 01 Oct 2019 18:18:28 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: IBBoard commented: I wasn't sure how frequently it would occur or whether it was time related, so 60 calls two seconds apart seemed like a start! I've tweaked it slightly so that it stopped after one failure, ran it again and got an error on the second request. The attached covers the one success and the one failure. All that I added to the log is a marker line where the app says it failed. [bug841.log](/uploads/49fc21f9eabecaec6bc9a97f66cbb412/bug841.log) [bug841.pcap](/uploads/135d04cbe99e8c889ad7de70afb3b81e/bug841.pcap) I've got the SSL key log file as well, but as I can see the Hellos without it then I'm guessing it's not necessary (but it's all fake requests without user info anyway so it should be safe to let people decrypt). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_224652087 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 08:51:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 06:51:04 +0000 Subject: [gnutls-devel] GnuTLS | Support QUIC TLS API (#826) In-Reply-To: References: Message-ID: Aniketh Girish commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/826#note_224804346 Hi @dueno , > I expect at least a test case that tells what you are trying to achieve (and I don't think the current code does anything meaningful: Don't you think our implementation would only do something meaningful after the entire work is done? That is to even write a test, we need the entire code to be complete right? > for example, `gnutls_quic_secret_hook_exchange` would only work after the handshake is complete, which is useless in QUIC). By this did you mean that we need to do a gnutls_handshake() within gnutls_quic_secret_hook_exchange? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/826#note_224804346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 13:20:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 11:20:16 +0000 Subject: [gnutls-devel] GnuTLS | lib/algorithms: add AID values assigned by IANA (!1077) In-Reply-To: References: Message-ID: Merge Request !1077 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1077 Project:Branches: GostCrypt/gnutls:gost-iana to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 13:48:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 11:48:59 +0000 Subject: [gnutls-devel] GnuTLS | nettle/mac: add missing ifdef (!1083) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1083 Project:Branches: GostCrypt/gnutls:fix-gost-ifdef to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1083 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 14:03:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 12:03:15 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov started a new discussion on src/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_224997699 > > #include "mech-list.h" > > +struct pkcs11_mech_info { > + unsigned long min_key_size; > + unsigned long max_key_size; > + unsigned long flags; > +}; > + Should we add this structure to the public interface? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_224997699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 14:56:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 12:56:54 +0000 Subject: [gnutls-devel] GnuTLS | nettle/mac: add missing ifdef (!1083) In-Reply-To: References: Message-ID: Merge Request !1083 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1083 Project:Branches: GostCrypt/gnutls:fix-gost-ifdef to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1083 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 14:56:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 12:56:58 +0000 Subject: [gnutls-devel] GnuTLS | nettle/mac: add missing ifdef (!1083) In-Reply-To: References: Message-ID: Merge Request !1083 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1083 Project:Branches: GostCrypt/gnutls:fix-gost-ifdef to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1083 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:12:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:12:39 +0000 Subject: [gnutls-devel] GnuTLS | cipher cfb8 decrypt fixes (!1084) References: Message-ID: G?nther Deschner created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1084 Project:Branches: gd7/gnutls:gd-master-cfb8-fixes to gnutls/gnutls:master Author: G?nther Deschner cfb8 decrypt function fails to decrypt buffers smaller than blocksize (encrypt function is fine) ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [X] Test suite updated with functionality tests * [X] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1084 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:24:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:24:41 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I've opened an MR to your branch with some changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059#note_225044701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:35:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:35:50 +0000 Subject: [gnutls-devel] GnuTLS | cipher cfb8 decrypt fixes (!1084) In-Reply-To: References: Message-ID: Daiki Ueno commented: Hello G?nther, a (slightly different) fix and tests are now in nettle: - https://git.lysator.liu.se/nettle/nettle/commit/f4a9c842621baf5d71aa9cc3989851f44dc46861 - https://git.lysator.liu.se/nettle/nettle/commit/a3875d562abde88f258339176575c9ced95d8faa Would you be able to check if there is any missing parts or we can use them as it is? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1084#note_225051642 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:36:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:36:59 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1070 was reviewed by Nikos Mavrogiannopoulos -- Nikos Mavrogiannopoulos started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225052291 > + * @GNUTLS_ECC_CURVE_GOST256C: GOST R 34.10 TC26 256 C curve > + * @GNUTLS_ECC_CURVE_GOST256D: GOST R 34.10 TC26 256 D curve > + * @GNUTLS_ECC_CURVE_GOST256TEST: GOST R 34.10 256 bit curve from the standard itself Test seems to have remained here. -- Nikos Mavrogiannopoulos commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225052293 > case GNUTLS_ECC_CURVE_GOST512A: > return nettle_get_gost_512a(); > + case GNUTLS_ECC_CURVE_GOST256B: Shouldn't then they have `.supported = 0` on their definition? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:37:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:37:35 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225052566 Would that be as part of this MR? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225052566 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:44:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:44:36 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225056927 Yes, in progress for now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225056927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:46:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:46:38 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225058216 > return nettle_get_gost_256cpa(); > case GNUTLS_ECC_CURVE_GOST512A: > return nettle_get_gost_512a(); > + case GNUTLS_ECC_CURVE_GOST256B: No. They are supported by GnuTLS, but not supported by underlying Nettle library. In fact I have the feeling that we should change `ecc_curve->supported` to `ecc_curve->disabled`. WDYT? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225058216 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:46:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:46:45 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225058302 > * @GNUTLS_ECC_CURVE_GOST256CPXB: GOST R 34.10 CryptoPro 256 XchB curve > * @GNUTLS_ECC_CURVE_GOST512A: GOST R 34.10 TC26 512 A curve > * @GNUTLS_ECC_CURVE_GOST512B: GOST R 34.10 TC26 512 B curve > + * @GNUTLS_ECC_CURVE_GOST512C: GOST R 34.10 TC26 512 C curve > + * @GNUTLS_ECC_CURVE_GOST256A: GOST R 34.10 TC26 256 A curve > + * @GNUTLS_ECC_CURVE_GOST256B: GOST R 34.10 TC26 256 B curve > + * @GNUTLS_ECC_CURVE_GOST256C: GOST R 34.10 TC26 256 C curve > + * @GNUTLS_ECC_CURVE_GOST256D: GOST R 34.10 TC26 256 D curve > + * @GNUTLS_ECC_CURVE_GOST256TEST: GOST R 34.10 256 bit curve from the standard itself Oops. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225058302 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:48:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:48:10 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1085 Branches: tmp-iov-fixes to master Author: Daiki Ueno Previously, those functions failed to write the output to the buffers if the buffer length is not multiple of cipher block size. This makes sure that the cached data is always flushed. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:53:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:53:02 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225063458 > return nettle_get_gost_256cpa(); > case GNUTLS_ECC_CURVE_GOST512A: > return nettle_get_gost_512a(); > + case GNUTLS_ECC_CURVE_GOST256B: Ah, ok. Why do you think we should change the name? I see we use supported also in the protocols.c. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225063458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 15:57:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 13:57:20 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225066704 > return nettle_get_gost_256cpa(); > case GNUTLS_ECC_CURVE_GOST512A: > return nettle_get_gost_512a(); > + case GNUTLS_ECC_CURVE_GOST256B: Because it would allow us to remove all `.supported = 1` lines and set `.disabled = 1` when parsing config file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225066704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 16:06:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 14:06:35 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1070 https://gitlab.com/gnutls/gnutls/merge_requests/1070 * b9d33a76...039cf48f - 10 commits from branch `master` * fe47472b - lib: define more GOST curves * 81575b61 - lib/ecc: add documentation for GOST-related curves * 0eb7b43e - nettle/pk: add support for "new" TC26 256 B curve * 961f44a5 - lib: implement support for updated GOST PublicKeyParameters * be2c37e5 - cert-tests/gost: add certificate with new GOSTParameters struct -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 16:07:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 14:07:36 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225073925 I've extended `cert-tests/gost` test with certificate using new `GOSTParameters` structure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225073925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 17:06:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 15:06:08 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Tim R?hsen commented: The second (failing) connect uses the previously received session data (TLS Session Resumption). As the assert in the log file says, GnuTLS expects to see ChangeCipherSpec, but in fact the server delivers in this order ``` Handshake Protocol: New Session Ticket Change Cipher Spec Protocol: Change Cipher Spec Handshake Protocol: Encrypted Handshake Message ``` (see packet #33 in the pcap file) GnuTLS 3.6.9 dislikes this. It's time to call @nmav who is into the details of the TLS protocols. Is the server's message is in the specs or should GnuTLS be more flexible here ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225110002 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 2 20:15:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 18:15:32 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: IBBoard commented: I'm not an expert in the area, but I was getting to the point of reading RFCs while initially exploring this a few days ago(!) Page four of [RFC5077](https://www.ietf.org/rfc/rfc5077.txt) certainly appears to put the New Session Ticket before Change Cipher Spec, and the Client Hello does have a non-empty session_ticket extension. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225193174 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 01:00:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 02 Oct 2019 23:00:33 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1070 https://gitlab.com/gnutls/gnutls/merge_requests/1070 * 479e3673 - cert-tests/gost: add certificate with new GOSTParameters struct -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 02:14:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 00:14:16 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225283937 done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225283937 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 09:14:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 07:14:37 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I see that we [have code handling new session tickets during resumption](https://gitlab.com/gnutls/gnutls/blob/master/lib/handshake.c#L3046). So something else is going on here. We may have regressed in that use case with the TLS1.3 additions. Would you be willing to debug that? What I would check is whether it passes from that point in handshake.c, and if not try to figure why. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225381558 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 09:23:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 07:23:53 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: All discussions on Merge Request !1070 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1070 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 09:23:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 07:23:53 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225385128 > return nettle_get_gost_256cpa(); > case GNUTLS_ECC_CURVE_GOST512A: > return nettle_get_gost_512a(); > + case GNUTLS_ECC_CURVE_GOST256B: Makes sense. I'd separate that from that issue though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225385128 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 09:27:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 07:27:57 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225386846 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) Do you have some chain of these? That way we could verify both the cert output and verification (i.e., the implementation). Shouldn't also we include signing/verification tests with the new algorithms? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225386846 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 10:41:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 08:41:26 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225437078 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) Unfortunately no, CA certificate is an old one. I can generate a chain on my own. Would you like that? Algorithms are old, the only change standard body has demanded is the change in algorithm parameters. And on top of that this is tested in the `cert-tests/gost` test, where CA is generated using 512-bit curve, so it will use new format for algorithm parameters. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225437078 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 12:43:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 10:43:08 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1085 https://gitlab.com/gnutls/gnutls/merge_requests/1085 * a3c3237d - iov: _gnutls_iov_iter_next: return the bytes instead of blocks * 2ca01ea2 - iov: add _gnutls_iov_iter_sync to write back cached data to iov * d286eb06 - gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 16:38:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 14:38:03 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1085 https://gitlab.com/gnutls/gnutls/merge_requests/1085 * 18c8ec09 - iov: add _gnutls_iov_iter_sync to write back cached data to iov * 60f15697 - gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 17:13:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 15:13:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Simo Sorce commented: I would add some more comments on the _sync function so a reader knows that a) it is really only needed when we need to write back from an internal block that was needed because of a fragmented iovec not aligning on blocksized boundaries b) that walking backwards is fine because we only ever sync a full block anyway. Other than that the latest revision of _sync() is quite fine once you understand the assumptions, and th code looks correct. I would also add a test vector that is more fragmented (with odd sized chunks) in the middle where a block is split over at least 3 different vectors, to make sure all corner cases are always tested in case of future modification. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085#note_225660004 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 18:42:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 16:42:51 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) References: Message-ID: Aniketh Girish created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1086 Project:Branches: Aniketh01/gnutls:Aniketh01-Record-layer-seperation to gnutls/gnutls:master Author: Aniketh Girish Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 20:16:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 18:16:01 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: IBBoard commented: I'm happy to debug. I don't know what's important, though. I'm currently trying to build 3.6.7 packages (since that's what the Open Build Service has available from openSUSE Leap) and rebuild libsoup using that (since that's what my app uses) to see if the problem goes away. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225740368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 20:38:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 18:38:09 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Tim R?hsen commented: I will also try to reproduce first with your example code. If the issue is reproducible, I would switch over to gnutls-cli, that also supports session resumption (--resume). If that also reproduces the issue, it's very easy to switch between GnuTLS versions (e.g. latest master, or whatever). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225757303 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 20:40:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 18:40:54 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Tim R?hsen commented: Hey wait... it's easily reproducible, didn't thought it was. ``` gnutls-cli --resume api.twitter.com 443 ... *** Fatal error: An unexpected TLS packet was received. ``` Here we go ... I don't have the time today, but would look after it the next days - but maybe you can simply track it down on in code until then. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225758208 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 20:53:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 18:53:08 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Tim R?hsen commented: Latest master and 3.6.7 have the same issue, just tested both. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225761884 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 21:33:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 19:33:44 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: IBBoard commented: I'll skip those rebuilds then, if you've already managed to test it! Would the idea be to include more trace-level debugging through the `handshake_client` switch statement to track its path? Because from the logs then it's already showing a mismatch within the REC section (but I guess that could be unimportant/expected behaviour) ``` gnutls[5]: REC[0x2243680]: Expected Packet ChangeCipherSpec(20) gnutls[5]: REC[0x2243680]: Received Packet Handshake(22) with length: 186 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225774245 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 3 22:34:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 03 Oct 2019 20:34:09 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Tim R?hsen commented: Either more trace-level debugging or gdb, whatever you prefer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225795124 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 09:09:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 07:09:41 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Ok, I slept a little into it and I have an idea :) The server hello parsing is checking extensions gradually as it progresses. When session resumption is selected in TLS1.2 only the "mandatory" extensions are parsed. See [this code](https://gitlab.com/gnutls/gnutls/blob/master/lib/handshake.c#L1939). So an idea is, that possibly some condition is not met for the new session ticket to be received later (something in [this code](https://gitlab.com/gnutls/gnutls/blob/master/lib/ext/session_ticket.c#L630). I have not checked the details nor verified it, but a fix may be: ``` diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 98db39ff88..3ad8dec0ce 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -54,7 +54,7 @@ const hello_ext_entry_st ext_mod_session_ticket = { .gid = GNUTLS_EXTENSION_SESSION_TICKET, .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO, - .parse_type = GNUTLS_EXT_TLS, + .parse_type = GNUTLS_EXT_MANDATORY, .recv_func = session_ticket_recv_params, .send_func = session_ticket_send_params, .pack_func = session_ticket_pack, ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225937699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 09:13:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 07:13:18 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.11 (Oct 1, 2019?Dec 1, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/25 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 09:22:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 07:22:08 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225944120 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) Yes, a custom one is just fine. Would we with that lose coverage of the old format? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225944120 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 09:27:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 07:27:49 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225948551 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) OK, I will prepare one. No, old format is still checked by the same `gost` test: it uses intermediate CA with old 256-bit curve, so it will sign and verify data using old cert format. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_225948551 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 14:11:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 12:11:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1085 https://gitlab.com/gnutls/gnutls/merge_requests/1085 * fb8c8386 - iov: _gnutls_iov_iter_next: return the bytes instead of blocks * 97f1ef3b - iov: add _gnutls_iov_iter_sync to write back cached data to iov * 26792278 - gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 14:52:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 12:52:51 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1085#note_226112714 Thank you for the review. I've incorporated the comment and added more tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085#note_226112714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 15:33:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 13:33:20 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1085 was reviewed by Simo Sorce -- Simo Sorce commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1085#note_226136242 LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 17:45:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 15:45:22 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * e0aec136 - Fixup! ret variable mixup -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 18:40:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 16:40:43 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * 5bb15433 - Fixup! remove unused enums defined for quic -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 18:45:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 16:45:05 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Tom pushed new commits to merge request !1059 https://gitlab.com/gnutls/gnutls/merge_requests/1059 * 332cb8b0 - Increase number of tests in gnutls-cli-rawpk.sh * ee5dd88a - Merge branch 'patch-1' into 'tmp_gnutls-cli/srv_rawpk_support' -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 18:53:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 16:53:07 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * a56ad408 - Fixup! ret value mixup and remove unwanted quic enum defined -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 18:53:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 16:53:38 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Tom pushed new commits to merge request !1059 https://gitlab.com/gnutls/gnutls/merge_requests/1059 * 33b751de - Fixed extra test cases to behave correctly. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 20:34:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 18:34:14 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on src/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226258700 > > #include "mech-list.h" > > +struct pkcs11_mech_info { > + unsigned long min_key_size; > + unsigned long max_key_size; > + unsigned long flags; > +}; > + Isn't it the same as `struct ck_mechanism_info` in p11-kit/pkcs11.h? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226258700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 20:39:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 18:39:14 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on src/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226260640 > > #include "mech-list.h" > > +struct pkcs11_mech_info { > + unsigned long min_key_size; > + unsigned long max_key_size; > + unsigned long flags; > +}; > + I guess we only need to include pkcs11.h from p11-kit. The rationale of leaving it outside, is to avoid duplication and avoid the various variants of the pkcs11 api. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226260640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 20:41:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 18:41:17 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on src/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226261203 > str = mech_list[mechanism]; > + else if ((mechanism & 0xfffff000) == 0xd4321000 && > + ((mechanism & 0xfff) < sizeof(gost_mech_list) / sizeof(gost_mech_list[0]))) > + str = gost_mech_list[mechanism & 0xfff]; > if (str == NULL) > str = "UNKNOWN"; > > - fprintf(outfile, "[0x%.4lx] %s\n", mechanism, str); > + fprintf(outfile, "[0x%.4lx] %s", mechanism, str); > + > + if (gnutls_pkcs11_token_check_mechanism(url, mechanism, &minfo, sizeof(minfo), 0) != 0) { > + if (minfo.max_key_size != 0) > + fprintf(outfile, " keysize range (%ld, %ld)", minfo.min_key_size, minfo.max_key_size); > + if (minfo.flags & 0x1) > + printf(" hw"); > + if (minfo.flags & 0x100) if we include p11-kit/pkcs11.h I think that would become more easy to read as we can use the definitions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226261203 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 20:43:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 18:43:45 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on src/pkcs11-gost.h: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226261778 > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation, either version 3 of the License, or > + * (at your option) any later version. > + * > + * GnuTLS is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program. If not, see . > + */ > +#ifndef PKCS11_GOST_H > +#define PKCS11_GOST_H > + > +#define NSSCK_VENDOR_PKCS11_RU_TEAM 0xD4321000 /* 0x80000000 | 0x54321000 */ Are these towards standardization? The vendor defined schema will not be followed if later standardized. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226261778 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 20:45:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 18:45:45 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on src/pkcs11-gost.h: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226262272 > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation, either version 3 of the License, or > + * (at your option) any later version. > + * > + * GnuTLS is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program. If not, see . > + */ > +#ifndef PKCS11_GOST_H > +#define PKCS11_GOST_H > + > +#define NSSCK_VENDOR_PKCS11_RU_TEAM 0xD4321000 /* 0x80000000 | 0x54321000 */ A better place for these definitions is pkcs11x.h in p11-kit. We can keep them here for older versions as compatibility. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226262272 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 20:48:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 18:48:07 +0000 Subject: [gnutls-devel] GnuTLS | document limitations of gnutls_record_discard_queued() [ci skip] (!1069) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.11 (Oct 1, 2019?Dec 1, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/25 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 20:52:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 18:52:29 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Tom pushed new commits to merge request !1059 https://gitlab.com/gnutls/gnutls/merge_requests/1059 * 6522c27d - 1 commit from branch `master` * 35de3dd6 - Implemented raw public key support for gnutls-cli application. * b96d25c5 - Implemented raw public key support for gnutls-serv application. * 809cb326 - Added functional regression tests for rawpk functionality in gnutls-cli and gnutls-serv. * 59406091 - Updated NEWS to reflect the added raw public-key handling functionality for gnutls-cli/serv tools. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 21:09:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 19:09:03 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/917 was reviewed by Nikos Mavrogiannopoulos -- Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk.h: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226286315 > +void _gnutls_copy_psk_username(psk_auth_info_t info, const gnutls_datum_t *username) > +{ > + assert(sizeof(info->username) >= username->size); I think there is an off by one here. If the equality holds, there is no space for the null. -- Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk_passwd.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226286316 > +} > + > +static int username_matches(const gnutls_datum_t *username, This function doesn't have a consistent return value. At some point it returns a negative error code, later it returns the output of memcmp. It may be simpler to make it unsigned or bool and have a binary output. -- Nikos Mavrogiannopoulos started a new discussion on lib/handshake-checks.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226286317 > if (cred_type == GNUTLS_CRD_PSK || cred_type == GNUTLS_CRD_SRP) { > const char *username = NULL; > + uint16_t username_length; Why use uint16_t here instead of int or unsigned? -- Nikos Mavrogiannopoulos started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226286318 > + int ret; > + char *user_p; > + gnutls_psk_client_credentials_t cred = That doesn't seem to be used. -- Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk.h: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226286320 > typedef struct psk_auth_info_st { > char username[MAX_USERNAME_SIZE + 1]; > + uint16_t len; Just len in this structure can be confusing (len of username, or hint?). What about username_len? -- Nikos Mavrogiannopoulos started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226286321 > + * @out: an empty gnutls datum > + * > + * Return a pointer to the username of the peer in the supplied datum. Does not I'd explicitly spell out `@out` here. -- Nikos Mavrogiannopoulos started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226286322 > + * gnutls_psk_server_get_username2: > + * @session: is a gnutls session > + * @out: an empty gnutls datum What about instead: `a datum that will be filled in by this function`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 21:09:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 19:09:32 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Reassigned Merge Request 917 https://gitlab.com/gnutls/gnutls/merge_requests/917 Assignee changed from Nikos Mavrogiannopoulos to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 4 23:35:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 04 Oct 2019 21:35:45 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Tom pushed new commits to merge request !1059 https://gitlab.com/gnutls/gnutls/merge_requests/1059 * f141ab11...5d64441a - 64 commits from branch `master` * 1bdcceac - Implemented raw public key support for gnutls-cli application. * 6e9861f7 - Implemented raw public key support for gnutls-serv application. * 4d7ab883 - Added functional regression tests for rawpk functionality in gnutls-cli and gnutls-serv. * f7729195 - Updated NEWS to reflect the added raw public-key handling functionality for gnutls-cli/serv tools. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:24:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:24:28 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.11 (Oct 1, 2019?Dec 1, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/25 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:24:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:24:25 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Reassigned Merge Request 1059 https://gitlab.com/gnutls/gnutls/merge_requests/1059 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:24:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:24:48 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Merge Request !1059 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1059 Project:Branches: Vrancken/gnutls:tmp_gnutls-cli/srv_rawpk_support to gnutls/gnutls:master Author: Tom Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:25:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:25:20 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Merge Request !1059 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1059 Project:Branches: Vrancken/gnutls:tmp_gnutls-cli/srv_rawpk_support to gnutls/gnutls:master Author: Tom Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:25:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:25:42 +0000 Subject: [gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you for pulling this through! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059#note_226342454 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:30:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:30:58 +0000 Subject: [gnutls-devel] GnuTLS | document limitations of gnutls_record_discard_queued() [ci skip] (!1069) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1069 https://gitlab.com/gnutls/gnutls/merge_requests/1069 * ecd4a5b2...5d64441a - 31 commits from branch `master` * 55fba8fa - document limitations of gnutls_record_discard_queued() [ci skip] * a8f07103 - crq APIs: fix typos [ci skip] -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:31:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:31:03 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from toni.kontinen@pm.me): Bug: Small typo in gnutls_x509_crq_get_pk_oid(3) (#842) In-Reply-To: References: Message-ID: Reassigned Issue 842 https://gitlab.com/gnutls/gnutls/issues/842 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:31:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:31:06 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from toni.kontinen@pm.me): Bug: Small typo in gnutls_x509_crq_get_pk_oid(3) (#842) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.11 (Oct 1, 2019?Dec 1, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/25 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:31:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:31:10 +0000 Subject: [gnutls-devel] GnuTLS | document limitations of gnutls_record_discard_queued() [ci skip] (!1069) In-Reply-To: References: Message-ID: Reassigned Merge Request 1069 https://gitlab.com/gnutls/gnutls/merge_requests/1069 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:31:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:31:23 +0000 Subject: [gnutls-devel] GnuTLS | document limitations of gnutls_record_discard_queued() [ci skip] (!1069) In-Reply-To: References: Message-ID: Reassigned Merge Request 1069 https://gitlab.com/gnutls/gnutls/merge_requests/1069 Assignee changed from Nikos Mavrogiannopoulos to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:32:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:32:34 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from toni.kontinen@pm.me): Bug: Small typo in gnutls_x509_crq_get_pk_oid(3) (#842) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thanks I've updated MR !1069 to include a fix for this -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/842#note_226342768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:41:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:41:20 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Merge Request !1085 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1085 Branches: tmp-iov-fixes to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 03:42:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 01:42:35 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Approved based on Simo's approval. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085#note_226343214 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 04:11:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 02:11:20 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: The test that fails on aarch64 is: ``` ntest NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK (user:00) client:144: expected cli error -53 (Error in the push function.), got -12 (A TLS fatal alert has been received.) _check_wait_status:160: Child died with status 1 FAIL psk-file (exit status: 1) ``` This is a test that you added and expects authentication to fail by abruptive closure. However on aarch64 it seems to be receiving an alert. As the library does not send alerts, the issue is in the test itself. Is the error case you have in mind to test supposed to trigger an alert or not? If yes, maybe the issue is on the succeeding systems who don't send it. I see the call to `gnutls_alert_send_appropriate()` is not within a do while loop checking for E_AGAIN or E_INTERRUPTED. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226344962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 21:00:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 19:00:40 +0000 Subject: [gnutls-devel] GnuTLS | tests: correct gost server certificates (!1080) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/cert-common.h: https://gitlab.com/gnutls/gnutls/merge_requests/1080#note_226436839 > > static char server_ca3_gost01_cert_pem[] = > "-----BEGIN CERTIFICATE-----\n" > - "MIIC7TCCAVWgAwIBAgIIWcZJ7xuHksUwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" > - "AxMEQ0EtMzAgFw0xNzA5MjMxMTQ4MDFaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n" > - "A1UEAxMCR1IwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARA0Lvp\n" > - "9MaoYDxzkURVz71Q3Sw9Wrwa2F483xDd0mOID8CK7JY8C8gz/1dfZniUObT1JMa6\n" > - "hkGsQyFvPLD6Vr1bN6OBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxv\n" > - "Y2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDBzAAMB0G\n" > - "A1UdDgQWBBSGUfwGWchcx3r3TNANllOEOFkTWDAfBgNVHSMEGDAWgBT5qIYZY7ak\n" > - "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAXrO06eHEXlsbmRgSvCtu\n" > - "mnXCG6KNI6K4WS411Adj3wLkfURlbLMTT6tBFLRq5EVWQqp867/xk577Rd85yC0P\n" > - "biNXr0Am2DXEPOJnrmh3D/R8hy5gSozoZM7jfy3D9FK6l2O458teBe1l/aBZL7FW\n" I have not displayed them, but the difference based on size, is more than just the signature usage. Is that something expected? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1080#note_226436839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 21:03:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 19:03:47 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: btw. this may be something that became reproducible with your PR, but before it was randomly happening. See for example: https://gitlab.com/gnutls/gnutls/-/jobs/312513773 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_226437267 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 5 21:07:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 05 Oct 2019 19:07:43 +0000 Subject: [gnutls-devel] GnuTLS | It is not possible for server to check whether client requested OCSP stapling (#829) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @jgh I modified the request to what I think it is based on the whole context. Please let me know, or modify directly if something else is needed as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/829#note_226438086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 6 09:01:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 06 Oct 2019 07:01:11 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1085 https://gitlab.com/gnutls/gnutls/merge_requests/1085 * bbb31274 - iov: _gnutls_iov_iter_next: return bytes instead of blocks * c684814c - iov: add _gnutls_iov_iter_sync to write back cached data to iov * 6df0cf1c - gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 6 09:38:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 06 Oct 2019 07:38:51 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: All discussions on Merge Request !1085 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/1085 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 6 10:14:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 06 Oct 2019 08:14:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_aead_cipher_{en, de}cryptv2: write back cached data to buffers (!1085) In-Reply-To: References: Message-ID: Merge Request !1085 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1085 Branches: tmp-iov-fixes to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 6 19:06:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 06 Oct 2019 17:06:56 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1070 https://gitlab.com/gnutls/gnutls/merge_requests/1070 * 884c6d2c...73fc1e4b - 12 commits from branch `master` * 96fcde09 - lib: define more GOST curves * 025af8a4 - lib/ecc: add documentation for GOST-related curves * 9e9abf8a - nettle/pk: add support for "new" TC26 256 B curve * 9531c0c2 - lib: implement support for updated GOST PublicKeyParameters * eb3dd65b - cert-tests/gost: add certificate with new GOSTParameters struct -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 6 19:07:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 06 Oct 2019 17:07:30 +0000 Subject: [gnutls-devel] GnuTLS | WIP: tests: correct gost server certificates (!1080) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1080 was reviewed by Dmitry Eremin-Solenikov -- Dmitry Eremin-Solenikov commented on a discussion on tests/cert-common.h: https://gitlab.com/gnutls/gnutls/merge_requests/1080#note_226560362 > - "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAXrO06eHEXlsbmRgSvCtu\n" > - "mnXCG6KNI6K4WS411Adj3wLkfURlbLMTT6tBFLRq5EVWQqp867/xk577Rd85yC0P\n" > - "biNXr0Am2DXEPOJnrmh3D/R8hy5gSozoZM7jfy3D9FK6l2O458teBe1l/aBZL7FW\n" Yes, It seems I switched them to be self-signed. I'll fix that. However let's first get !1070 in. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 6 19:08:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 06 Oct 2019 17:08:45 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226560490 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226560490 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 6 21:13:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 06 Oct 2019 19:13:38 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: IBBoard commented: I've tried making that change on a clone of Master, but so far I'm just getting the following failure in the build process: ``` ? GEN srptool-args.stamp No .bak files found; will call autogen fserr 2: cannot map data file options: No such file or directory /home/ibboard/Projects/gnutls/build-aux/missing: line 81: 20516 Aborted (core dumped) "$@" make[2]: *** [Makefile:2524: srptool-args.stamp] Error 134 ? ``` Completely unrelated to the fix, but it means I've not been able to test it yet. Sorry. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_226573188 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 08:25:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 06:25:43 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: You need autogen to compile gnutls from master (see README.md). Otherwise you can apply the patch on an existing release (e.g., 3.6.10) and try there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_226648925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 10:43:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 08:43:44 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226712833 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) CI seem to fail. For windows it can be the `\r` but the others no idea. Diff has an option to ignore carriage returns. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226712833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 12:01:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 10:01:04 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1071 https://gitlab.com/gnutls/gnutls/merge_requests/1071 * ecd4a5b2...73fc1e4b - 41 commits from branch `master` * 3cfc77e4 - p11tool: print mechanism info in list-mechanisms * 70524705 - p11tool: print GOST vendor-private mechanisms -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 12:01:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 10:01:11 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on src/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226764365 > > #include "mech-list.h" > > +struct pkcs11_mech_info { > + unsigned long min_key_size; > + unsigned long max_key_size; > + unsigned long flags; > +}; > + done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226764365 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 12:01:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 10:01:22 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on src/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226764437 > str = mech_list[mechanism]; > + else if ((mechanism & 0xfffff000) == 0xd4321000 && > + ((mechanism & 0xfff) < sizeof(gost_mech_list) / sizeof(gost_mech_list[0]))) > + str = gost_mech_list[mechanism & 0xfff]; > if (str == NULL) > str = "UNKNOWN"; > > - fprintf(outfile, "[0x%.4lx] %s\n", mechanism, str); > + fprintf(outfile, "[0x%.4lx] %s", mechanism, str); > + > + if (gnutls_pkcs11_token_check_mechanism(url, mechanism, &minfo, sizeof(minfo), 0) != 0) { > + if (minfo.max_key_size != 0) > + fprintf(outfile, " keysize range (%ld, %ld)", minfo.min_key_size, minfo.max_key_size); > + if (minfo.flags & 0x1) > + printf(" hw"); > + if (minfo.flags & 0x100) done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226764437 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 12:34:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 10:34:19 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on src/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226782262 > if (mechanism < > sizeof(mech_list) / sizeof(mech_list[0])) > str = mech_list[mechanism]; > + else if ((mechanism & 0xfffff000) == 0xd4321000 && Can we simplify this by using definitions from p11-kit/pkcs11.h or with internal definitions in the header file you introduced? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226782262 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 14:14:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 12:14:07 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on src/pkcs11-gost.h: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226838945 > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation, either version 3 of the License, or > + * (at your option) any later version. > + * > + * GnuTLS is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program. If not, see . > + */ > +#ifndef PKCS11_GOST_H > +#define PKCS11_GOST_H > + > +#define NSSCK_VENDOR_PKCS11_RU_TEAM 0xD4321000 /* 0x80000000 | 0x54321000 */ I'll consult people in charge of PKCS11 extensions and then will submit them into p11-kit. I'd ask to get this part in GnuTLS for now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226838945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 15:12:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 13:12:18 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1071 https://gitlab.com/gnutls/gnutls/merge_requests/1071 * f42a6726 - p11tool: print GOST vendor-private mechanisms -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 15:13:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 13:13:01 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on src/pkcs11.c: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226872847 > if (mechanism < > sizeof(mech_list) / sizeof(mech_list[0])) > str = mech_list[mechanism]; > + else if ((mechanism & 0xfffff000) == 0xd4321000 && Reworked this to support vendor-defined CKMs in a generic way. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226872847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 15:24:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 13:24:58 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226885861 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) For the reference, [p11-kit's pull request](https://github.com/p11-glue/p11-kit/pull/255). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226885861 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 15:25:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 13:25:35 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on src/pkcs11-gost.h: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226886198 > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation, either version 3 of the License, or > + * (at your option) any later version. > + * > + * GnuTLS is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program. If not, see . > + */ > +#ifndef PKCS11_GOST_H > +#define PKCS11_GOST_H > + > +#define NSSCK_VENDOR_PKCS11_RU_TEAM 0xD4321000 /* 0x80000000 | 0x54321000 */ For the reference: [p11-kit's pull request](https://github.com/p11-glue/p11-kit/pull/255). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_226886198 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 16:38:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 14:38:05 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226928962 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) It seems that MinGW and 32-bit targets do not fully support `GeneralizedTime 31/12/9999 23:59:59 GMT`. They will output it as `Thu Dec 31 23:23:23 UTC 2037` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226928962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 17:17:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 15:17:26 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS will limit year to 2037 when time_t is 32-bit (#843) References: Message-ID: Dmitry Eremin-Solenikov created an issue: https://gitlab.com/gnutls/gnutls/issues/843 GnuTLS incorrectly handles year > 2037 on platforms with 32-bit `time_t`. This can be easily demonstrated by running certool on ARM32/MIPS/i386/MinGW32/MinGW64 on certificate with corresponding year. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/843 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 18:41:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 16:41:47 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1070 https://gitlab.com/gnutls/gnutls/merge_requests/1070 * 750dad78 - cert-tests/gost: add certificate with new GOSTParameters struct -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 18:42:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 16:42:30 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on tests/cert-tests/data/gost-cert-new.pem: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226998083 > +X.509 Certificate Information: > + Version: 3 > + Serial Number (hex): 12003b87c2a7948bc008bf49ea0001003b87c2 > + Issuer: CN=CRYPTO-PRO Test Center 2,O=CRYPTO-PRO LLC,L=Moscow,C=RU,EMAIL=support at cryptopro.ru > + Validity: > + Not Before: Wed Oct 02 13:52:34 UTC 2019 > + Not After: Thu Jan 02 14:02:34 UTC 2020 > + Subject: CN=Test User > + Subject Public Key Algorithm: GOST R 34.10-2012-512 > + Algorithm Security Level: Future (512 bits) Should be fixed now (for this MR). I've opened #843 though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070#note_226998083 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 18:42:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 16:42:31 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: All discussions on Merge Request !1070 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1070 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 19:28:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 17:28:05 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS will limit year to 2037 when time_t is 32-bit (#843) In-Reply-To: References: Message-ID: Andreas Metzler commented: Somehing similar was reported as #370 which was solved by documenting the issue and not failing silently but issueing warning messages. ("This system expresses time with a 32-bit time_t; that prevents dates after 2038 to be expressed by GnuTLS.") -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/843#note_227019233 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 20:52:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 18:52:50 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: IBBoard commented: I've got autogen. ``` $ autogen -v autogen (GNU AutoGen) 5.18.16 ``` It's autogen that's throwing the "fserr 2". All I've been able to find is message 4F4A8829.4080404{at}cs.uni-kl.de from 2012, so I assume it's a fixed issue and I've done something wrong rather than it being a bug or a regression. Testing from 3.6.10 tarball, I regularly (maybe every other request, on average) get: ``` - Connecting again- trying to resume previous session Resolving 'api.twitter.com:443'... Connecting to '104.244.42.66:443'... *** Fatal error: An unexpected TLS packet was received. ``` With that patch applied I've just done 50 requests in a row without a single error! It logs: ``` - Connecting again- trying to resume previous session Resolving 'api.twitter.com:443'... Connecting to '104.244.42.66:443'... - Description: (TLS1.2)-(ECDHE-SECP256R1)-(AES-128-GCM) - Session ID: ? - Options: safe renegotiation, - Resume Handshake was completed *** This is a resumed session - Simple Client Mode: - Peer has closed the GnuTLS connection ``` Seems like it might be a simple fix ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_227057133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 20:53:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 18:53:40 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1070 https://gitlab.com/gnutls/gnutls/merge_requests/1070 * 4c654ec5 - cert-tests/gost: add certificate with new GOSTParameters struct -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 20:56:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 18:56:57 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS will limit year to 2037 when time_t is 32-bit (#843) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: The problem is that 32-bit GnuTLS will silently limit dates in certificates created on other systems. I'd consider outputting a warning (or returning an error) as a valid solution. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/843#note_227062944 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 21:41:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 19:41:12 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1070 https://gitlab.com/gnutls/gnutls/merge_requests/1070 * 1df92221 - cert-tests/gost: add certificate with new GOSTParameters struct -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 22:31:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 20:31:29 +0000 Subject: [gnutls-devel] GnuTLS | automate coverity checks (#574) In-Reply-To: References: Message-ID: Reassigned Issue 574 https://gitlab.com/gnutls/gnutls/issues/574 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/574 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 22:32:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 20:32:17 +0000 Subject: [gnutls-devel] GnuTLS | automate coverity checks (#574) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I have automated this part, and now each tag will be submitted for coverity scan. The current status can be seen at: https://scan.coverity.com/projects/gnutls -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/574#note_227111551 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 22:32:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 20:32:23 +0000 Subject: [gnutls-devel] GnuTLS | automate coverity checks (#574) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.11 (Oct 1, 2019?Dec 1, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/25 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/574 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 7 22:39:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 07 Oct 2019 20:39:03 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1070 https://gitlab.com/gnutls/gnutls/merge_requests/1070 * 7dc62483 - cert-tests/gost: add certificate with new GOSTParameters struct -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 07:21:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 05:21:05 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Merge Request !1070 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1070 Project:Branches: GostCrypt/gnutls:new-gost-x509 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 07:26:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 05:26:12 +0000 Subject: [gnutls-devel] GnuTLS | session tickets: parse extension during session resumption (!1087) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1087 Project:Branches: nmav/gnutls:tmp-ext-mandatory to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos It is possible for a server to send a new session ticket during TLS1.2 resumption. To be able to parse it as client we need to check the extension during resumption as well. No tests are included as I could not reproduce the server-side behavior. Resolves #841 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1087 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 07:26:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 05:26:39 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you. I've created an MR for this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_227228911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 11:30:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 09:30:33 +0000 Subject: [gnutls-devel] GnuTLS | Implement new requirements for GOST PublicKeyParameters (!1070) In-Reply-To: References: Message-ID: Merge Request !1070 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1070 Project:Branches: GostCrypt/gnutls:new-gost-x509 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 13:04:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 11:04:37 +0000 Subject: [gnutls-devel] GnuTLS | WIP: tests: correct gost server certificates (!1080) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1080 https://gitlab.com/gnutls/gnutls/merge_requests/1080 * b9d33a76...5d5613b7 - 30 commits from branch `master` * a1f8f103 - tests: correct gost server certificates -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 13:36:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 11:36:46 +0000 Subject: [gnutls-devel] GnuTLS | tests: correct gost server certificates (!1080) In-Reply-To: References: Message-ID: All discussions on Merge Request !1080 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1080 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 13:37:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 11:37:18 +0000 Subject: [gnutls-devel] GnuTLS | tests: correct gost server certificates (!1080) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on tests/cert-common.h: https://gitlab.com/gnutls/gnutls/merge_requests/1080#note_227417602 > > static char server_ca3_gost01_cert_pem[] = > "-----BEGIN CERTIFICATE-----\n" > - "MIIC7TCCAVWgAwIBAgIIWcZJ7xuHksUwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" > - "AxMEQ0EtMzAgFw0xNzA5MjMxMTQ4MDFaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n" > - "A1UEAxMCR1IwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARA0Lvp\n" > - "9MaoYDxzkURVz71Q3Sw9Wrwa2F483xDd0mOID8CK7JY8C8gz/1dfZniUObT1JMa6\n" > - "hkGsQyFvPLD6Vr1bN6OBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxv\n" > - "Y2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDBzAAMB0G\n" > - "A1UdDgQWBBSGUfwGWchcx3r3TNANllOEOFkTWDAfBgNVHSMEGDAWgBT5qIYZY7ak\n" > - "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAXrO06eHEXlsbmRgSvCtu\n" > - "mnXCG6KNI6K4WS411Adj3wLkfURlbLMTT6tBFLRq5EVWQqp867/xk577Rd85yC0P\n" > - "biNXr0Am2DXEPOJnrmh3D/R8hy5gSozoZM7jfy3D9FK6l2O458teBe1l/aBZL7FW\n" Updated certificates and 512-bit key. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1080#note_227417602 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 14:03:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 12:03:41 +0000 Subject: [gnutls-devel] GnuTLS | Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !920 https://gitlab.com/gnutls/gnutls/merge_requests/920 * b9d33a76...5d5613b7 - 30 commits from branch `master` * aae57379 - nettle/gost: provide GOST keywrapping support * 9e661552 - nettle/gost: add support for GOST VKO algorithm * 955f6a4c - _gnutls_pk_derive: add argument for nonce * e2394501 - nettle: add support for GOST key derivation * bfab511c - mpi: add _gnutls_mpi_bprint_size_le() * 1438a38c - Allow using implicit IV for stream ciphers with TLS * e12a9167 - Support GOST certificate request values * 3bc1b5b9 - Add GOST key transport support * 3b5d2afa - groups: add function to return group by curve * ead85bdc - Add support for VKO GOST key exchange * f2a439b8 - Support GOST cipher suite MAC calculation * 9a1c64de - Add GOST cipher suites * e070d855 - Declare groups corresponding to GOST curves * 3b2f9bc0 - Add GOST values to cipher suites priorities * 866a0759 - prf: add GOST R 34.11-94 and Streebog PRF support * 41242730 - tests: add tests for KX-GOST-VKO using different key variants * 242e5e6b - lib: fix group selection in case of GOST cipher suites * 3b5da92d - tests: added testcases for ciphersuite/KX negotiation with VKO-GOST * 781b91bb - lib: pubkey vs TLS signature compatibility for GOST algorithms * 1827600f - cli-debug: include GOST VKO into KX list * 23d9fb5f - priority: add GROUP-GOST-ALL keyword * 1737d28e - ecc: define curve->group relationship * cce3bea1 - ext/supported_groups: don't consider non-EC groups for EC * e0bf840a - ext/signature: use GOST signatures for GOST ciphersiuites * c198a91d - tests: correct gost server certificates * 671d7577 - Swap TLS signatures in case we are signing them with GOST keys * ed64f7e5 - gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests * dbd43364 - tls13-server-kx-neg: add test for GOST-enabled server and client * c4ea81db - Add check for gost curves in nettle -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 14:16:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 12:16:38 +0000 Subject: [gnutls-devel] GnuTLS | tests: correct gost server certificates (!1080) In-Reply-To: References: Message-ID: Merge Request !1080 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1080 Project:Branches: GostCrypt/gnutls:fix-cert-keys to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 15:13:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 13:13:47 +0000 Subject: [gnutls-devel] GnuTLS | prf: add GOST R 34.11-94 and Streebog PRF support (!1088) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1088 Project:Branches: GostCrypt/gnutls:gost-prf to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1088 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 15:16:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 13:16:21 +0000 Subject: [gnutls-devel] GnuTLS | ext/supported_groups: don't consider non-EC groups for EC (!1089) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1089 Project:Branches: GostCrypt/gnutls:groups-non-ec to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1089 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 16:08:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 14:08:17 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Reassigned Issue 841 https://gitlab.com/gnutls/gnutls/issues/841 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 16:14:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 14:14:46 +0000 Subject: [gnutls-devel] GnuTLS | Test failure in test-ciphers-api.sh (#764) In-Reply-To: References: Message-ID: Ricardo M_ Correia commented: I'm still running into this issue. @nmav Yes, the nettle testsuite pass and a small program that calls `assert()` correctly raises `SIGABRT`: ```c $ cat test.c #include int main() { assert(0); return 0; } $ gcc -o test test.c -Wall -std=c99 $ ./test test: test.c:5: main: Assertion `0' failed. fish: ?./test? terminated by signal SIGABRT (Abort) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/764#note_227532524 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 16:14:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 14:14:47 +0000 Subject: [gnutls-devel] GnuTLS | Test failure in test-ciphers-api.sh (#764) In-Reply-To: References: Message-ID: Issue was reopened by Ricardo M_ Correia Issue 764: https://gitlab.com/gnutls/gnutls/issues/764 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/764 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 16:24:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 14:24:34 +0000 Subject: [gnutls-devel] GnuTLS | Test failure in test-ciphers-api.sh (#764) In-Reply-To: References: Message-ID: Ricardo M_ Correia commented: I'm starting to think my initial diagnosis is wrong -- i.e., it's not that `assert()` is raising `SIGILL`, but rather, one of the tests is causing `SIGILL` instead of an assertion failure. Perhaps this part of the log makes that clearer: ``` trying aes256-gcm cipher-api-test: gcm.c:429: nettle_gcm_update: Assertion `ctx->auth_size % GCM_BLOCK_SIZE == 0' failed. cipher-api-test: gcm.c:479: nettle_gcm_encrypt: Assertion `ctx->data_size % GCM_BLOCK_SIZE == 0' failed. trying aes128-cbc check_status:206: Child died with signal 4 SSSE3 cipher tests failed FAIL test-ciphers-api.sh (exit status: 1) ``` As you can see, the `aes128-cbc` test does not print an assertion message before failing with `SIGILL`, which likely is indicating that `assert()` is not being called... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/764#note_227538974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 16:44:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 14:44:20 +0000 Subject: [gnutls-devel] GnuTLS | session tickets: parse extension during session resumption (!1087) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1087 https://gitlab.com/gnutls/gnutls/merge_requests/1087 * afa6e340 - session tickets: parse extension during session resumption on client side -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1087 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 16:53:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 14:53:26 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: All discussions on Merge Request !1071 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1071 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 17:02:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 15:02:34 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: What about having a test for the new output to ensure that everything is printed as expected (e.g., in testpkcs11.sh)? For the GOST part I not against that, but I would like to know whether they are intended to be standardized. The reason is that PKCS#11 standardization will change their assigned numbers and updating gnutls for them will "break" gnutls' ABI. If that's a private extension and intends to stay so we are fine with it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_227569833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 17:03:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 15:03:52 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Ander Juaristi commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_227571269 Yes, I saw that, but had no idea how to proceed. Thank you for helping me unblock this. > Is the error case you have in mind to test supposed to trigger an alert or not? No, (if my assumptions are correct) it should test for `GNUTLS_E_PUSH_ERROR`. The original test already tests that (see psk-file.c, [line 413](https://gitlab.com/gnutls/gnutls/blob/master/tests/psk-file.c#L413)): ``` /* try without server credentials */ run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS); ``` The new test just extends that failure case to binary users, as I assume behavior should be the same regardless of whether the user is binary or not: ``` /* try without server credentials */ run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_jas, &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 0); run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_hex, &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1); run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_null_1, &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1); run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_null_2, &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1); ``` Any idea how should we proceed? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_227571269 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 17:04:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 15:04:35 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Ander Juaristi commented: Thanks for the feedback. I'll address the issues during this week and push further commits. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_227571654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 18:35:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 16:35:22 +0000 Subject: [gnutls-devel] GnuTLS | Test failure in test-ciphers-api.sh (#764) In-Reply-To: References: Message-ID: Ricardo M_ Correia commented: Ok, I believe I figured out what's going on. I ran the tests in a slightly different (non-sandboxed) environment and they passed, but they still didn't pass in the sandboxed environment. I noticed that `test-ciphers-api.sh` was failing with `SIGILL` in the sandboxed environment, but only on the 4th run of the `aes128-cbc` test. However, in the non-sandboxed environment, `aes128-cbc` only ran twice, because `test-ciphers-api.sh` exited early with the `non-x86 CPU detected` message. So the problem was that `test-ciphers-api.sh` was not detecting that this was not a x86 CPU in the sandboxed environment. The root cause of the problem is in this code, inside `tests/scripts/common.sh`: ```bash exit_if_non_x86() { which lscpu >/dev/null 2>&1 if test $? = 0;then $(which lscpu)|grep Architecture|grep x86 if test $? != 0;then echo "non-x86 CPU detected" exit 0 fi fi } ``` The way this is implemented, a non-x86 CPU will never be detected if `lscpu` is not available, i.e. if `utillinux` is not installed and included in the `PATH` variable. My suggestion is that this code is reworked to use the `uname -m` command, which is more likely to be available as it's part of `coreutils`, or that `utillinux` is added as a required dependency in `README.md` and/or wherever else the dependencies are documented. Either way, I'm going to add `utillinux` as a dependency of GnuTLS in NixOS, to fix this issue in the meantime. Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/764#note_227613524 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 20:03:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 18:03:51 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: OK, I'll sketch a test. TC26 is not part of OASIS and has not intent to join. So for the foreseeable future there are no plans to push this part to PKCS#11 standard, unless somebody wants to sponsor pushing this part to standard. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_227643182 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 8 23:26:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 21:26:09 +0000 Subject: [gnutls-devel] GnuTLS | tests/psk-file: fix heizenbug in last test (!1090) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1090 Project:Branches: GostCrypt/gnutls:psk-file-fix to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1090 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 00:29:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 22:29:43 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1071 https://gitlab.com/gnutls/gnutls/merge_requests/1071 * 96fcde09...5d5613b7 - 8 commits from branch `master` * da2790f3 - p11tool: print mechanism info in list-mechanisms * eb8d909c - p11tool: print GOST vendor-private mechanisms * 9e115227 - testpkcs11.sh: test that we output mechanism flags correctly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 00:30:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 22:30:25 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: Wrote a test for several PKCS#11 mechanism flags. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_227739662 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 00:31:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 08 Oct 2019 22:31:16 +0000 Subject: [gnutls-devel] GnuTLS | tests: correct gost server certificates (!1080) In-Reply-To: References: Message-ID: Merge Request !1080 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1080 Project:Branches: GostCrypt/gnutls:fix-cert-keys to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 08:40:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 06:40:57 +0000 Subject: [gnutls-devel] GnuTLS | Test failure in test-ciphers-api.sh (#764) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thanks. Would you like to propose an MR? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/764#note_227829014 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 08:43:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 06:43:10 +0000 Subject: [gnutls-devel] GnuTLS | ext/supported_groups: don't consider non-EC groups for EC (!1089) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Makes sense. What is the background for this? Did this cause an issue? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1089#note_227830828 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 09:31:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 07:31:07 +0000 Subject: [gnutls-devel] GnuTLS | tests/psk-file: fix heizenbug in last test (!1090) In-Reply-To: References: Message-ID: Merge Request !1090 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1090 Project:Branches: GostCrypt/gnutls:psk-file-fix to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1090 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 13:07:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 11:07:19 +0000 Subject: [gnutls-devel] GnuTLS | ext/supported_groups: don't consider non-EC groups for EC (!1089) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1089#note_228004911 Yes. Once I added GOST groups, they were attempted to be selected for EC. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1089#note_228004911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 13:53:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 11:53:43 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1071 https://gitlab.com/gnutls/gnutls/merge_requests/1071 * a1f8f103...fb791c36 - 2 commits from branch `master` * 7d229045 - p11tool: print mechanism info in list-mechanisms * df4fb0b2 - testpkcs11.sh: test that we output mechanism flags correctly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 13:55:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 11:55:21 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: I've dropped GOST mechanism definitions for now. I'll get GOST fully working with pkcs11 support and resubmit after that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071#note_228027366 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 16:01:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 14:01:14 +0000 Subject: [gnutls-devel] GnuTLS | WIP: GOST PKCS#11 support (!1091) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1091 Project:Branches: GostCrypt/gnutls:gost-pkcs11-2 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov This adds support for GOST R 34.10 objects to GnuTLS'es PKCS#11 support. With this I'm able to create private and public keys and write certificates back to the token. TODO: * [ ] VKO support for TLS * [ ] check derivation of public key from private key * [ ] tests (requires SoftHSM2 compiled with GOST support) ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1091 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 17:38:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 15:38:34 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Merge Request !1071 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1071 Project:Branches: GostCrypt/gnutls:gost-pkcs11 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 17:39:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 15:39:55 +0000 Subject: [gnutls-devel] GnuTLS | ext/supported_groups: don't consider non-EC groups for EC (!1089) In-Reply-To: References: Message-ID: Merge Request !1089 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1089 Project:Branches: GostCrypt/gnutls:groups-non-ec to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1089 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 17:40:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 15:40:30 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: All discussions on Merge Request !1069 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1069 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 17:41:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 15:41:05 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @lumag would you like to review this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069#note_228195523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 17:43:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 15:43:41 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix coverity in lib/ (!1092) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1092 Branches: tmp-fix-coverity to master Author: Tim R?hsen Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 17:45:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 15:45:46 +0000 Subject: [gnutls-devel] GnuTLS | README.md: document lscpu/util-linux dependency for make check (!1093) References: Message-ID: Ricardo M_ Correia created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1093 Project:Branches: wizeman/gnutls:doc-lscpu to gnutls/gnutls:master Author: Ricardo M. Correia Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [X] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1093 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 17:48:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 15:48:04 +0000 Subject: [gnutls-devel] GnuTLS | README.md: document lscpu/util-linux dependency for make check (!1093) In-Reply-To: References: Message-ID: Ricardo M_ Correia commented: I've opted to simply document the dependency rather than remove it because `lscpu` is used in more places than what I mentioned in #764 and it's not obvious to me how to do CPU feature detection in a more portable way. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1093#note_228199729 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 18:57:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 16:57:23 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen pushed new commits to merge request !1092 https://gitlab.com/gnutls/gnutls/merge_requests/1092 * 88e06757 - lib/str.c: Replace sscanf() in _gnutls_buffer_unescape() * 7b629631 - lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry() * b4b010d2 - lib/x509/output.c: Remove trailing spaces * 88b96979 - lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey() * 70cc8452 - lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id() * 41d77e23 - lib/record.c: Remove trailing white space * 6bf75011 - lib/record.c: Use memmove for overlapping copy * 353bccfb - lib/cipher.c: Remove trailing white space * 9988c677 - cipher: Let _gnutls_auth_cipher_setiv() return int * e60233cb - lib/x509/x509.c: Remove trailing white space * a33308f3 - lib/x509/x509.c: Help static analyzers in get_alt_name() -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 19:56:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 17:56:59 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/merge_requests/1069#note_228265991 > * gnutls_record_discard_queued: > * @session: is a #gnutls_session_t type. > * > - * This function discards all queued to be sent packets in a TLS or DTLS session. > + * This function discards all queued to be sent packets in a DTLS session. > * These are the packets queued after an interrupted gnutls_record_send(). > * > + * This function cannot only be used with transports where send() is "can only be used" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069#note_228265991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 19:58:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 17:58:46 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: LGTM except another typo (already noticed by @TheRealMichaelCatanzaro ). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069#note_228266958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 20:24:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 18:24:11 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1069 https://gitlab.com/gnutls/gnutls/merge_requests/1069 * 1bdcceac...fb791c36 - 20 commits from branch `master` * 5f66f24e - document limitations of gnutls_record_discard_queued() [ci skip] * 3107a5f5 - crq APIs: fix typos [ci skip] -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 20:25:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 18:25:15 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/merge_requests/1069#note_228287254 > * gnutls_record_discard_queued: > * @session: is a #gnutls_session_t type. > * > - * This function discards all queued to be sent packets in a TLS or DTLS session. > + * This function discards all queued to be sent packets in a DTLS session. > * These are the packets queued after an interrupted gnutls_record_send(). > * > + * This function cannot only be used with transports where send() is Thanks, updated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069#note_228287254 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 20:28:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 18:28:15 +0000 Subject: [gnutls-devel] GnuTLS | README.md: document lscpu/util-linux dependency for make check (!1093) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: LGTM. For the CI failure you need to either bump the time to 2h, or add '[ci skip]' in the commit message as you only change the README file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1093#note_228288908 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 9 20:28:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 09 Oct 2019 18:28:19 +0000 Subject: [gnutls-devel] GnuTLS | README.md: document lscpu/util-linux dependency for make check (!1093) In-Reply-To: References: Message-ID: Merge Request !1093 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1093 Project:Branches: wizeman/gnutls:doc-lscpu to gnutls/gnutls:master Author: Ricardo M_ Correia Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1093 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:12:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:12:15 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: All discussions on Merge Request !1069 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1069 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:12:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:12:38 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: Merge Request !1069 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1069 Project:Branches: nmav/gnutls:tmp-fix-doc3 to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:12:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:12:43 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from toni.kontinen@pm.me): Bug: Small typo in gnutls_x509_crq_get_pk_oid(3) (#842) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via commit 3107a5f5cd9bb0f6a873d6549adfd5feba920d6b Issue #842: https://gitlab.com/gnutls/gnutls/issues/842 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:12:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:12:43 +0000 Subject: [gnutls-devel] GnuTLS | documentation updates (!1069) In-Reply-To: References: Message-ID: Merge Request !1069 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1069 Project:Branches: nmav/gnutls:tmp-fix-doc3 to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:13:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:13:12 +0000 Subject: [gnutls-devel] GnuTLS | ext/supported_groups: don't consider non-EC groups for EC (!1089) In-Reply-To: References: Message-ID: All discussions on Merge Request !1089 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1089 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1089 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:13:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:13:17 +0000 Subject: [gnutls-devel] GnuTLS | ext/supported_groups: don't consider non-EC groups for EC (!1089) In-Reply-To: References: Message-ID: Merge Request !1089 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1089 Project:Branches: GostCrypt/gnutls:groups-non-ec to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1089 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:13:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:13:29 +0000 Subject: [gnutls-devel] GnuTLS | tests/psk-file: fix heizenbug in last test (!1090) In-Reply-To: References: Message-ID: Merge Request !1090 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1090 Project:Branches: GostCrypt/gnutls:psk-file-fix to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1090 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:14:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:14:11 +0000 Subject: [gnutls-devel] GnuTLS | P11tool improvements (!1071) In-Reply-To: References: Message-ID: Merge Request !1071 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1071 Project:Branches: GostCrypt/gnutls:gost-pkcs11 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:15:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:15:51 +0000 Subject: [gnutls-devel] GnuTLS | README.md: document lscpu/util-linux dependency for make check (!1093) In-Reply-To: References: Message-ID: Merge Request !1093 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1093 Project:Branches: wizeman/gnutls:doc-lscpu to gnutls/gnutls:master Author: Ricardo M_ Correia Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1093 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:18:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:18:09 +0000 Subject: [gnutls-devel] GnuTLS | WIP: GOST PKCS#11 support (!1091) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1091 https://gitlab.com/gnutls/gnutls/merge_requests/1091 * 14041d8f...afad4213 - 8 commits from branch `master` * 7885dbc4 - pkcs11: fix vendor-defined CKM usage * 81974700 - lib/pkcs11: add support for GOST R 34.10 objects * 410c6cae - lib/pkcs11: add support for GOST R 34.10-2012 512-bit keys * d3ca5d04 - p11tool: print GOST vendor-private mechanisms -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1091 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 02:18:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 00:18:26 +0000 Subject: [gnutls-devel] GnuTLS | Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !920 https://gitlab.com/gnutls/gnutls/merge_requests/920 * a1f8f103...afad4213 - 12 commits from branch `master` * 15c06f37 - nettle/gost: provide GOST keywrapping support * 053e4512 - nettle/gost: add support for GOST VKO algorithm * 6425c258 - _gnutls_pk_derive: add argument for nonce * a04e7a08 - nettle: add support for GOST key derivation * 14d981cc - Allow using implicit IV for stream ciphers with TLS * 71a5eb4e - Support GOST certificate request values * d042a2ec - Add GOST key transport support * eb2b1485 - groups: add function to return group by curve * 7e80518f - Add support for VKO GOST key exchange * 88031466 - Support GOST cipher suite MAC calculation * d6d97916 - Add GOST cipher suites * 51e189ea - Declare groups corresponding to GOST curves * 09fd70e3 - Add GOST values to cipher suites priorities * 69a22551 - prf: add GOST R 34.11-94 and Streebog PRF support * 07705d01 - tests: add tests for KX-GOST-VKO using different key variants * ff4e9a64 - lib: fix group selection in case of GOST cipher suites * 6d0abb8a - tests: added testcases for ciphersuite/KX negotiation with VKO-GOST * 13925dd2 - lib: pubkey vs TLS signature compatibility for GOST algorithms * 60a833ab - cli-debug: include GOST VKO into KX list * d3a4b922 - priority: add GROUP-GOST-ALL keyword * 3196d780 - ecc: define curve->group relationship * a9e8d4ca - ext/signature: use GOST signatures for GOST ciphersiuites * 67d77ec8 - Swap TLS signatures in case we are signing them with GOST keys * 55aa67d9 - gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests * 2d085234 - tls13-server-kx-neg: add test for GOST-enabled server and client * e0ee505d - Add check for gost curves in nettle -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 08:40:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 06:40:11 +0000 Subject: [gnutls-devel] GnuTLS | Test failure in test-ciphers-api.sh (#764) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1093 (https://gitlab.com/gnutls/gnutls/merge_requests/1093) Issue #764: https://gitlab.com/gnutls/gnutls/issues/764 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/764 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 08:40:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 06:40:11 +0000 Subject: [gnutls-devel] GnuTLS | README.md: document lscpu/util-linux dependency for make check (!1093) In-Reply-To: References: Message-ID: Merge Request !1093 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1093 Project:Branches: wizeman/gnutls:doc-lscpu to gnutls/gnutls:master Author: Ricardo M_ Correia Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1093 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 09:03:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 07:03:39 +0000 Subject: [gnutls-devel] GnuTLS | Marilerr (!1094) References: Message-ID: Mohd Hafizi Khiruddin created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1094 Project:Branches: marilerr/gnutls:marilerr to gnutls/gnutls:master Author: Mohd Hafizi Khiruddin Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 10:00:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 08:00:43 +0000 Subject: [gnutls-devel] GnuTLS | Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/auth/vko_gost.c: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_228572185 > + i += len; > + > + cek.data = &data[i]; > + cek.size = ret; > + > + DECR_LEN(data_size, ret); > + > + if (data_size != 0) > + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); > + > + ret = calc_ukm(session, &ukm); > + if (ret < 0) > + return gnutls_assert_val(ret); > + > + if (!privkey || privkey->type != GNUTLS_PRIVKEY_X509) { > + gnutls_assert(); Now I can answer on HSM usage. VKO operation uses `C_DeriveKey` function, which is an equivalent to `_gnutls_gost_vko_key()` from `lib/vko.c`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_228572185 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 10:48:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 08:48:04 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Dmitri fixed the bug in the test in !1090, you may want to rebase to master to get over it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_228606912 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 11:29:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 09:29:37 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen pushed new commits to merge request !1092 https://gitlab.com/gnutls/gnutls/merge_requests/1092 * 14041d8f...8faa86ab - 12 commits from branch `master` * 5541cb25 - lib/handshake.c: Remove trailing spaces * 27f3ee76 - lib/handshake.c: Check return value of _gnutls_version_max() * ca68fe08 - lib/str.c: Replace sscanf() in _gnutls_buffer_unescape() * 5be82953 - lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry() * 3ce1bb30 - lib/x509/output.c: Remove trailing spaces * 84595a78 - lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey() * 3748ae28 - lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id() * e1a1dd60 - lib/record.c: Remove trailing white space * 183868ce - lib/record.c: Use memmove for overlapping copy * e9ffb549 - lib/cipher.c: Remove trailing white space * 2c9b2030 - cipher: Let _gnutls_auth_cipher_setiv() return int * 26121e92 - lib/x509/x509.c: Remove trailing white space * 8471cc38 - lib/x509/x509.c: Help static analyzers in get_alt_name() -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 11:33:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 09:33:00 +0000 Subject: [gnutls-devel] GnuTLS | session tickets: parse extension during session resumption (!1087) In-Reply-To: References: Message-ID: Merge Request !1087 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1087 Project:Branches: nmav/gnutls:tmp-ext-mandatory to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1087 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 14:55:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 12:55:38 +0000 Subject: [gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1087 (https://gitlab.com/gnutls/gnutls/merge_requests/1087) Issue #841: https://gitlab.com/gnutls/gnutls/issues/841 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 14:55:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 12:55:39 +0000 Subject: [gnutls-devel] GnuTLS | session tickets: parse extension during session resumption (!1087) In-Reply-To: References: Message-ID: Merge Request !1087 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1087 Project:Branches: nmav/gnutls:tmp-ext-mandatory to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1087 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 16:21:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 14:21:01 +0000 Subject: [gnutls-devel] GnuTLS | Marilerr (!1094) In-Reply-To: References: Message-ID: Merge Request !1094 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1094 Project:Branches: marilerr/gnutls:marilerr to gnutls/gnutls:master Author: Mohd Hafizi Khiruddin Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 18:01:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 16:01:09 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_228905953 > > while (pos < dest->length) { > if (dest->data[pos] == '%') { > - char b[3]; > - unsigned int u; > unsigned char x; > > - b[0] = dest->data[pos + 1]; > - b[1] = dest->data[pos + 2]; > - b[2] = 0; > - > - sscanf(b, "%02x", &u); > - > - x = u; > + hex_decode((char *) dest->data + pos + 1, 2, &x, 1); LGTM, but this function is not tested in our test suite so it makes me uneasy changing it. An simple way would be to export and introduce a unit test for the unescape function, or to modify `tpmtool_test.sh` to include escaped files. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_228905953 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 18:04:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 16:04:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/x509/output.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_228907559 > gnutls_datum_t san = { NULL, 0 }, oid = {NULL, 0}; > gnutls_x509_aia_t aia; > unsigned int san_type; > - > + LGTM, though I'd merge all the trailing spaces patches together. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_228907559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 18:10:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 16:10:26 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_228911231 > (int) _mbuffer_get_udata_size(decrypted)); > > /* store the last valid sequence number. We don't use that internally but > - * callers of gnutls_record_get_state() could take advantage of it. */ > - memcpy(&record_state->sequence_number, packet_sequence, 8); > + * callers of gnutls_record_get_state() could take advantage of it. > + * > + * Coverity issue 1454647 suggest to use memmove() here instead of memcpy(). > + */ > + memmove(&record_state->sequence_number, packet_sequence, 8); I do not see why is memmove being needed here. This is the DTLS case in which different buffers are being used. What if we introduce an assert for buffer difference instead? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_228911231 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 18:13:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 16:13:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/x509/x509.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_228916249 > goto cleanup; > } > > - if (othername_oid && type == GNUTLS_SAN_OTHERNAME) { > + /* ooid.data is only set if type == GNUTLS_SAN_OTHERNAME. > + * We check ooid.data here instead of type to avoid false positives from > + * static analyzers. See Coverity issue #1361513. */ > + if (othername_oid && ooid.data) { Why was the type check removed? The code seems to me that can be called when it shouldn't. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_228916249 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 19:02:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 17:02:44 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * e752df30 - Appropriate read/write mechanism of quic secrets -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 21:25:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 19:25:28 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: removed coverity build [ci skip] (!1095) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1095 Project:Branches: nmav/gnutls:tmp-remove-coverity to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Move the coverity build to: https://gitlab.com/gnutls/coverage/ The coverity run is subject to several restrictions by the service, and thus it is not really useful in the main CI runs as it cannot reasonably be run on MRs or master. As such we simplify the main CI file by moving the coverity to the coverage sub-project and running it weekly. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1095 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 22:00:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 20:00:00 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: removed coverity build [ci skip] (!1095) In-Reply-To: References: Message-ID: Merge Request !1095 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1095 Project:Branches: nmav/gnutls:tmp-remove-coverity to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1095 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 10 22:53:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 10 Oct 2019 20:53:25 +0000 Subject: [gnutls-devel] build-images | gitlab: use docker-fedora30 for Fedora30 image (!23) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/build-images/merge_requests/23 Project:Branches: GostCrypt/build-images:master to gnutls/build-images:master Author: Dmitry Eremin-Solenikov Fix a c&p error which caused f30 image to use fedora 29. Signed-off-by: Dmitry Eremin-Solenikov -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/23 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 08:29:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 06:29:35 +0000 Subject: [gnutls-devel] build-images | update base images (!23) In-Reply-To: References: Message-ID: Merge Request !23 was merged Merge Request url: https://gitlab.com/gnutls/build-images/merge_requests/23 Project:Branches: GostCrypt/build-images:master to gnutls/build-images:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/23 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 09:19:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 07:19:31 +0000 Subject: [gnutls-devel] build-images | update base images (!23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Merged it and started a run at master: https://gitlab.com/gnutls/gnutls/pipelines/88136444 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/23#note_229149108 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 14:47:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 12:47:32 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: removed coverity build [ci skip] (!1095) In-Reply-To: References: Message-ID: Merge Request !1095 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1095 Project:Branches: nmav/gnutls:tmp-remove-coverity to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1095 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 14:50:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 12:50:45 +0000 Subject: [gnutls-devel] GnuTLS | updated to libopts 5.18.16 (!1096) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1096 Project:Branches: nmav/gnutls:tmp-update-libopts to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos This fixes compilation in Fedora 30 which ships with this version of autogen. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1096 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 14:55:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 12:55:15 +0000 Subject: [gnutls-devel] GnuTLS | automate coverity checks (#574) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Completed this by adding automated coverity builds in coverage sub-project. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/574#note_229329298 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 14:55:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 12:55:15 +0000 Subject: [gnutls-devel] GnuTLS | automate coverity checks (#574) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #574: https://gitlab.com/gnutls/gnutls/issues/574 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/574 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 16:03:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 14:03:37 +0000 Subject: [gnutls-devel] GnuTLS | updated to libopts 5.18.16 (!1096) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1096 https://gitlab.com/gnutls/gnutls/merge_requests/1096 * 5bb1966f - tests: global-init-override do not run in windows -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1096 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 20:20:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 18:20:09 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229506717 > (int) _mbuffer_get_udata_size(decrypted)); > > /* store the last valid sequence number. We don't use that internally but > - * callers of gnutls_record_get_state() could take advantage of it. */ > - memcpy(&record_state->sequence_number, packet_sequence, 8); > + * callers of gnutls_record_get_state() could take advantage of it. > + * > + * Coverity issue 1454647 suggest to use memmove() here instead of memcpy(). > + */ > + memmove(&record_state->sequence_number, packet_sequence, 8); memmove and memcpy are using the same implementations when the code doesn't overlap. So there is just an extra check in memove. Some people even think it's safer to *always* use memmove instead of memcpy. But i'll have an extra look *why* Coverity thinks that both regions *might* overlap. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229506717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 20:55:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 18:55:08 +0000 Subject: [gnutls-devel] GnuTLS | updated to libopts 5.18.16 (!1096) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1096 https://gitlab.com/gnutls/gnutls/merge_requests/1096 * b152117d - tests: include config.h in rawpk-api.c * 0d1391d1 - configure: ignore some attribute related warnings -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1096 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 21:12:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 19:12:40 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/x509/x509.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229519797 > goto cleanup; > } > > - if (othername_oid && type == GNUTLS_SAN_OTHERNAME) { > + /* ooid.data is only set if type == GNUTLS_SAN_OTHERNAME. > + * We check ooid.data here instead of type to avoid false positives from > + * static analyzers. See Coverity issue #1361513. */ > + if (othername_oid && ooid.data) { ooid.data is only set under certain conditions in gnutls_subject_alt_names_get(). So I think (and Coverity also does) that checking ooid.data instead of type == GNUTLS_SAN_OTHERNAME is the better approach. Of course, we can check both if that makes reading and understanding easier. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229519797 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 11 21:12:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 11 Oct 2019 19:12:56 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen pushed new commits to merge request !1092 https://gitlab.com/gnutls/gnutls/merge_requests/1092 * afa6e340...d32fcf53 - 4 commits from branch `master` * 13a7ea1d - Remove trailing spaces in several files * d0aab913 - lib/handshake.c: Check return value of _gnutls_version_max() * 49604eb3 - lib/str.c: Replace sscanf() in _gnutls_buffer_unescape() * a781015b - lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry() * b3873650 - lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey() * 8c5fc8e7 - lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id() * fd14f930 - lib/record.c: Use memmove for overlapping copy * a9a4d707 - cipher: Let _gnutls_auth_cipher_setiv() return int * 44ac361a - lib/x509/x509.c: Help static analyzers in get_alt_name() -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 09:36:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 07:36:10 +0000 Subject: [gnutls-devel] GnuTLS | WIP: fix compilation in fedora30 (!1096) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Marking it as WIP since there are few other issues that need to be addressed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1096#note_229597173 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 09:38:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 07:38:38 +0000 Subject: [gnutls-devel] build-images | update base images (!23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: It seems that this change made the CI to fail. I've tried [to fix some here](https://gitlab.com/gnutls/gnutls/merge_requests/1096), but few others remain and I'll not be able to get back to it soon. @lumag I'd suggest to revert and maybe treat that as a known bug. We can address it by introducing a new image with the real f30, or a new one directly to f31. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/23#note_229597322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 11:20:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 09:20:52 +0000 Subject: [gnutls-devel] build-images | update base images (!23) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: @nmav sure, could you please revert this PR. I'll take a look on Monday. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/23#note_229607553 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 17:35:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 15:35:04 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229640804 > > while (pos < dest->length) { > if (dest->data[pos] == '%') { > - char b[3]; > - unsigned int u; > unsigned char x; > > - b[0] = dest->data[pos + 1]; > - b[1] = dest->data[pos + 2]; > - b[2] = 0; > - > - sscanf(b, "%02x", &u); > - > - x = u; > + hex_decode((char *) dest->data + pos + 1, 2, &x, 1); `hex_decode` is used by `gnutls_hex_decode2` and `gnutls_hex_decode` which are used at several places. The function `_gnutls_buffer_unescape()` itself seems to be suboptimal, under worst circumstances it has a O(n^2) behavior. Technically better would be a `_gnutls_buffer_append_unescape()` which unescapes the input while adding it to the buffer (would fit since there also is `_gnutls_buffer_append_escape()`). I prefer a unit test that tests the corner cases like incomplete/invalid escape sequences. Since that is not much, what existing unit test C file should it go into ? Also the old code adds random bytes if the escape sequence isn't valid (if sscanf() fails). What should we do if the input has e.g. something like `%Z` or `%aZ`. I suggest that we don't touch the sequence in such cases. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229640804 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 18:50:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 16:50:33 +0000 Subject: [gnutls-devel] GnuTLS | Correct size check in _gnutls_buffer_pop_data() ? (#844) References: Message-ID: Tim R?hsen created an issue: https://gitlab.com/gnutls/gnutls/issues/844 Shouldn't it be `if (tdata.data == NULL || tdata.size > req_size) {` ? ``` /* returns data from a string in a constant buffer. Will * fail with GNUTLS_E_PARSING_ERROR, if the string has not enough data. */ int _gnutls_buffer_pop_data(gnutls_buffer_st * str, void *data, size_t req_size) { gnutls_datum_t tdata; _gnutls_buffer_pop_datum(str, &tdata, req_size); fprintf(stderr,"%zu %zu\n", tdata.size, req_size); if (tdata.data == NULL || tdata.size != req_size) { return GNUTLS_E_PARSING_ERROR; } memcpy(data, tdata.data, tdata.size); return 0; } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 19:08:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 17:08:25 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen pushed new commits to merge request !1092 https://gitlab.com/gnutls/gnutls/merge_requests/1092 * af202aac - Fix output size check in _gnutls_buffer_pop_data() * 842fba87 - tests/buffer.c: Add unit test for _gnutls_buffer_unescape() [skip ci] -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 19:09:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 17:09:55 +0000 Subject: [gnutls-devel] GnuTLS | Correct size check in _gnutls_buffer_pop_data() ? (#844) In-Reply-To: References: Message-ID: Tim R?hsen commented: I made a fix in commit af202aac in !1092 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/844#note_229648392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 19:12:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 17:12:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229648567 > > while (pos < dest->length) { > if (dest->data[pos] == '%') { > - char b[3]; > - unsigned int u; > unsigned char x; > > - b[0] = dest->data[pos + 1]; > - b[1] = dest->data[pos + 2]; > - b[2] = 0; > - > - sscanf(b, "%02x", &u); > - > - x = u; > + hex_decode((char *) dest->data + pos + 1, 2, &x, 1); Pushed a unit test for _gnutls_buffer_unescape() which of course fails until we agree on writing `_gnutls_buffer_append_unescape()`. If we don't agree, i have to fix `_gnutls_buffer_unescape()` by other means. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229648567 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 21:08:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 19:08:12 +0000 Subject: [gnutls-devel] libtasn1 | ChangeLog: do not depend on git2cl [ci skip] (!50) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/50 Branches: tmp-git2cl to master Author: Nikos Mavrogiannopoulos This package is not universally available and its value is not that significant to justify it as a dependency. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/50 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 21:09:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 19:09:03 +0000 Subject: [gnutls-devel] build-images | build images: switch to podman for generation (!22) In-Reply-To: References: Message-ID: Merge Request !22 was merged Merge Request url: https://gitlab.com/gnutls/build-images/merge_requests/22 Branches: tmp-rely-on-podman to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/22 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 21:11:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 19:11:01 +0000 Subject: [gnutls-devel] libtasn1 | ChangeLog: do not depend on git2cl [ci skip] (!50) In-Reply-To: References: Message-ID: Tim R?hsen commented: Good thing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/50#note_229664187 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 21:27:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 19:27:05 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229665182 > (int) _mbuffer_get_udata_size(decrypted)); > > /* store the last valid sequence number. We don't use that internally but > - * callers of gnutls_record_get_state() could take advantage of it. */ > - memcpy(&record_state->sequence_number, packet_sequence, 8); > + * callers of gnutls_record_get_state() could take advantage of it. > + * > + * Coverity issue 1454647 suggest to use memmove() here instead of memcpy(). > + */ > + memmove(&record_state->sequence_number, packet_sequence, 8); What is we simply replace the memcpy by ``` record_state->sequence_number = record.sequence; ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229665182 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 22:10:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 20:10:11 +0000 Subject: [gnutls-devel] libtasn1 | ChangeLog: do not depend on git2cl [ci skip] (!50) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Something is wrong and only LGTM is running on the pipeline. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/50#note_229667915 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 23:13:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 21:13:30 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229671343 > > while (pos < dest->length) { > if (dest->data[pos] == '%') { > - char b[3]; > - unsigned int u; > unsigned char x; > > - b[0] = dest->data[pos + 1]; > - b[1] = dest->data[pos + 2]; > - b[2] = 0; > - > - sscanf(b, "%02x", &u); > - > - x = u; > + hex_decode((char *) dest->data + pos + 1, 2, &x, 1); I would not spend much time on improving `_gnutls_buffer_unescape`. It is used on very corner case and improving it will not really improve performance in any noticeable way. I also see limitations of an `append_unescape()` function (e.g., would it work when you append byte by byte?, and other corner cases). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229671343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 23:15:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 21:15:31 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229671444 > (int) _mbuffer_get_udata_size(decrypted)); > > /* store the last valid sequence number. We don't use that internally but > - * callers of gnutls_record_get_state() could take advantage of it. */ > - memcpy(&record_state->sequence_number, packet_sequence, 8); > + * callers of gnutls_record_get_state() could take advantage of it. > + * > + * Coverity issue 1454647 suggest to use memmove() here instead of memcpy(). > + */ > + memmove(&record_state->sequence_number, packet_sequence, 8); Looks simpler indeed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229671444 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 23:18:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 21:18:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/x509/x509.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229671610 > goto cleanup; > } > > - if (othername_oid && type == GNUTLS_SAN_OTHERNAME) { > + /* ooid.data is only set if type == GNUTLS_SAN_OTHERNAME. > + * We check ooid.data here instead of type to avoid false positives from > + * static analyzers. See Coverity issue #1361513. */ > + if (othername_oid && ooid.data) { It may be that you are right, however that's risky code, as you depend on what `gnutls_subject_alt_names_get()` is currently doing internally. A refactor of it, and this unrelated code will break. I think the more conservative and safe we are, the better. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229671610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 23:36:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 21:36:38 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/x509/x509.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229672593 > goto cleanup; > } > > - if (othername_oid && type == GNUTLS_SAN_OTHERNAME) { > + /* ooid.data is only set if type == GNUTLS_SAN_OTHERNAME. > + * We check ooid.data here instead of type to avoid false positives from > + * static analyzers. See Coverity issue #1361513. */ > + if (othername_oid && ooid.data) { I had the same concerns when seeing `type == GNUTLS_SAN_OTHERNAME` :-) So I'll change the code to check for both then. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_229672593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 12 23:39:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 12 Oct 2019 21:39:53 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen pushed new commits to merge request !1092 https://gitlab.com/gnutls/gnutls/merge_requests/1092 * de3fd8ab - Remove trailing spaces in several files * 14b6c794 - lib/handshake.c: Check return value of _gnutls_version_max() * 5689c5b2 - lib/str.c: Replace sscanf() in _gnutls_buffer_unescape() * 311c653e - lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry() * 1ba24ddd - lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey() * 0f1e1792 - lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id() * 5a76e9e9 - lib/record.c: Use assignment instead of memcpy() * e207c0bc - cipher: Let _gnutls_auth_cipher_setiv() return int * 4a6feb42 - lib/x509/x509.c: Help static analyzers in get_alt_name() * d91d7912 - Fix output size check in _gnutls_buffer_pop_data() * 5873bf94 - tests/buffer.c: Add unit test for _gnutls_buffer_unescape() [skip ci] * 0d0b87b2 - Add const to several read-only packet sequence params [skip ci] -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 13 12:27:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 13 Oct 2019 10:27:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen pushed new commits to merge request !1092 https://gitlab.com/gnutls/gnutls/merge_requests/1092 * 4a4a62ad - lib/str.c: Replace sscanf() in _gnutls_buffer_unescape() * 9665dd7c - lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry() * 828f7981 - lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey() * 2a66896e - lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id() * c53e78bc - lib/record.c: Use assignment instead of memcpy() * 971f8114 - cipher: Let _gnutls_auth_cipher_setiv() return int * 21883fcb - lib/x509/x509.c: Check before pointer dereference in get_alt_name() * 469d280c - Fix output size check in _gnutls_buffer_pop_data() * daa73638 - tests/buffer.c: Add unit test for _gnutls_buffer_unescape() [skip ci] * 23ac654e - Add const to several read-only packet sequence params [skip ci] -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 13 12:27:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 13 Oct 2019 10:27:59 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: All discussions on Merge Request !1092 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/1092 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 13 16:04:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 13 Oct 2019 14:04:01 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Reassigned Merge Request 917 https://gitlab.com/gnutls/gnutls/merge_requests/917 Assignee changed from Nikos Mavrogiannopoulos to Ander Juaristi -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 14 20:05:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 14 Oct 2019 18:05:04 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/buffer.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230216566 > +/* > + * Copyright (C) 2016 Red Hat, Inc. > + * > + * Author: Nikos Mavrogiannopoulos I think that this line + copyright is incorrect. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230216566 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 14 20:06:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 14 Oct 2019 18:06:37 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/buffer.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230217008 > + _gnutls_buffer_init(&str); > + > + ret = _gnutls_buffer_append_data(&str, t->input, strlen(t->input)); > + if (ret < 0) > + fail("_gnutls_buffer_append_str: %s\n", gnutls_strerror(ret)); > + > + ret = _gnutls_buffer_unescape(&str); > + if (ret < 0) > + fail("_gnutls_buffer_unescape: %s\n", gnutls_strerror(ret)); > + > + ret = _gnutls_buffer_append_data(&str, "", 1); > + if (ret < 0) > + fail("_gnutls_buffer_append_data: %s\n", gnutls_strerror(ret)); > + > + /* using malloc() instead of stack memory for better buffer overflow detection */ > + output = gnutls_malloc(strlen(t->output) + 1); what about an assert or some other check of the malloc value? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230217008 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 14 20:07:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 14 Oct 2019 18:07:11 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/buffer.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230217208 > + * GnuTLS is free software; you can redistribute it and/or modify it > + * under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 3 of the License, or > + * (at your option) any later version. > + * > + * GnuTLS is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with GnuTLS; if not, write to the Free Software Foundation, > + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA > + */ > + > +/* Parts copied from GnuTLS example programs. */ That line is probably unnecessary -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230217208 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 14 20:11:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 14 Oct 2019 18:11:36 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230218330 > gnutls_datum_t tdata; > > _gnutls_buffer_pop_datum(str, &tdata, req_size); > - if (tdata.data == NULL || tdata.size != req_size) { > + if (tdata.data == NULL || tdata.size > req_size) { Hmmm, that is tricky. This function has no way to return the size of the data, nor it is expected to. It is all or nothing, so the existing limitation seems reasonable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230218330 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 14 20:14:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 14 Oct 2019 18:14:12 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/buffer.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230219071 > + ret = _gnutls_buffer_append_data(&str, t->input, strlen(t->input)); > + if (ret < 0) > + fail("_gnutls_buffer_append_str: %s\n", gnutls_strerror(ret)); > + > + ret = _gnutls_buffer_unescape(&str); > + if (ret < 0) > + fail("_gnutls_buffer_unescape: %s\n", gnutls_strerror(ret)); > + > + ret = _gnutls_buffer_append_data(&str, "", 1); > + if (ret < 0) > + fail("_gnutls_buffer_append_data: %s\n", gnutls_strerror(ret)); > + > + /* using malloc() instead of stack memory for better buffer overflow detection */ > + output = gnutls_malloc(strlen(t->output) + 1); > + > + ret = _gnutls_buffer_pop_data(&str, output, strlen(t->output) + 1); maybe buffer_pop_datum is more flexible for use here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230219071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 14 20:15:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 14 Oct 2019 18:15:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230219751 > gnutls_datum_t tdata; > > _gnutls_buffer_pop_datum(str, &tdata, req_size); > - if (tdata.data == NULL || tdata.size != req_size) { > + if (tdata.data == NULL || tdata.size > req_size) { Maybe documenting the existing behavior more clearly is better solution than this fix. The existing users of this function rely on the previous behavior. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230219751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 14 21:10:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 14 Oct 2019 19:10:25 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230235690 > gnutls_datum_t tdata; > > _gnutls_buffer_pop_datum(str, &tdata, req_size); > - if (tdata.data == NULL || tdata.size != req_size) { > + if (tdata.data == NULL || tdata.size > req_size) { I understand. But `tdata.size != req_size` is really not practical since you need to know the exact size in advance, else the function fails. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230235690 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 12:04:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 10:04:12 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230552272 > gnutls_datum_t tdata; > > _gnutls_buffer_pop_datum(str, &tdata, req_size); > - if (tdata.data == NULL || tdata.size != req_size) { > + if (tdata.data == NULL || tdata.size > req_size) { You can know the size in advance (when used internally in gnutls); it is part of the structure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230552272 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 12:07:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 10:07:32 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/str.c: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230554687 > gnutls_datum_t tdata; > > _gnutls_buffer_pop_datum(str, &tdata, req_size); > - if (tdata.data == NULL || tdata.size != req_size) { > + if (tdata.data == NULL || tdata.size > req_size) { btw. what this function does, if you ask 2 bytes, it will always give you two bytes. If the struct has 4 bytes, that's fine, it will still give you two bytes (because of the pop_datum call). It will fail when the structure did not have enough data stored (e.g., asked for 2 while it has only 1). You can see how it is used in practice in `hello_retry.c` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230554687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 14:52:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 12:52:17 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen pushed new commits to merge request !1092 https://gitlab.com/gnutls/gnutls/merge_requests/1092 * d6ee45fe - tests/buffer.c: Add unit test for _gnutls_buffer_unescape() * e3584fbf - Add const to several read-only packet sequence params -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 14:54:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 12:54:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: All discussions on Merge Request !1092 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/1092 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 14:54:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 12:54:28 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Tim R?hsen commented: Thanks for review ! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_230648525 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 17:10:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 15:10:42 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * 7be4aca6 - NULL check: Make sure gnutls_secret_hook_func callback never returns NULL -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 17:22:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 15:22:12 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * 43812a24 - Added tests for Record layer seperation API for QUIC -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 22:31:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 20:31:19 +0000 Subject: [gnutls-devel] GnuTLS | prf: add GOST R 34.11-94 and Streebog PRF support (!1088) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1088 https://gitlab.com/gnutls/gnutls/merge_requests/1088 * 3dc548c7 - prf: add Streebog (GOST R 34.11-2012) PRF support -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1088 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 23:11:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 21:11:41 +0000 Subject: [gnutls-devel] GnuTLS | GOST key exchange support (!1097) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1097 Project:Branches: GostCrypt/gnutls:gost-split-2 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add support for GOST VKO key exchange for GOST TLS ciphersuites. Unfortunately there are no tests for GOST VKO as a part of this PR. You can check tests as a part of main GOST CNT support MR(!920). I see no easy way to check KX when ciphersuites are not merged. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1097 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 23:21:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 21:21:03 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1098 Project:Branches: GostCrypt/gnutls:tls-continuous-mac to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add support for a special TLS MAC mode, where it is calculated over all messages sent over the link. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 15 23:22:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 15 Oct 2019 21:22:19 +0000 Subject: [gnutls-devel] GnuTLS | Allow using implicit IV for stream ciphers with TLS (!1099) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1099 Project:Branches: GostCrypt/gnutls:stream-iv to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 16 02:48:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 16 Oct 2019 00:48:51 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli writes to stdout and lacks a quiet mode (#845) References: Message-ID: Bj?rn Jacke created an issue: https://gitlab.com/gnutls/gnutls/issues/845 it would be nice if gnutls-cli could be used as a tls client, that does not spit in extra informationon stdout. The stdout information maked it unusable for connect commands of other applications. For example it could be used by the "plugin" parameter of fetchmail or by the -e option of rsync if stdin/stdout would be clean of extra info output. openssl allows to be very quite if it's called like "openssl s_client -quiet -verify_quiet". It would be great if gnutls-cli can also get a quiet mode for this purpose. In addition to that: the tls connection information that is currently outputted when a TLS connection is being made goes to stdout. It might generally make more sense to move that information to stderr, so that gnutls-cli can be used as a connect client as written above and still output helpful information without poisoning the std output channel. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/845 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 16 15:57:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 16 Oct 2019 13:57:29 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * eef2efb5 - Updated secret_hook_func in tests/quic.c -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 16 16:27:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 16 Oct 2019 14:27:35 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1086 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_231306381 > + * This configures the read and write secrets for the given encryption level. > + */ > +void gnutls_set_secret_hook_function(gnutls_session_t session, gnutls_secret_hook_func set_encrytion); perhaps this was my suggestion, but I would rename this function to `gnutls_session_set_secret_hook_function`, as suggested in CONTRIBUTING.md: https://gitlab.com/gnutls/gnutls/blob/master/CONTRIBUTING.md#function-names -- Daiki Ueno started a new discussion on lib/ext/pre_shared_key.c: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_231306388 > { > - int ret; > + int ret, retval; can't you simply reuse `ret` everywhere? -- Daiki Ueno started a new discussion on lib/handshake-tls13.c: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_231306394 > + if (retval < 0) > + return gnutls_assert_val(retval); > + I think this part is not necessary anymore, as we don't hook in this function. -- Daiki Ueno started a new discussion on lib/quic-api.c: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_231306397 > +#include > + > +void gnutls_set_secret_hook_function(gnutls_session_t session, gnutls_secret_hook_func func) { since this is an API function, add gdoc style comment explaining the function here: https://gitlab.com/gnutls/gnutls/blob/master/CONTRIBUTING.md#api-documentation -- Daiki Ueno started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_231306399 > + */ > +int gnutls_is_quic(gnutls_session_t); > + these functions are not implemented so far and shall be added in separate MRs. I suggest removing these declarations for now. -- Daiki Ueno started a new discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_231306401 > > if (stage == STAGE_UPD_OURS || stage == STAGE_UPD_PEERS) > return _tls13_update_keys(session, stage, If you want to handle key update, I think you need to call secret_hook in `_tls13_update_keys`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 16 16:33:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 16 Oct 2019 14:33:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for doing this. I think this is a good start. There are still some code that needs polishing as I commented, but overall the approach looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_231312247 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 11:58:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 09:58:28 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * eb94b8d2...d32fcf53 - 102 commits from branch `master` * 27f9b8d8 - Initial function for setting secret exchange. * 907ced8e - Hook _gnutls_call_secret_hook_func into the codebase * 5b05eb17 - Removed hard-coded EPOCH handling * b819a4a6 - Fixup! ret value mixup and remove unwanted quic enum defined * 15bb3370 - Appropriate read/write mechanism of quic secrets * 5ca67c45 - NULL check: Make sure gnutls_secret_hook_func callback never returns NULL * 92e4b88e - Added tests for Record layer seperation API for QUIC * ba61f2bb - Updated secret_hook_func in tests/quic.c -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:07:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:07:40 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Merge Request !1092 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1092 Branches: tmp-fix-coverity to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:07:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:07:43 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Merge Request !1092 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1092 Branches: tmp-fix-coverity to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:07:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:07:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you, great work! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092#note_231857333 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:07:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:07:59 +0000 Subject: [gnutls-devel] GnuTLS | Fix coverity in lib/ (!1092) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.11 (Oct 1, 2019?Dec 1, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/25 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:09:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:09:13 +0000 Subject: [gnutls-devel] GnuTLS | prf: add Streebog PRF support (!1088) In-Reply-To: References: Message-ID: Merge Request !1088 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1088 Project:Branches: GostCrypt/gnutls:gost-prf to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1088 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:09:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:09:17 +0000 Subject: [gnutls-devel] GnuTLS | prf: add Streebog PRF support (!1088) In-Reply-To: References: Message-ID: Merge Request !1088 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1088 Project:Branches: GostCrypt/gnutls:gost-prf to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1088 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:14:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:14:17 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231865834 > session->security_parameters.cs = cs; > params->cipher = cipher_algo; > params->mac = mac_algo; > +#ifdef ENABLE_GOST > + params->continuous_mac = cs->flags & GNUTLS_CIPHER_SUITE_CONTINUOUS_MAC; Is that option necessary, since cs is part of this structure? I mean, can the user of that info check cs? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231865834 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:15:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:15:11 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231867320 > bool no_rekey; /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */ > } cipher_entry_st; > > +#define GNUTLS_CIPHER_SUITE_CONTINUOUS_MAC 1 What about `GNUTLS_CS_FLAG_CONTINUOUS_MAC`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231867320 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:16:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:16:44 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231870282 > bool no_rekey; /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */ > } cipher_entry_st; > > +#define GNUTLS_CIPHER_SUITE_CONTINUOUS_MAC 1 However, if we introduce flags, the bools look deprecated already. Should we move everything to flags (maybe in a different commit but in this MR)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231870282 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:19:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:19:31 +0000 Subject: [gnutls-devel] GnuTLS | Allow using implicit IV for stream ciphers with TLS (!1099) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1099#note_231875124 > if (_gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) > iv = &_iv; > } > + if (_gnutls_cipher_type(params->cipher) == CIPHER_STREAM && LGTM, however it follows the opposite logic of the previous check. Should we reverse it, and also add a comment that this is in order to enforce the GOST cipher requirements? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1099#note_231875124 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:47:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:47:53 +0000 Subject: [gnutls-devel] GnuTLS | Allow using implicit IV for stream ciphers with TLS (!1099) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1099 https://gitlab.com/gnutls/gnutls/merge_requests/1099 * ee60c89a - Allow using implicit IV for stream ciphers with TLS -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:48:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:48:21 +0000 Subject: [gnutls-devel] GnuTLS | Allow using implicit IV for stream ciphers with TLS (!1099) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1099#note_231899971 > if (_gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) > iv = &_iv; > } > + if (_gnutls_cipher_type(params->cipher) == CIPHER_STREAM && Rewrote previous check. Does this look better? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1099#note_231899971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:52:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:52:07 +0000 Subject: [gnutls-devel] GnuTLS | Allow using implicit IV for stream ciphers with TLS (!1099) In-Reply-To: References: Message-ID: Merge Request !1099 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1099 Project:Branches: GostCrypt/gnutls:stream-iv to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:52:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:52:20 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231902748 > session->security_parameters.cs = cs; > params->cipher = cipher_algo; > params->mac = mac_algo; > +#ifdef ENABLE_GOST > + params->continuous_mac = cs->flags & GNUTLS_CIPHER_SUITE_CONTINUOUS_MAC; It is used in `_gnutls_init_record_state()`, where there is no session (and thus no way to get `cs`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231902748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:52:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:52:22 +0000 Subject: [gnutls-devel] GnuTLS | Allow using implicit IV for stream ciphers with TLS (!1099) In-Reply-To: References: Message-ID: All discussions on Merge Request !1099 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1099 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:52:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:52:22 +0000 Subject: [gnutls-devel] GnuTLS | Allow using implicit IV for stream ciphers with TLS (!1099) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1099#note_231902768 > if (_gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) > iv = &_iv; > } > + if (_gnutls_cipher_type(params->cipher) == CIPHER_STREAM && Yes, LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1099#note_231902768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 15:54:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 13:54:56 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231904392 > bool no_rekey; /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */ > } cipher_entry_st; > > +#define GNUTLS_CIPHER_SUITE_CONTINUOUS_MAC 1 Do you mean bools (well, single bit flags) in `auth_cipher_hd_st`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231904392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 16:31:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 14:31:07 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231935003 > bool no_rekey; /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */ > } cipher_entry_st; > > +#define GNUTLS_CIPHER_SUITE_CONTINUOUS_MAC 1 I meant the bools in cipher_entry_st, `xor_nonce`, `only_aead` and `no_rekey`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231935003 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 16:31:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 14:31:33 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231935602 > session->security_parameters.cs = cs; > params->cipher = cipher_algo; > params->mac = mac_algo; > +#ifdef ENABLE_GOST > + params->continuous_mac = cs->flags & GNUTLS_CIPHER_SUITE_CONTINUOUS_MAC; Ok, then it makes sense. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_231935602 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 17 18:55:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 17 Oct 2019 16:55:35 +0000 Subject: [gnutls-devel] GnuTLS | Allow using implicit IV for stream ciphers with TLS (!1099) In-Reply-To: References: Message-ID: Merge Request !1099 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1099 Project:Branches: GostCrypt/gnutls:stream-iv to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 18 09:14:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 18 Oct 2019 07:14:33 +0000 Subject: [gnutls-devel] build-images | .gitlab-ci.yml: use buildah/buildah image (!24) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/build-images/merge_requests/24 Branches: tmp-buildah-image to master Author: Nikos Mavrogiannopoulos Signed-off-by: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/24 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 18 12:04:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 18 Oct 2019 10:04:52 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * 0370442c - Rebase fixup -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 18 12:19:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 18 Oct 2019 10:19:38 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1098 https://gitlab.com/gnutls/gnutls/merge_requests/1098 * 1984da3a - Support GOST cipher suite MAC calculation * 8754f033 - cipher: replace several bools with single flags instance -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 18 12:19:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 18 Oct 2019 10:19:51 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_232387429 > bool no_rekey; /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */ > } cipher_entry_st; > > +#define GNUTLS_CIPHER_SUITE_CONTINUOUS_MAC 1 done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_232387429 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 18 12:26:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 18 Oct 2019 10:26:20 +0000 Subject: [gnutls-devel] GnuTLS | src: fix noreturn-related warning (!1100) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1100 Project:Branches: GostCrypt/gnutls:fix-noreturn to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Fix noreturn-related warning with recent autogen. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 18 14:05:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 18 Oct 2019 12:05:02 +0000 Subject: [gnutls-devel] GnuTLS | lib: pubkey vs TLS signature compatibility for GOST algorithms (!1101) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1101 Project:Branches: GostCrypt/gnutls:key-compat to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 18 15:05:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 18 Oct 2019 13:05:24 +0000 Subject: [gnutls-devel] GnuTLS | src: fix noreturn-related warning (!1100) In-Reply-To: References: Message-ID: Merge Request !1100 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1100 Project:Branches: GostCrypt/gnutls:fix-noreturn to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 18 16:17:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 18 Oct 2019 14:17:24 +0000 Subject: [gnutls-devel] GnuTLS | src: fix noreturn-related warning (!1100) In-Reply-To: References: Message-ID: Merge Request !1100 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1100 Project:Branches: GostCrypt/gnutls:fix-noreturn to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 19 15:15:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 19 Oct 2019 13:15:43 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * 5711daec - Minor Fixup * 215b2127 - Hook the secret function during the TLS1.3 key update as well -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 19 15:17:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 19 Oct 2019 13:17:02 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: All discussions on Merge Request !1086 were resolved by Aniketh Girish https://gitlab.com/gnutls/gnutls/merge_requests/1086 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 19 15:17:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 19 Oct 2019 13:17:42 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish commented on a discussion on lib/quic-api.c: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_232844446 > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +/* This file contains TLS API for QUIC protocol related types, prototypes and includes. > + */ > + > +#include "gnutls_int.h" > +#include "quic.h" > +#include > + > +void gnutls_set_secret_hook_function(gnutls_session_t session, gnutls_secret_hook_func func) { I have added the documentation, let me know if it doesn't sound meaningful enough. If not, let me iterate through it once again. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_232844446 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 19 15:20:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 19 Oct 2019 13:20:46 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_232844729 Thanks a lot for the review and helping me out :). I have pushed in the changes that were mentioned by you - please do let me know if you think there needs to be much more changes needed for this patchset. Also, I have called the hook function while we are updating the tls1.3 keys. Since we aren't doing a `gnutls_session_key_update` within the tests that we wrote, I don't think the hook will be called yet. So how should we plan to write the tests for it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086#note_232844729 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 19 15:26:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 19 Oct 2019 13:26:47 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * de3fd8ab...c6b6f313 - 18 commits from branch `master` * 0ac1b00a - Initial function for setting secret exchange. * feeb8ca2 - Hook _gnutls_call_secret_hook_func into the codebase * 5488e231 - Removed hard-coded EPOCH handling * 82ec42a9 - Fixup! ret value mixup and remove unwanted quic enum defined * 56f57b33 - Appropriate read/write mechanism of quic secrets * 3686ca33 - NULL check: Make sure gnutls_secret_hook_func callback never returns NULL * a73d3fb1 - Added tests for Record layer seperation API for QUIC * 8e86f9e3 - Updated secret_hook_func in tests/quic.c * e3b62adb - Rebase fixup * 9cbd84cb - Minor Fixup * 9d473baa - Hook the secret function during the TLS1.3 key update as well -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 19 19:25:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 19 Oct 2019 17:25:54 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Ander Juaristi commented on a discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_232875770 > + **/ > +void > +gnutls_psk_set_server_credentials_function2(gnutls_psk_server_credentials_t cred, > + gnutls_psk_server_credentials_function2 func) > { > cred->pwd_callback = func; > + cred->pwd_callback_legacy = NULL; > +} > + > +static int call_client_callback_legacy(gnutls_session_t session, > + gnutls_datum_t *username, > + gnutls_datum_t *key) > +{ > + int ret; > + char *user_p; > + gnutls_psk_client_credentials_t cred = The `cred` pointer is dereferenced below, in [line 371](https://gitlab.com/gnutls/gnutls/blob/ajuaristi-issue-586/lib/psk.c#L371): ``` ret = cred->get_function_legacy(session, &user_p, key); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_232875770 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 20 17:59:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 20 Oct 2019 15:59:58 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1102 Project:Branches: GostCrypt/gnutls:remove-guint64 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 20 19:47:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 20 Oct 2019 17:47:09 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/dtls.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_232986569 > if (ret < 0) > return; > > - params->write.sequence_number.i[7] = prestate->record_seq; > + params->write.sequence_number = prestate->record_seq; Isn't the semantics here a bit different now ? The old code effectively uses `prestate->record_seq & 0xFF`... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_232986569 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 20 19:47:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 20 Oct 2019 17:47:32 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-serv and gnutls-client fail with "Detected downgrade to TLS 1.2 from TLS 1.3" (#837) In-Reply-To: References: Message-ID: Peter Wu commented: It appears that developers can mess up their implementations and hard-code the priority string `NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3`, resulting in advertising TLS 1.2, TLS 1.3 in the supported_versions extension, see https://github.com/systemd/systemd/issues/13528 I cannot think of a secure use case where you want to support both TLS 1.2 and 1.3, but prefer TLS 1.2. And clearly, GnuTLS cannot handle spec-compliant servers that end up agreeing TLS 1.2 and send a downgrade signal (see the previous systemd issue). So what about always advertising TLS 1.3 before 1.2, regardless of the priority string? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/837#note_232986603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 20 19:48:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 20 Oct 2019 17:48:02 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Tim R?hsen commented: Else LGTM, nice work ! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_232986657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 20 20:05:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 20 Oct 2019 18:05:12 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/dtls.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_232988184 > if (ret < 0) > return; > > - params->write.sequence_number.i[7] = prestate->record_seq; > + params->write.sequence_number = prestate->record_seq; Indeed it is. However it should not matter for the typical uses cases. I was not sure about this change. So let's @nmav judge. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_232988184 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 20 20:38:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 20 Oct 2019 18:38:57 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1098 https://gitlab.com/gnutls/gnutls/merge_requests/1098 * 344e76ae - cipher: replace several bools with single flags instance -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 20 21:05:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 20 Oct 2019 19:05:53 +0000 Subject: [gnutls-devel] GnuTLS | Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !920 https://gitlab.com/gnutls/gnutls/merge_requests/920 * afa6e340...c6b6f313 - 24 commits from branch `master` * 656907d0 - Support GOST cipher suite MAC calculation * cc038ca3 - cipher: replace several bools with single flags instance * a26b77b1 - nettle/gost: provide GOST keywrapping support * beb3b5b7 - nettle/gost: add support for GOST VKO algorithm * 9142912a - _gnutls_pk_derive: add argument for nonce * 09d30884 - nettle: add support for GOST key derivation * 419fb973 - Support GOST certificate request values * d64dc662 - Add GOST key transport support * f73c1049 - groups: add function to return group by curve * c572f679 - Add support for VKO GOST key exchange * 6ac3609a - Add GOST cipher suites * 1e4fe0aa - Declare groups corresponding to GOST curves * cc1f0a34 - Add GOST values to cipher suites priorities * 8bf39784 - tests: add tests for KX-GOST-VKO using different key variants * a87a71cd - lib: fix group selection in case of GOST cipher suites * 989da99c - tests: added testcases for ciphersuite/KX negotiation with VKO-GOST * e4ba20ef - lib: pubkey vs TLS signature compatibility for GOST algorithms * 570b9726 - cli-debug: include GOST VKO into KX list * 994f8af3 - priority: add GROUP-GOST-ALL keyword * e3e8bebc - ecc: define curve->group relationship * d785cdee - ext/signature: use GOST signatures for GOST ciphersiuites * d100acf8 - Swap TLS signatures in case we are signing them with GOST keys * e82fdca5 - gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests * c62ff588 - tls13-server-kx-neg: add test for GOST-enabled server and client * 1d5e088c - Add check for gost curves in nettle -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 21 11:21:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 21 Oct 2019 09:21:20 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: I'm going to think about converting `continuous_mac` to `mac_entry_st` flag. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_233167806 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 21 13:18:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 21 Oct 2019 11:18:26 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1098 https://gitlab.com/gnutls/gnutls/merge_requests/1098 * de3fd8ab...c6b6f313 - 18 commits from branch `master` * 9e6d3075 - cipher: replace several bools with single flags instance * e40be9f3 - lib/mac: change preimage_insecure to be a flag * f986d6b2 - Support GOST cipher suite MAC calculation * e6a20abe - mac: mark GOST28147-TC26Z-IMIT as using CONTINUOUS_MAC -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 21 13:25:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 21 Oct 2019 11:25:24 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1098 https://gitlab.com/gnutls/gnutls/merge_requests/1098 * 67342275 - mac: change preimage_insecure to be a flag * 7ad36379 - Support GOST cipher suite MAC calculation * 01942d35 - mac: mark GOST28147-TC26Z-IMIT as using CONTINUOUS_MAC -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 21 14:16:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 21 Oct 2019 12:16:12 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_233265800 Done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098#note_233265800 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 21 18:07:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 21 Oct 2019 16:07:46 +0000 Subject: [gnutls-devel] GnuTLS | Split CertVerify code. Switch sign_entry_st to use flags (!1103) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1103 Project:Branches: GostCrypt/gnutls:new-crt-vrfy to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov No functional changes, just code refactoring: - Split TLS 1.0/1.1 CertVerify signing/verification code from main functions - Change `tls13_ok` to become a flag, rather than full-featured field. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 21 22:51:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 21 Oct 2019 20:51:04 +0000 Subject: [gnutls-devel] GnuTLS | Split CertVerify code. Switch sign_entry_st to use flags (!1103) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1103 https://gitlab.com/gnutls/gnutls/merge_requests/1103 * 3f4470b1 - sign: convert tls13_ok to flags field -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 22 09:12:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 22 Oct 2019 07:12:34 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/dtls.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_233669871 > if (ret < 0) > return; > > - params->write.sequence_number.i[7] = prestate->record_seq; > + params->write.sequence_number = prestate->record_seq; @rockdaboot @nmav on a second thought, should we preserve epoch here? IOW: ```c params->write.sequence_number = (params->write.sequence_number & UINT64_C(0xffff000000000000) | (prestate->record_seq & 0xff); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_233669871 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 11:10:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 09:10:38 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/dtls.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_234341248 > if (ret < 0) > return; > > - params->write.sequence_number.i[7] = prestate->record_seq; > + params->write.sequence_number = prestate->record_seq; I do not remember the intention, however I can speculate that because the prestate will be a small number this assignment is done that way, to save unnecessary assignments. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_234341248 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 11:14:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 09:14:28 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Merge Request !1098 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1098 Project:Branches: GostCrypt/gnutls:tls-continuous-mac to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 11:20:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 09:20:34 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/dtls.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_234347471 > if (ret < 0) > return; > > - params->write.sequence_number.i[7] = prestate->record_seq; > + params->write.sequence_number = prestate->record_seq; So, which variant would you prefer? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_234347471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 11:22:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 09:22:49 +0000 Subject: [gnutls-devel] GnuTLS | Split CertVerify code. Switch sign_entry_st to use flags (!1103) In-Reply-To: References: Message-ID: Merge Request !1103 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1103 Project:Branches: GostCrypt/gnutls:new-crt-vrfy to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 11:30:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 09:30:14 +0000 Subject: [gnutls-devel] GnuTLS | lib: pubkey vs TLS signature compatibility for GOST algorithms (!1101) In-Reply-To: References: Message-ID: Merge Request !1101 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1101 Project:Branches: GostCrypt/gnutls:key-compat to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 11:34:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 09:34:51 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/dtls.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_234358387 > if (ret < 0) > return; > > - params->write.sequence_number.i[7] = prestate->record_seq; > + params->write.sequence_number = prestate->record_seq; I think the original version was simple enough. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_234358387 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 13:38:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 11:38:05 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/dtls.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_234431746 > if (ret < 0) > return; > > - params->write.sequence_number.i[7] = prestate->record_seq; > + params->write.sequence_number = prestate->record_seq; Fine with me, I'll leave this part as is. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_234431746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 13:38:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 11:38:06 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: All discussions on Merge Request !1102 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1102 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 14:22:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 12:22:30 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: All discussions on Merge Request !1098 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1098 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 14:22:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 12:22:58 +0000 Subject: [gnutls-devel] GnuTLS | lib: pubkey vs TLS signature compatibility for GOST algorithms (!1101) In-Reply-To: References: Message-ID: Merge Request !1101 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1101 Project:Branches: GostCrypt/gnutls:key-compat to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 17:05:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 15:05:00 +0000 Subject: [gnutls-devel] GnuTLS | Split CertVerify code. Switch sign_entry_st to use flags (!1103) In-Reply-To: References: Message-ID: Merge Request !1103 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1103 Project:Branches: GostCrypt/gnutls:new-crt-vrfy to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 17:05:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 15:05:42 +0000 Subject: [gnutls-devel] GnuTLS | RFC: support CertificateVerify messages for GOST suites (!1104) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1104 Project:Branches: GostCrypt/gnutls:new-crt-vrfy2 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov This is and RFC of an implementation to reverse signature byte order in GOST CertificateVerify messages. I this approach looks sensible, I'll add proper testsuite to cover this new flag. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1104 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 17:31:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 15:31:06 +0000 Subject: [gnutls-devel] GnuTLS | Support GOST cipher suite MAC calculation (!1098) In-Reply-To: References: Message-ID: Merge Request !1098 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1098 Project:Branches: GostCrypt/gnutls:tls-continuous-mac to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 20:02:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 18:02:32 +0000 Subject: [gnutls-devel] GnuTLS | RFC Alternative CertificateVerify approach (!1105) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1105 Project:Branches: GostCrypt/gnutls:new-crt-vrfy3 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov This is an alternative to !1104. It is less invasive. And second patch is only required to support pre-IANA-assigment TLS 1.0/1.1 ciphersuites. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1105 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 22:37:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 20:37:15 +0000 Subject: [gnutls-devel] GnuTLS | Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !920 https://gitlab.com/gnutls/gnutls/merge_requests/920 * 975e1e81...e4a7db34 - 10 commits from branch `master` * 5ecf82b6 - nettle/gost: provide GOST keywrapping support * 82bc1899 - nettle/gost: add support for GOST VKO algorithm * 7437cadb - _gnutls_pk_derive: add argument for nonce * 6b6e8a41 - nettle: add support for GOST key derivation * fcb026f3 - Add GOST key transport support * 10aec3e7 - Declare groups corresponding to GOST curves * 7cc03917 - ecc: define curve->group relationship * 78ce86e9 - groups: add function to return group by curve * f1d60284 - Add support for VKO GOST key exchange * fd97c398 - Support GOST certificate request values * 7a5ebe4f - Swap TLS signatures in case we are signing them with GOST keys * 5349dd6d - Add GOST cipher suites * c4cccfa6 - Add GOST values to cipher suites priorities * d1149cb7 - tests: add tests for KX-GOST-VKO using different key variants * eb7af990 - lib: fix group selection in case of GOST cipher suites * 9e940325 - tests: added testcases for ciphersuite/KX negotiation with VKO-GOST * ba1d7663 - cli-debug: include GOST VKO into KX list * c9e67e72 - priority: add GROUP-GOST-ALL keyword * 03c0ead2 - ext/signature: use GOST signatures for GOST ciphersiuites * 3af14686 - gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests * 13223fd1 - tls13-server-kx-neg: add test for GOST-enabled server and client * 3e6567f7 - Add check for gost curves in nettle -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 23 22:39:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 23 Oct 2019 20:39:01 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: don't send extension if all extensions are disabled (!1106) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1106 Project:Branches: GostCrypt/gnutls:ext-record-size to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1106 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 15:57:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 13:57:23 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk_passwd.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_235087461 > + unsigned i; > + gnutls_datum_t hexline, hex_username = { NULL, 0 }; > + > + /* move to first ':' */ > + i = 0; > + while ((i < line_size) && (line[i] != '\0') > + && (line[i] != ':')) { > + i++; > + } > + > + if (line[0] == '#') { > + hexline.data = (void *) &line[1]; > + hexline.size = i - 1; > + > + if ((retval = gnutls_hex_decode2(&hexline, &hex_username)) < 0) > + return gnutls_assert_val(retval); Shouldn't zero be returned here? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_235087461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:10:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:10:51 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/ext/pre_shared_key.h: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_235095755 > inline static > unsigned _gnutls_have_psk_credentials(const gnutls_psk_client_credentials_t cred, gnutls_session_t session) > { > - if ((cred->get_function || cred->username.data) && session->internals.priorities->have_psk) This change seems to have no effect, and it kind of makes the code inconsistent. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_235095755 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:16:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:16:00 +0000 Subject: [gnutls-devel] GnuTLS | WIP: fix compilation in fedora30 (!1096) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1096 https://gitlab.com/gnutls/gnutls/merge_requests/1096 * de3fd8ab...e4a7db34 - 28 commits from branch `master` * efd686df - updated to libopts 5.18.16 * c0967114 - tests: global-init-override do not run in windows * 6a05cf93 - tests: include config.h in rawpk-api.c * 9aaf8f55 - configure: ignore some attribute related warnings -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1096 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:17:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:17:59 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/buffers.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235101169 > int > _gnutls_record_buffer_get(content_type_t type, > gnutls_session_t session, uint8_t * data, > - size_t length, uint8_t seq[8]) Why this change? I am often using `uint8_t seq[8]` to assist static analysers (or the compiler) in detecting issues in the code. Is there any advantage of the pointer in this case? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235101169 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:21:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:21:55 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/buffers.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235103656 > int > _gnutls_record_buffer_get(content_type_t type, > gnutls_session_t session, uint8_t * data, > - size_t length, uint8_t seq[8]) No, I can revert this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235103656 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:23:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:23:11 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235104416 > /* Increments the sequence value > */ > inline static int > -sequence_increment(gnutls_session_t session, gnutls_uint64 * value) > +sequence_increment(gnutls_session_t session, uint64_t * value) > { > +#if 0 Why this if 0 block? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235104416 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:25:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:25:05 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1102 https://gitlab.com/gnutls/gnutls/merge_requests/1102 * 975e1e81...e4a7db34 - 10 commits from branch `master` * cad80e61 - lib: drop gnutls_uint64 usage as sequence number -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:25:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:25:13 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/buffers.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235105798 > int > _gnutls_record_buffer_get(content_type_t type, > gnutls_session_t session, uint8_t * data, > - size_t length, uint8_t seq[8]) done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235105798 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:25:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:25:19 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: All discussions on Merge Request !1102 were resolved by Dmitry Eremin-Solenikov https://gitlab.com/gnutls/gnutls/merge_requests/1102 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:25:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:25:20 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235105879 > /* Increments the sequence value > */ > inline static int > -sequence_increment(gnutls_session_t session, gnutls_uint64 * value) > +sequence_increment(gnutls_session_t session, uint64_t * value) > { > +#if 0 leftover, dropped -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235105879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:27:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:27:18 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: All discussions on Merge Request !1102 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1102 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:27:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:27:28 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: All discussions on Merge Request !1102 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1102 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:27:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:27:30 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Merge Request !1102 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1102 Project:Branches: GostCrypt/gnutls:remove-guint64 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:27:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:27:39 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you, LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102#note_235107254 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:29:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:29:52 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I do not know why the error in the CI. You may want to merge all the commits to a single one, and use the `make files-update` output as a separate commit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_235108956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:43:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:43:18 +0000 Subject: [gnutls-devel] GnuTLS | Wrong alerts for malformed CertificateVerify messages in TLS 1.2 (#848) References: Message-ID: Hubert Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/issues/848 ## Description of problem: When GnuTLS (e4a7db34259295e) receives a CertificateVerify with algorithms that don't match ones sent in CertificateRequest or which are incorrect (use different hash than indicated), it sends wrong alerts (`handshake_failure` instead of `decrypt_error` or `illegal_parameter`) ## Version of gnutls used: ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) e4a7db34259295e ## How reproducible: Steps to Reproduce: * `doc/credentials/gnutls-http-serv --priority NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+DHE-PSK:+PSK:+SHA384:+SHA256 -p 4433 -d 6` * https://github.com/tomato42/tlsfuzzer/pull/604 * `python scripts/test-ecdsa-in-certificate-verify.py -k /tmp/client-p256/key.pem -c /tmp/client-p256/cert.pem` ## Actual results: ``` ... make sha224+ecdsa signature, advertise it as sha1+ecdsa in CertificateVerify ... Error encountered while processing node (child: ) with last message being: Error while processing Traceback (most recent call last): File "scripts/test-ecdsa-in-certificate-verify.py", line 274, in main runner.run() File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 227, in run node.process(self.state, msg) File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/expect.py", line 1484, in process raise AssertionError(problem_desc) AssertionError: Expected alert description "decrypt_error" does not match received "handshake_failure" ... Test support for ECDSA signatures in CertificateVerify Version: 1 Test end successful: 22 failed: 6 'make sha224+ecdsa signature in CertificateVerify' 'make sha224+ecdsa signature, advertise it as sha1+ecdsa in CertificateVerify' 'make sha224+ecdsa signature, advertise it as sha256+ecdsa in CertificateVerify' 'make sha224+ecdsa signature, advertise it as sha384+ecdsa in CertificateVerify' 'make sha224+ecdsa signature, advertise it as sha512+ecdsa in CertificateVerify' 'md5+ecdsa forced' ``` ## Expected results: ``` Test end successful: 28 failed: 0 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 16:50:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 14:50:27 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * a9d82786 - tests for update_keys -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 17:19:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 15:19:12 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * 3350e30c - Record Layer Seperation: Added secret hook function -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 18:10:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 16:10:33 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: don't send extension if all extensions are disabled (!1106) In-Reply-To: References: Message-ID: Daiki Ueno commented: I fail to see why this particular extension requires the check. Do other extensions need the same check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1106#note_235167105 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 23:10:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 21:10:48 +0000 Subject: [gnutls-devel] GnuTLS | lib: drop gnutls_uint64 usage as sequence number (!1102) In-Reply-To: References: Message-ID: Merge Request !1102 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1102 Project:Branches: GostCrypt/gnutls:remove-guint64 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 24 23:16:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 24 Oct 2019 21:16:31 +0000 Subject: [gnutls-devel] GnuTLS | lib: simplify uint24 handling (!1107) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1107 Project:Branches: GostCrypt/gnutls:remove-uint24 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Rework uint24 numbers handling ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 09:47:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 07:47:09 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/51 Branches: tmp-use-after-free to master Author: Nikos Mavrogiannopoulos This fixes a use after free in the expansion of object identifiers from .asn files. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 11:29:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 09:29:42 +0000 Subject: [gnutls-devel] libtasn1 | ChangeLog: do not depend on git2cl [ci skip] (!50) In-Reply-To: References: Message-ID: Merge Request !50 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/50 Branches: tmp-git2cl to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/50 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 13:00:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 11:00:03 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli writes to stdout and lacks a quiet mode (#845) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Have you seen the `--logfile` option? If you use `gnutls-cli --logfile /dev/null` there is no output on stdout. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/845#note_235603333 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 13:00:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 11:00:59 +0000 Subject: [gnutls-devel] GnuTLS | Correct size check in _gnutls_buffer_pop_data() ? (#844) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Closing as not a bug. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/844#note_235604052 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 13:00:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 11:00:59 +0000 Subject: [gnutls-devel] GnuTLS | Correct size check in _gnutls_buffer_pop_data() ? (#844) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #844: https://gitlab.com/gnutls/gnutls/issues/844 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 13:05:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 11:05:06 +0000 Subject: [gnutls-devel] GnuTLS | Session resumption fails against GCS after a few hours of inactivity (#822) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: That version of gnutls is no longer supported. I haven't checked the details of the issue but there was a resumption issue that was solved recently in 3.6.x. The fix for #841 may (or may not) be relevant in the old version too. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/822#note_235606681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 13:05:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 11:05:31 +0000 Subject: [gnutls-devel] GnuTLS | Session resumption fails against GCS after a few hours of inactivity (#822) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #822: https://gitlab.com/gnutls/gnutls/issues/822 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/822 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 13:07:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 11:07:04 +0000 Subject: [gnutls-devel] GnuTLS | guile bindings not multi-arch safe (#838) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: No idea here. @civodul what do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/838#note_235608313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 13:35:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 11:35:14 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli writes to stdout and lacks a quiet mode (#845) In-Reply-To: References: Message-ID: Bj?rn Jacke commented: thanks Nikos, great - I was really searching for a possibility but the --logfile /dev/null solution is really not easy to spot. :) Maybe the man page can get a hin for that with some buzz words like quiet/silent in there? Shall I propose a man page patch for that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/845#note_235635192 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 13:45:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 11:45:30 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli writes to stdout and lacks a quiet mode (#845) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Yes, certainly! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/845#note_235640241 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 16:21:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 14:21:26 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * 49646396 - Record Layer Seperation: Notify the key (epoch) change -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 16:35:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 14:35:37 +0000 Subject: [gnutls-devel] GnuTLS | provide a callback to intercept TLS messages being sent (#849) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/issues/849 As mentioned in: https://gitlab.com/gnutls/gnutls/issues/826#note_213450784 To send TLS messages in QUIC packets, we need a way to capture the TLS messages being sent. This can be implemented by providing a callback intercepting messages from TLS stack. The API would looks something like: ```c /* content_type_t is currently private */ typedef int (*gnutls_record_write_callback_t)(gnutls_session_t, unsigned epoch, content_type_t, gnutls_datum_t *data); void gnutls_record_set_write_callback(gnutls_session_t, gnutls_record_write_callback_t); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/849 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 16:41:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 14:41:16 +0000 Subject: [gnutls-devel] GnuTLS | provide a function to feed TLS messages from record layer (#850) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/issues/850 As mentioned in: https://gitlab.com/gnutls/gnutls/issues/826#note_213450784 To receive TLS messages from QUIC, we need a way to feed the received the TLS messages to the TLS stack. This can be implemented by providing a function, something like: ```c /* content_type_t is currently private */ int gnutls_record_push_data(gnutls_session_t, unsigned epoch, content_type_t, gnutls_datum_t *data); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 16:45:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 14:45:51 +0000 Subject: [gnutls-devel] GnuTLS | expose HKDF-Expand-Label to API (#851) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/issues/851 As QUIC derives keys to protect packets from TLS secrets using HKDF, `_tls13_derive_secret2` needs to be exported from the API: https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#rfc.section.5.1 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 16:50:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 14:50:41 +0000 Subject: [gnutls-devel] GnuTLS | provide a callback to be notified on secret generation (#852) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/issues/852 As mentioned in: https://gitlab.com/gnutls/gnutls/issues/826#note_213450784 To install packet protection keys from TLS, we need a way to be notified when a new secret is set in TLS. This can be implemented by providing a callback. The API would looks something like: ```c typedef void (*gnutls_secret_hook_func)(gnutls_session_t, unsigned epoch, unsigned incoming, const gnutls_datum_t *secret); void gnutls_session_set_secret_hook_function(gnutls_session_t session, gnutls_secret_hook_func func); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 17:08:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 15:08:23 +0000 Subject: [gnutls-devel] GnuTLS | provide a callback to be notified on secret generation (#852) In-Reply-To: References: Message-ID: Aniketh Girish commented: @dueno Thanks for marking all the tasks as seperate issues :). Btw, for this, isn't this what we did in !1086 ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/852#note_235765997 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 17:18:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 15:18:04 +0000 Subject: [gnutls-devel] GnuTLS | provide a callback to be notified on secret generation (#852) In-Reply-To: References: Message-ID: Daiki Ueno commented: Yes, this can be closed by !1086. You can add "Fixes #852" there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/852#note_235770493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 17:34:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 15:34:32 +0000 Subject: [gnutls-devel] GnuTLS | provide a callback to be notified on secret generation (#852) In-Reply-To: References: Message-ID: Aniketh Girish commented: Thanks :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/852#note_235777884 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 17:35:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 15:35:34 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API: Notify the key (epoch) change (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * ebb36228 - Record Layer Seperation: Notify the key (epoch) change -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 17:35:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 15:35:53 +0000 Subject: [gnutls-devel] GnuTLS | doc: describe how to make gnutls-cli quiet for pipe usage (!1108) References: Message-ID: Bj?rn Jacke created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1108 Project:Branches: bjacke/gnutls:logfile-doc-improvement to gnutls/gnutls:master Author: Bj?rn Jacke this documentation improvement is for https://gitlab.com/gnutls/gnutls/issues/845 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1108 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 17:36:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 15:36:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli writes to stdout and lacks a quiet mode (#845) In-Reply-To: References: Message-ID: Bj?rn Jacke commented: see https://gitlab.com/gnutls/gnutls/merge_requests/1108 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/845#note_235778941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 17:46:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 15:46:32 +0000 Subject: [gnutls-devel] GnuTLS | expose HKDF-Expand-Label to API (#851) In-Reply-To: References: Message-ID: Aniketh Girish commented: I was planning to write an API which would act as a wrapper around `_tls13_derive_secret2` and something similar to any other HKDF related functions. Is that approach good enough or there is something better in your mind? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/851#note_235783225 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 18:00:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 16:00:57 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API: Notify the key (epoch) change (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * 5f6b6555 - Fix typo in gnutls_db_set_cache_expiration() docs * 945df8c5 - guile: Update the list of certificate status values. * 0245f015 - Implemented client rawpk fuzzer. * 2c0097ca - Implemented server rawpk fuzzer. * a909bbbb - Added initial corpora for rawpk client and server fuzzers. * dff197ea - gnutls-cli-debug: fix early break for no version supported check * 56508ec5 - priority: fix loop which removes systemwide disabled KX algos * 582586f9 - gnutls_int.h: make DECR_LEN neutral to signedness * 60011458 - lib/*: remove unnecessary cast to ssize_t * 9105cbc1 - tests: added interoperability test with gnutls 2.12.x * fb99ef3d - _gnutls_epoch_set_keys: do not forbid random padding in TLS1.x CBC ciphersuites * 55d72ede - tests: check interoperability testing with gnutls 2.12.x and SHA256 * f0fc049b - tlsfuzzer: enable atypical padding check * 9321a37a - maint: Include Guile's M4 macros. * a356ff2a - .gitlab-ci.yml: doc-dist.Fedora: Pass "GUILE", "GUILD", and "guile_snarf" to 'configure'. * 17996005 - .gitlab-ci.yml: minimal.Fedora.x86_64: Pass '--disable-guile' the 2nd time as well. * 778ad3ac - .gitlab-ci.yml: export guile related envvars for doc-dist.Fedora * 3d605b22 - .gitlab-ci.yml: bump configure cache version * cd103f29 - doc: Run guile with '-q'. * 8dc04c3d - guile: Add support for Guile 3.0. * 236d6072 - pkcs11-mock: updated license based on upstream project [ci skip] * da7032a2 - nettle: use nettle_get_secpp* consistently * b65a5c84 - tests: mini-alignment moved to modern nettle API * 1e542874 - tests: cipher-alignment: ensure cipher registration * 9af6c0ba - _gnutls_io_check_recv: added newline to error message * e79f105d - gnutls_session_get_data2: fix operation without a timeout callback * 716fc838 - ext/supported_versions: reorder client precedence if necessary * f428fede - gnutls_ocsp_status_request_is_checked: added tests in client side * 0502f3a2 - tests: added server-side verification test * 5affd646 - tests: added server side OCSP check * 50cbbf74 - Updates in OCSP status response related documentation * 7db1f4c2 - tests: add verbose logging to server-kx-neg tests * 5ec943c1 - x509: add support for Russian extensions defined for qualified certificate * f222e7a5 - nettle: provide GOST 28147-89 CNT mode support * 785926c8 - nettle: provide GOST 28147-89 IMIT MAC support * a78f8f47 - crypto-selftests: add CNT and IMIT self tests * ee33947b - NEWS: document previous changes [ci skip] * 97780b2f - certtool: ensure that PKCS#8 file does not contain key description * 5d3fbb3a - Regenerate asm files with -fPIC * fa62d585 - .gitlab-ci.yml: run pic-check on i686-linux-gnu to catch wrong assembly * 6f0fd2eb - bumped versions * 2350547d - cipher-alignment: migrate LDADD/CFLAGS after rename * 2bfda472 - lib/algorithms: add AID values assigned by IANA * 9f44a7d3 - nettle/mac: add missing ifdef * a6e5143f - Implemented raw public key support for gnutls-cli application. * bd93208f - Implemented raw public key support for gnutls-serv application. * a7867802 - Added functional regression tests for rawpk functionality in gnutls-cli and gnutls-serv. * 9ceb25e4 - Updated NEWS to reflect the added raw public-key handling functionality for gnutls-cli/serv tools. * 4f54803e - NEWS: added entry for 3.6.11 * 28729608 - iov: _gnutls_iov_iter_next: return bytes instead of blocks * a4b38c90 - iov: add _gnutls_iov_iter_sync to write back cached data to iov * 1dea6b92 - gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers * 79256ce4 - .gitlab-ci.yml: include an automated coverity build on tags * 5887f0e1 - .gitlab-ci.yml: only run coverity task on 3_6_x tags [ci skip] * 4a9da14e - lib: define more GOST curves * 885112d6 - lib/ecc: add documentation for GOST-related curves * e3c2f72a - nettle/pk: add support for "new" TC26 256 B curve * acedb15e - lib: implement support for updated GOST PublicKeyParameters * 6b983d1f - cert-tests/gost: add certificate with new GOSTParameters struct * 069570e6 - tests: correct gost server certificates * 24c01971 - document limitations of gnutls_record_discard_queued() [ci skip] * 77d7e34a - crq APIs: fix typos [ci skip] * 34089112 - ext/supported_groups: don't consider non-EC groups for EC * d1421694 - tests/psk-file: fix heizenbug in last test * 32759637 - p11tool: print mechanism info in list-mechanisms * d120495c - testpkcs11.sh: test that we output mechanism flags correctly * d0405201 - README.md: document lscpu/util-linux dependency for make check * 044f8bde - session tickets: parse extension during session resumption on client side * 316a48e0 - .gitlab-ci.yml: removed coverity build [ci skip] * 1de00ed1 - Remove trailing spaces in several files * a8aea8f8 - lib/handshake.c: Check return value of _gnutls_version_max() * 9466e8e4 - lib/str.c: Replace sscanf() in _gnutls_buffer_unescape() * 934b5ab8 - lib/auth/srp_passwd.c: Fix NULL dereference in _gnutls_srp_pwd_read_entry() * bc50e543 - lib/x509/output.c: Remove unneeded NULL check in print_crt_pubkey() * eeefc70d - lib/sslv2_compat.c: Check return value of _gnutls_generate_session_id() * 84ddb406 - lib/record.c: Use assignment instead of memcpy() * 5ec76e23 - cipher: Let _gnutls_auth_cipher_setiv() return int * b8106bf6 - lib/x509/x509.c: Check before pointer dereference in get_alt_name() * 33bd5888 - tests/buffer.c: Add unit test for _gnutls_buffer_unescape() * 268000c3 - Add const to several read-only packet sequence params * 1d5f6b9d - prf: add Streebog (GOST R 34.11-2012) PRF support * 859c2d0b - Allow using implicit IV for stream ciphers with TLS * 6929ed38 - src: fix noreturn-related warning * 82d0ab40 - lib: pubkey vs TLS signature compatibility for GOST algorithms * 3a11f3df - tls-sig: split TLS 1.0/1.1 CertificateVerify code * 12603c8a - sign: convert tls13_ok to flags field * bb19fdfa - cipher: replace several bools with single flags instance * cfa7ec3a - mac: change preimage_insecure to be a flag * ef655ed9 - Support GOST cipher suite MAC calculation * 0a1a9988 - mac: mark GOST28147-TC26Z-IMIT as using CONTINUOUS_MAC * 03b9095a - lib: drop gnutls_uint64 usage as sequence number * 8734a806 - Record Layer Seperation: Notify the key (epoch) change -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 18:04:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 16:04:46 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Record layer separation for QUIC TLS API: Notify the key (epoch) change (!1086) In-Reply-To: References: Message-ID: Aniketh Girish pushed new commits to merge request !1086 https://gitlab.com/gnutls/gnutls/merge_requests/1086 * eb94b8d2...25ae05fd - 132 commits from branch `master` * 6a6a535c - Record Layer Seperation: Notify the key (epoch) change -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 19:27:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 17:27:17 +0000 Subject: [gnutls-devel] GnuTLS | slow performance on IBM POWER architecture (#853) References: Message-ID: Bj?rn Jacke created an issue: https://gitlab.com/gnutls/gnutls/issues/853 the AES performance of GnuTLS is quite bad compared to openssl on AIX on POWER. The POWER architecture has AES instruction and they the shipped openssl version makes use of this obviously, here are the aes gcm/ccm benchmark numbers for openssl on AIX 7.1 on a single core POWER9 machine: # openssl speed -elapsed -evp aes-128-ccm ... options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(idx) compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=1.0.2.1100 -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-ccm 230501.53k 931205.48k 3716121.69k 14873766.91k 119393654.10k # openssl speed -elapsed -evp aes-128-gcm options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(idx) compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=1.0.2.1100 -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-gcm 227103.28k 545682.50k 1579801.94k 2419030.70k 2795500.89k The GnuTLS numbers are *magnitudes* lower: # gnutls-cli --benchmark-tls-ciphers Testing throughput in cipher/MAC combinations (payload: 1400 bytes) AES-128-GCM - TLS1.2 7.18 MB/sec AES-128-GCM - TLS1.3 12.57 MB/sec AES-128-CCM - TLS1.2 14.71 MB/sec AES-128-CCM - TLS1.3 14.64 MB/sec CHACHA20-POLY1305 - TLS1.2 17.14 MB/sec CHACHA20-POLY1305 - TLS1.3 16.97 MB/sec AES-128-CBC - TLS1.0 14.48 MB/sec CAMELLIA-128-CBC - TLS1.0 7.94 MB/sec Testing throughput in cipher/MAC combinations (payload: 16384 bytes) AES-128-GCM - TLS1.2 13.30 MB/sec AES-128-GCM - TLS1.3 13.22 MB/sec AES-128-CCM - TLS1.2 15.67 MB/sec AES-128-CCM - TLS1.3 15.61 MB/sec CHACHA20-POLY1305 - TLS1.2 18.59 MB/sec CHACHA20-POLY1305 - TLS1.3 18.47 MB/sec AES-128-CBC - TLS1.0 16.12 MB/sec CAMELLIA-128-CBC - TLS1.0 8.38 MB/sec Would it be possible to get to get the improvements that openssl has also to GnuTLS? IBM might be interested to push that improvement together with Red Hat also for the Linux PPC architecture and the result might be beneficial for Linux and AIX in the end. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 25 20:44:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 25 Oct 2019 18:44:35 +0000 Subject: [gnutls-devel] GnuTLS | doc: describe how to make gnutls-cli quiet for pipe usage (!1108) In-Reply-To: References: Message-ID: Bj?rn Jacke pushed new commits to merge request !1108 https://gitlab.com/gnutls/gnutls/merge_requests/1108 * 6592c807 - doc: describe how to make gnutls-cli quiet for pipe usage -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1108 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 26 18:24:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 26 Oct 2019 16:24:26 +0000 Subject: [gnutls-devel] GnuTLS | Enhance gnutls-cli to request RSA or ECDSA certificate (#855) References: Message-ID: Dilyan Palauzov created an issue: https://gitlab.com/gnutls/gnutls/issues/855 When a server offers several certificates, openssl s_client can request from the server RSA certificate using "-sigalgs 'RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1'" and EC certificate using "-sigalgs 'ECDSA+SHA1:ECDSA+SHA224:ECDSA+SHA384:ECDSA+SHA256:ECDSA+SHA512'". This works for both TLS 1.2 and TLS 1.3. In gnutls-cli 3.6.5 I do not see such fuction. Neither I see in the output of `gnutls-cli -l` anything with PSS. * Enhance gnutls-cli to be able to retrieve from the server the RSA or the EC certificatate, as the further checks, DANE, OCSP are performed towards the returned certificate and one wants to validate all certificates -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/855 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 26 22:05:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 26 Oct 2019 20:05:05 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) References: Message-ID: nia created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1109 Project:Branches: niaa/gnutls:master to gnutls/gnutls:master Author: nia This system call is present on all supported NetBSD versions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 27 00:38:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 26 Oct 2019 22:38:43 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: don't send extension if all extensions are disabled (!1106) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: Hmm. True. Looks like a leftover from `--disable-extensions` support. Interesting enough extended master secret extension also has such checks. I'll submit a MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1106#note_236037357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 27 02:10:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 27 Oct 2019 00:10:26 +0000 Subject: [gnutls-devel] GnuTLS | ecc: fix curve sizes for TC26-256 gost curves (!1110) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1110 Project:Branches: GostCrypt/gnutls:fix-gost-curves to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 27 02:19:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 27 Oct 2019 00:19:49 +0000 Subject: [gnutls-devel] GnuTLS | serv: move closing TABLE tag after actual table end (!1111) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1111 Project:Branches: GostCrypt/gnutls:serv-fix-table to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 27 02:18:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 27 Oct 2019 01:18:58 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: don't send extension if all extensions are disabled (!1106) In-Reply-To: References: Message-ID: Merge Request !1106 was closed by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1106 Project:Branches: GostCrypt/gnutls:ext-record-size to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1106 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 27 16:47:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 27 Oct 2019 15:47:08 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: @niaa could you please change your fork setting to increase CI timeout to 2 hours (see Settings/CICD/General pipelines/Timeout) and rerun failed jobs? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109#note_236102590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 27 21:59:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 27 Oct 2019 20:59:57 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) In-Reply-To: References: Message-ID: nia commented: @lumag done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109#note_236135275 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 28 10:03:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 28 Oct 2019 09:03:18 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_set_secret_hook_function: new function (!1112) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1112 Branches: tmp-secret-hook to tmp-draft-ietf-quic-tls-23 Author: Daiki Ueno This is a continuation of !1086 with minor cleanups. So far, as QUIC is not finalized, let's accumulate the QUIC related changes to `tmp-draft-ietf-quic-tls-draft-23` branch. Fixes #852. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1112 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 08:35:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 07:35:13 +0000 Subject: [gnutls-devel] GnuTLS | serv: move closing TABLE tag after actual table end (!1111) In-Reply-To: References: Message-ID: Merge Request !1111 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1111 Project:Branches: GostCrypt/gnutls:serv-fix-table to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 08:35:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 07:35:16 +0000 Subject: [gnutls-devel] GnuTLS | serv: move closing TABLE tag after actual table end (!1111) In-Reply-To: References: Message-ID: Merge Request !1111 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1111 Project:Branches: GostCrypt/gnutls:serv-fix-table to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 08:35:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 07:35:24 +0000 Subject: [gnutls-devel] GnuTLS | serv: move closing TABLE tag after actual table end (!1111) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1111#note_237032225 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 08:36:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 07:36:05 +0000 Subject: [gnutls-devel] GnuTLS | ecc: fix curve sizes for TC26-256 gost curves (!1110) In-Reply-To: References: Message-ID: Merge Request !1110 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1110 Project:Branches: GostCrypt/gnutls:fix-gost-curves to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 12:49:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 11:49:05 +0000 Subject: [gnutls-devel] GnuTLS | doc: describe how to make gnutls-cli quiet for pipe usage (!1108) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: LGTM. You may need to increase the CI timeout for it to succeed. The checklist had instructions how to do so, but it should be something like Settings -> CI/CD -> timeout to 2hours in your repo copy (and retry the failed jobs). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1108#note_237205349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 12:58:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 11:58:56 +0000 Subject: [gnutls-devel] GnuTLS | slow performance on IBM POWER architecture (#853) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Currently we use [cryptogams implementation](https://github.com/dot-asm/cryptogams) from openssl for assembly optimizations for x86, x86-64 and aarch64. It would be _relatively_ easy to bring another implementation for it, however setting up the (CI) testing environment may be more tricky. If someone would like to try: - The gnutls assembler files are placed in `lib/accelerated/ARCH/[elf]`; a new architecture is registered in `lib/accelerated/accelerated.c`. - They require a thin layer "linking" nettle with assembly; that is in `lib/accelerated/ARCH/. - The assembler files themselves are auto-generated using rules in `cfg.mk`; you can do that using `make asm-sources` - The testing of non-x86 architectures is done via qemu; images are created in https://gitlab.com/gnutls/build-images/tree/master/docker-debian-cross and `.gitlab-ci.yml` in main repo has individual tests It using the aarch64 as base it should not be too hard to bring power architecture as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/853#note_237210680 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 13:32:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 12:32:49 +0000 Subject: [gnutls-devel] GnuTLS | lib: simplify uint24 handling (!1107) In-Reply-To: References: Message-ID: Merge Request !1107 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1107 Project:Branches: GostCrypt/gnutls:remove-uint24 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 13:41:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 12:41:40 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_set_secret_hook_function: new function (!1112) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1112#note_237259181 > ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_ckey, iv_size, iv_block); > if (ret < 0) > return gnutls_assert_val(ret); > + In the similar `gnutls_handshake_hook_func` the callback can determine when this was called (i.e., in that case, at which handshake message). Do we want something similar here? Would it have value for the callback to say that it is only checking the server handshake traffic secret vs the early exporter? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1112#note_237259181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 14:07:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 13:07:16 +0000 Subject: [gnutls-devel] GnuTLS | ecc: fix curve sizes for TC26-256 gost curves (!1110) In-Reply-To: References: Message-ID: Merge Request !1110 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1110 Project:Branches: GostCrypt/gnutls:fix-gost-curves to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 14:17:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 13:17:53 +0000 Subject: [gnutls-devel] GnuTLS | expose HKDF-Expand-Label to API (#851) In-Reply-To: References: Message-ID: Daiki Ueno commented: This may be better implemented as #813. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/851#note_237287921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 14:39:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 13:39:34 +0000 Subject: [gnutls-devel] GnuTLS | Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !920 https://gitlab.com/gnutls/gnutls/merge_requests/920 * cad80e61...ce855734 - 6 commits from branch `master` * 65f4f013 - nettle/gost: provide GOST keywrapping support * 487f5141 - nettle/gost: add support for GOST VKO algorithm * a1c6e164 - _gnutls_pk_derive: add argument for nonce * 56310ed1 - nettle: add support for GOST key derivation * d3245b16 - Add GOST key transport support * 3b11868b - Declare groups corresponding to GOST curves * d11edaae - ecc: define curve->group relationship * d9e78360 - groups: add function to return group by curve * 1dcb25e0 - Add support for VKO GOST key exchange * 6301632f - Support GOST certificate request values * 336e2db4 - Swap TLS signatures in case we are signing them with GOST keys * e8bcabb6 - Add GOST cipher suites * d2c6e019 - Add GOST values to cipher suites priorities * 3080d4c4 - tests: add tests for KX-GOST-VKO using different key variants * e55309d5 - lib: fix group selection in case of GOST cipher suites * e5da91d1 - tests: added testcases for ciphersuite/KX negotiation with VKO-GOST * 0ece7a43 - cli-debug: include GOST VKO into KX list * 8d4b5d4a - priority: add GROUP-GOST-ALL keyword * 6ee70cd3 - ext/signature: use GOST signatures for GOST ciphersiuites * a65c7ee1 - gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests * e3e632f0 - tls13-server-kx-neg: add test for GOST-enabled server and client * 3e99c39b - Add check for gost curves in nettle -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 21:20:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 20:20:44 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109#note_237531037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 21:20:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 20:20:56 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) In-Reply-To: References: Message-ID: Merge Request !1109 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1109 Project:Branches: niaa/gnutls:master to gnutls/gnutls:master Author: nia Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 21:52:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 20:52:10 +0000 Subject: [gnutls-devel] build-images | added fedora31 image (!25) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/build-images/merge_requests/25 Branches: tmp-add-f31 to master Author: Nikos Mavrogiannopoulos Signed-off-by: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/25 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 21:56:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 20:56:12 +0000 Subject: [gnutls-devel] build-images | .gitlab-ci.yml: use buildah/buildah image (!24) In-Reply-To: References: Message-ID: Merge Request !24 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/build-images/merge_requests/24 Branches: tmp-buildah-image to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/24 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 29 23:10:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 29 Oct 2019 22:10:29 +0000 Subject: [gnutls-devel] build-images | added fedora31 image (!25) In-Reply-To: References: Message-ID: Merge Request !25 was merged Merge Request url: https://gitlab.com/gnutls/build-images/merge_requests/25 Branches: tmp-add-f31 to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/25 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 08:48:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 07:48:10 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @rockdaboot would you like to check it? Also do you think it is time for a release with all the changes for fuzzers? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_237675769 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 08:49:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 07:49:26 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Should we close this as not applicable? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_237676194 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 08:50:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 07:50:19 +0000 Subject: [gnutls-devel] libtasn1 | GitLab config: Job 'x86' is retried in case of failures (#23) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #23: https://gitlab.com/gnutls/libtasn1/issues/23 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/23 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 08:50:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 07:50:54 +0000 Subject: [gnutls-devel] libtasn1 | GitLab config: Job 'x86' is retried in case of failures (#23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I am closing it, as spam. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/23#note_237676812 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 09:49:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 08:49:24 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Tim R?hsen commented: I now can also reproduce on Debian unstable - gcc 9.2.1 - valgrind 3.15.0 - glibc 2.29 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_237708069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 09:50:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 08:50:31 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Tim R?hsen commented: ``` ==15173== Command: ./Test_choice ==15173== ==15173== Conditional jump or move depends on uninitialised value(s) ==15173== at 0x1092C0: main (Test_choice.c:122) ==15173== Uninitialised value was created by a stack allocation ==15173== at 0x1090F0: main (Test_choice.c:28) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_237708587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 10:39:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 09:39:51 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Tim R?hsen commented: Valgrind doens't complain when built with -O0, the assembler (L122/strcmp starts at the arrow): ``` 0x00005555555554f8 <+803>: mov $0x76,%esi 0x00005555555554fd <+808>: lea 0xb14(%rip),%rdi # 0x555555556018 0x0000555555555504 <+815>: mov $0x0,%eax 0x0000555555555509 <+820>: callq 0x555555555060 0x000055555555550e <+825>: mov $0x1,%edi 0x0000555555555513 <+830>: callq 0x5555555550b0 => 0x0000555555555518 <+835>: lea -0x4b0(%rbp),%rax 0x000055555555551f <+842>: lea 0xb4c(%rip),%rsi # 0x555555556072 0x0000555555555526 <+849>: mov %rax,%rdi 0x0000555555555529 <+852>: callq 0x555555555080 0x000055555555552e <+857>: test %eax,%eax 0x0000555555555530 <+859>: jne 0x555555555552 0x0000555555555532 <+861>: mov $0x7c,%esi 0x0000555555555537 <+866>: lea 0xada(%rip),%rdi # 0x555555556018 ``` In comparison, the code generated by gcc 9 with -O2 (see above) just accesses 16 bytes of stack memory for an optimized version of `strcmp`. So no wonder that valgrind complains, though it is a false positive. To calm down valgrind, we can `*data = 0` before `asn1_read_value()`. This just 'marks' `data` as being initialized. Alternatively, we have to add/create a valgrind suppression. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_237741131 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 10:40:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 09:40:42 +0000 Subject: [gnutls-devel] GnuTLS | Update CI to F31 (!1113) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1113 Project:Branches: nmav/gnutls:tmp-update-ci-to-f31 to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 10:59:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 09:59:06 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: But is that a libtasn1 issue? We can work-around it as you say, but a real fix should be either in gcc or in valgrind. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_237753714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 11:04:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 10:04:12 +0000 Subject: [gnutls-devel] GnuTLS | Update CI to F31 (!1113) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov started a new discussion on configure.ac: https://gitlab.com/gnutls/gnutls/merge_requests/1113#note_237757595 > gl_WARN_ADD([-Wimplicit-fallthrough=2]) > gl_WARN_ADD([-Wabi=11]) > gl_WARN_ADD([-fdiagnostics-show-option]) > + gl_WARN_ADD([-Wno-attributes]) # gcc can warn about unused _Noreturn with no reason I think this should be unnecessary after !1100 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1113#note_237757595 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 11:05:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 10:05:21 +0000 Subject: [gnutls-devel] GnuTLS | Update CI to F31 (!1113) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: LGTM other than the comment above. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1113#note_237758456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 11:25:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 10:25:08 +0000 Subject: [gnutls-devel] GnuTLS | Update CI to F31 (!1113) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thanks; I'll mark it as WIP as I expect many more issues to be present. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1113#note_237769318 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 13:43:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 12:43:57 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Daiki Ueno commented: Given that valgrind developers are aware of this, I would suggest closing it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_237844548 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 13:46:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 12:46:31 +0000 Subject: [gnutls-devel] libtasn1 | GitLab config: Job 'x86' is retried in case of failures (#23) In-Reply-To: References: Message-ID: Sebastian P_ commented: I am sorry to read that you seem to disagree with our report. Just to clarify, this has not been an automated posting. While we used a tool for the detection, we reviewed all identified cases with two people and manually decided which ones to report. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/23#note_237845917 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 14:16:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 13:16:37 +0000 Subject: [gnutls-devel] libtasn1 | GitLab config: Job 'x86' is retried in case of failures (#23) In-Reply-To: References: Message-ID: Tim R?hsen commented: Personally, I agree with you - flaky tests should be avoided. And thus I appreciate your wok on CD-Linter. On the other side, CI runners sometimes experience unexpected slowness while timers still work. These might fail some of the tests that need a certain timing. A `retry: 1` reduces the number of times that deserve manual attention, and that worked out for us in the past. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/23#note_237862819 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 14:27:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 13:27:45 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Tim R?hsen commented: We could check their bug tracker and eventually open a new issue. And after that, we close this issue :-) The first one of us who finds time to check / open at valgrind closes this issue. I possibly have time in the evening. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_237869159 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 15:20:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 14:20:25 +0000 Subject: [gnutls-devel] GnuTLS | lib: simplify uint24 handling (!1107) In-Reply-To: References: Message-ID: Merge Request !1107 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1107 Project:Branches: GostCrypt/gnutls:remove-uint24 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 18:04:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 17:04:16 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Tim R?hsen commented: Reported at https://bugs.kde.org/show_bug.cgi?id=413642 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_238006046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 18:04:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 17:04:17 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #9: https://gitlab.com/gnutls/libtasn1/issues/9 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 18:12:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 17:12:25 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Tim R?hsen commented: @nmav Nikos, I'm so sorry for being so busy with other things - but it looks like it doesn't stop soon. How much work is it to address all the issues at https://oss-fuzz.com/testcases?project=libtasn1&open=yes ? >From what I can say, most issues arise from recursive ASN.1 definitions. Level 1 recursion (A refers B, B refers A) seems to be handled. But deeper recursion seems to be a problem (A refers B, B refers C, C refers A). But this is just a wild guess after doing some tests in summer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238010029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 18:14:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 17:14:20 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Tim R?hsen commented: Sorry, to answer your question: if fixing the issues is possible, we should fix them and then make a release. If that turns out to be hairy, then let's make a new release first. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238011348 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 18:16:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 17:16:49 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238012666 > return p->left; > } > > +static > +unsigned _asn1_is_up (asn1_node_const up_cand, asn1_node_const down) > +{ > + asn1_node_const d,u; space before u -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238012666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 18:17:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 17:17:11 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238012846 > return p->left; > } > > +static > +unsigned _asn1_is_up (asn1_node_const up_cand, asn1_node_const down) > +{ > + asn1_node_const d,u; > + > + if (up_cand == NULL || down == NULL) > + return 0; > + > + d = down; > + > + while ((u=_asn1_find_up(d)) != NULL && u != d) spaces around = -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238012846 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 30 18:18:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 30 Oct 2019 17:18:46 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Merge Request !51 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/51 Branches: tmp-use-after-free to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 08:23:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 07:23:16 +0000 Subject: [gnutls-devel] GnuTLS | Priority Strings documentation - +% doesn't work (#856) References: Message-ID: Philipp Marek created an issue: https://gitlab.com/gnutls/gnutls/issues/856 ## Description of problem: Documentation shows examples like "NORMAL:+ARCFOUR-128" but that doesn't work the same as :+%VERIFY_ALLOW_BROKEN and similar. Yes, the documentation has no single case of ":+%" anywhere ... still, at least for me it looked like a sane assumption ;) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/856 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:17:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:17:09 +0000 Subject: [gnutls-devel] GnuTLS | doc: describe how to make gnutls-cli quiet for pipe usage (!1108) In-Reply-To: References: Message-ID: Bj?rn Jacke commented: okay, CI completed successfully now :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1108#note_238286082 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:47:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:47:23 +0000 Subject: [gnutls-devel] GnuTLS | doc: describe how to make gnutls-cli quiet for pipe usage (!1108) In-Reply-To: References: Message-ID: Merge Request !1108 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1108 Project:Branches: bjacke/gnutls:logfile-doc-improvement to gnutls/gnutls:master Author: Bj?rn Jacke Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1108 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:47:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:47:59 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli writes to stdout and lacks a quiet mode (#845) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1108 (https://gitlab.com/gnutls/gnutls/merge_requests/1108) Issue #845: https://gitlab.com/gnutls/gnutls/issues/845 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/845 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:47:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:47:59 +0000 Subject: [gnutls-devel] GnuTLS | doc: describe how to make gnutls-cli quiet for pipe usage (!1108) In-Reply-To: References: Message-ID: Merge Request !1108 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1108 Project:Branches: bjacke/gnutls:logfile-doc-improvement to gnutls/gnutls:master Author: Bj?rn Jacke Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1108 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:48:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:48:10 +0000 Subject: [gnutls-devel] GnuTLS | doc: describe how to make gnutls-cli quiet for pipe usage (!1108) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1108#note_238303851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:51:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:51:37 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238305676 > return p->left; > } > > +static > +unsigned _asn1_is_up (asn1_node_const up_cand, asn1_node_const down) > +{ > + asn1_node_const d,u; > + > + if (up_cand == NULL || down == NULL) > + return 0; > + > + d = down; > + > + while ((u=_asn1_find_up(d)) != NULL && u != d) Thanks done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238305676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:51:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:51:44 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: All discussions on Merge Request !51 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/libtasn1/merge_requests/51 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:51:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:51:44 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238305744 > return p->left; > } > > +static > +unsigned _asn1_is_up (asn1_node_const up_cand, asn1_node_const down) > +{ > + asn1_node_const d,u; done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238305744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 11:55:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 10:55:34 +0000 Subject: [gnutls-devel] libtasn1 | GitLab config: Job 'x86' is retried in case of failures (#23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I wanted to write an elaborate answer before closing, but gave up and instead wrote spam because it looked like a request massively reported and it was easier to do so. I'd add to Tim's response that we have no control on the infrastructure and at some point several docker or image download problems were causing the CI to fail. That was the reason for the retry introduction. If gitlab had an option for infrastructure failure retry, that would have been a better fit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/23#note_238307735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 12:43:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 11:43:38 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51) In-Reply-To: References: Message-ID: Merge Request !51 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/51 Branches: tmp-use-after-free to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 12:46:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 11:46:46 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: It looks ready for merging, however a NEWS entry would be good to have to announce that change. Would you like to add such an entry in the NEWS file? (something along the description of this MR) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109#note_238335426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 13:49:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 12:49:53 +0000 Subject: [gnutls-devel] GnuTLS | RFC: support CertificateVerify messages for GOST suites (!1104) In-Reply-To: References: Message-ID: Merge Request !1104 was closed by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1104 Project:Branches: GostCrypt/gnutls:new-crt-vrfy2 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1104 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 14:33:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 13:33:29 +0000 Subject: [gnutls-devel] GnuTLS | RFC Alternative CertificateVerify approach (!1105) In-Reply-To: References: Message-ID: Merge Request !1105 was closed by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1105 Project:Branches: GostCrypt/gnutls:new-crt-vrfy3 to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1105 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 14:34:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 13:34:25 +0000 Subject: [gnutls-devel] GnuTLS | tls-sig: reverse bytes in TLS signatures for GOST signatures (!1114) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1114 Project:Branches: GostCrypt/gnutls:crt-vrfy-final to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov GOST TLS suites have one peculiarity: CertificateVerify message uses byte order opposite to the rest of GOST signature usage (BE instead of LE). So, reverse byte order in signatures in TLS code. For now this applies only to TLS 1.2 code. GOST TLS 1.3 ciphersuites will also follow this approach. Legacy TLS 1.0 ciphersuites also had this peculiarity. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1114 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 14:37:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 13:37:47 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Update CI to F31 (!1113) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1113 https://gitlab.com/gnutls/gnutls/merge_requests/1113 * c5a16884 - .gitlab-ci.yml: updated CI environment to F31 * cb5bd417 - .gitlab-ci.yml: bumped cache version -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 15:12:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 14:12:55 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add src/psk2.c using new src/options.c [skip ci] (!1012) In-Reply-To: References: Message-ID: Merge Request !1012 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1012 Branches: tmp-remove-libopts to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1012 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 15:53:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 14:53:07 +0000 Subject: [gnutls-devel] GnuTLS | Update CI to F31 (!1113) In-Reply-To: References: Message-ID: All discussions on Merge Request !1113 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1113 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 16:35:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 15:35:42 +0000 Subject: [gnutls-devel] GnuTLS | Priority Strings documentation - +% doesn't work (#856) In-Reply-To: References: Message-ID: Andreas Metzler commented: Could you expand a little bit on what you tried and what exact results you were expecting and what happened instead? (e.g. *I* would expect `NORMAL:+ARCFOUR-128` to give me the default priorities except that ARCFOUR-128 cipher is *also* available where allowed, i.e. TLS 1.0-1.2) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/856#note_238488253 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 16:54:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 15:54:05 +0000 Subject: [gnutls-devel] GnuTLS | Priority Strings documentation - +% doesn't work (#856) In-Reply-To: References: Message-ID: Philipp Marek commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/856#note_238499942 I've got a (server) certificate that is still using a sha1rsa signature. I need to allow that one. So I tried - `NORMAL:+%VERIFY_ALLOW_BROKEN`, - `NORMAL:+%VERIFY_ALLOW_SIGN_WITH_SHA1`, - `NORMAL:+VERIFY-RSA-SHA1`, - `NORMAL:+VERIFY-RSA-SHA1`, - `NORMAL:+CTYPE-RSA-SHA1`, - `NORMAL:+%VERIFY_ALLOW_BROKEN` all of which were rejected by an error (which the application didn't even report, grrr -- but which I saw via `gdb`). The priority string `NORMAL:+SIGN-RSA-SHA1` was _not_ rejected, but didn't solve my problem (the application did try to connect at least) I also tried `NORMAL:+CTYPE-RSA-SHA1` but didn't log the result. So, it seems that the examples using `:+` and a simple cipher specification made me think that the same syntax is also valid for the special priority strings; I got corrected on IRC, though. (Thanks, rockdaboot[!) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/856#note_238499942 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 18:32:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 17:32:13 +0000 Subject: [gnutls-devel] GnuTLS | Priority Strings documentation - +% doesn't work (#856) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/856#note_238557639 Welcome, lurking here as well ;-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/856#note_238557639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 19:37:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 18:37:08 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) In-Reply-To: References: Message-ID: nia pushed new commits to merge request !1109 https://gitlab.com/gnutls/gnutls/merge_requests/1109 * 0277bdce - Add NEWS entry for the NetBSD KERN_ARND change. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 19:38:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 18:38:31 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) In-Reply-To: References: Message-ID: nia commented: @nmav Added. Not sure what the preferred formatting is for news entries. Previous entries seem to be using a ~90 character line limit, hopefully this is OK. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109#note_238583027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 31 20:54:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 31 Oct 2019 19:54:11 +0000 Subject: [gnutls-devel] GnuTLS | nettle: Support sysctl(KERN_ARND) for random number generation on NetBSD. (!1109) In-Reply-To: References: Message-ID: nia pushed new commits to merge request !1109 https://gitlab.com/gnutls/gnutls/merge_requests/1109 * c7bbf82a - Add NEWS entry for the NetBSD KERN_ARND change. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: