From gnutls-devel at lists.gnutls.org Mon Feb 1 05:10:25 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 04:10:25 +0000 Subject: [gnutls-devel] GnuTLS | Cross-compilation of the Guile bindings (#1137) In-Reply-To: References: Message-ID: GnuTLS bot commented: @unspecd This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1137#note_498083670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 05:10:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 04:10:24 +0000 Subject: [gnutls-devel] GnuTLS | Older Let's Encrypt certificates are not recognized (#1139) In-Reply-To: References: Message-ID: GnuTLS bot commented: @darnir This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1139#note_498083663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 05:10:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 04:10:27 +0000 Subject: [gnutls-devel] GnuTLS | Update predefined priority keywords (#1098) In-Reply-To: References: Message-ID: GnuTLS bot commented: @airtower-luna This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1098#note_498083682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 05:10:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 04:10:24 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1175) References: Message-ID: GnuTLS bot created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1175 The following issues require labels: - [ ] [Older Let's Encrypt certificates are not recognized](https://gitlab.com/gnutls/gnutls/-/issues/1139) - [ ] [Cross-compilation of the Guile bindings](https://gitlab.com/gnutls/gnutls/-/issues/1137) - [ ] [Service Desk (from matt.wette at gmail.com): make check fails w/ libnettle in /opt/local](https://gitlab.com/gnutls/gnutls/-/issues/1134) - [ ] [Name Constraints parsing failure (unsupported othername)](https://gitlab.com/gnutls/gnutls/-/issues/1132) - [ ] [Update predefined priority keywords](https://gitlab.com/gnutls/gnutls/-/issues/1098) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1175 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 19:04:29 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 18:04:29 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1175) In-Reply-To: References: Message-ID: Daiki Ueno commented: Should we stop using this dumb bot, unless we see any value of labeling everything? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1175#note_498794049 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 19:04:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 18:04:30 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1175) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1175: https://gitlab.com/gnutls/gnutls/-/issues/1175 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1175 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 19:05:40 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 18:05:40 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1148) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1148: https://gitlab.com/gnutls/gnutls/-/issues/1148 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1148 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 19:05:57 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 18:05:57 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1141) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1141: https://gitlab.com/gnutls/gnutls/-/issues/1141 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 19:06:11 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 18:06:11 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1133) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1133: https://gitlab.com/gnutls/gnutls/-/issues/1133 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 1 22:13:35 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Feb 2021 21:13:35 +0000 Subject: [gnutls-devel] GnuTLS | `certtool --to-p12` only accepts `--load-privkey` and `--load-certificate` once (#1176) References: Message-ID: Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1176 PKCS12 objects can contain more than one secret key and more than one certificate that might correspond to those secret keys. (for example, a pair of X.509 certificates for S/MIME, one of which is for encryption, and one of which is for signatures) However, `certtool --p12` limits the user to a single `--load-privkey` argument and a single `--load-certificate` argument. The files indicated by those arguments can include multiple objects -- two keys inside a single `--load-privkey two-keys.pem` file, for example, so there is a way to achieve the desired outcome. But it seems like it would also be useful to be able to supply the arguments multiple times to inject more keys (or more certificates) into the PKCS 12 object. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1176 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 2 06:02:06 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Feb 2021 05:02:06 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1104) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1104: https://gitlab.com/gnutls/gnutls/-/issues/1104 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1104 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 2 21:25:47 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Feb 2021 20:25:47 +0000 Subject: [gnutls-devel] libtasn1 | Test_tree and copynode test failures on clang 10+ (#30) In-Reply-To: References: Message-ID: Stefan Weil commented: I have a fix for this and am going to send a pull request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/30#note_499881144 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 2 21:26:51 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Feb 2021 20:26:51 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) References: Message-ID: Stefan Weil created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71 Project:Branches: stweil/libtasn1:fix-for-apple-clang to gnutls/libtasn1:master Author: Stefan Weil -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 2 21:38:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Feb 2021 20:38:10 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Stefan Weil commented: At least two of the three pipeline failures are unrelated to this pull request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_499891131 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 2 22:50:37 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Feb 2021 21:50:37 +0000 Subject: [gnutls-devel] libtasn1 | Test_tree and copynode test failures on clang 10+ (#30) In-Reply-To: References: Message-ID: Roman Bolshakov commented: Thanks @stweil! Just in case, here's a related discussion on the issue: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00382.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/30#note_499930604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 2 22:58:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Feb 2021 21:58:45 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Stefan Weil commented: See also https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00382.html. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_499934512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 00:07:22 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Feb 2021 23:07:22 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Paul Mulders commented: This is quite interesting, I always suspected clang did some unsound optimizations leading to bugs. I'll definitely give this fix a go on vanilla clang -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_499974671 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 07:27:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 06:27:13 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Stefan Weil commented: Code constructs like (NULL + offset) are undefined, so clang may handle that as NULL and ignore the offset. This can also be a security feature to avoid illegal memory access. Try this test program with `-O2`: #include static void f(int offset, const void *p) { if (p != NULL) { printf("NULL+%d => %p\n", offset, p + offset); } else { printf("NULL+%d => NULL\n", offset); } } int main(int argc, char *argv[]) { void *p = NULL; f(argc, p); return 0; } -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500125146 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 07:46:16 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 06:46:16 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Stefan Weil commented: clang may handle the undefined expression (NULL + offset) as NULL. Compile this test program with `-O2` and run it with and without an argument: #include int main(int argc, char *argv[]) { char *p = argv[1] + argc; if (p != NULL) { printf("%p+%d => %p (%c)\n", argv[1], argc, p, *p); } else { printf("%p+%d => NULL\n", argv[1], argc); } return 0; } -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500136125 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 08:00:38 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 07:00:38 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Stefan Weil commented: Vanilla clang does the same. There exist already bug reports for different Linux distributions (#30) and also for FreeBSD. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500142841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 08:03:40 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 07:03:40 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Paul Mulders commented: Yeah, I know, that's actually my original bug report (#30) :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500145492 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 15:34:34 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 14:34:34 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/libtasn1/-/merge_requests/71 was reviewed by Roman Bolshakov -- Roman Bolshakov started a new discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500586351 > int err; > unsigned char *der = ider; > + unsigned char dummy; I don't think if we should play with compliant optimizer. Arithmetic on null pointers is UB. -- Roman Bolshakov started a new discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500586360 > len2 = max_len; > - err = _asn1_object_id_der ((char*)p->value, der + counter, &len2); > + err = _asn1_object_id_der ((char*)p->value, der ? der + counter : &dummy, &len2); Instead we should add `counter` as a separate parameter to `_asn1_object_id_der()` and similar functions below right after `der`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 15:35:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 14:35:50 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Roman Bolshakov started a new discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500587858 > int len_len; > int max_len; > > if (der == NULL) The check becomes redundant with the changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500587858 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 15:59:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 14:59:19 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Stefan Weil commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500615657 > int len_len; > int max_len; > > if (der == NULL) That's right. I added a commit which removes two redundant NULL checks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500615657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 16:03:01 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 15:03:01 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Stefan Weil commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500619189 > goto error; > } > len2 = max_len; > - err = _asn1_object_id_der ((char*)p->value, der + counter, &len2); > + err = _asn1_object_id_der ((char*)p->value, der ? der + counter : &dummy, &len2); That would work, too, but requires more changes in those functions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500619189 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 16:14:39 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 15:14:39 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Roman Bolshakov commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500630454 > goto error; > } > len2 = max_len; > - err = _asn1_object_id_der ((char*)p->value, der + counter, &len2); > + err = _asn1_object_id_der ((char*)p->value, der ? der + counter : &dummy, &len2); Ok, then it's up to the maintainer to decide :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_500630454 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 21:46:29 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 20:46:29 +0000 Subject: [gnutls-devel] libtasn1 | asn1_object_id_der: Fix UB due to null pointer arithmetic (!72) References: Message-ID: Roman Bolshakov created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/72 Project:Branches: roolebo/libtasn1:fix-arithmetic-on-null-pointers to gnutls/libtasn1:master Author: Roman Bolshakov This is an alternative fix for #30. It doesn't introduce a dummy variable. ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/72 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 3 22:44:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Feb 2021 21:44:59 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_NO_EXPLICIT_INIT should be named GNUTLS_NO_IMPLICIT_INIT (#1178) References: Message-ID: Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1178 >From what i can tell, `GNUTLS_NO_EXPLICIT_INIT` actually disables the *implicit* call to `gnutls_global_init`, according to [the documentation of `gnutls_global_init`](https://gnutls.org/manual/gnutls.html#gnutls_005fglobal_005finit). Can GnuTLS rename this to `GNUTLS_NO_IMPLICIT_INIT`? (perhaps it would also be a good idea to check for, accept, and warn about anyone using the older `GNUTLS_NO_EXPLICIT_INIT` variable -- and at the next major release, drop it) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1178 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 09:02:33 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 08:02:33 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_NO_EXPLICIT_INIT should be named GNUTLS_NO_IMPLICIT_INIT (#1178) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for pointing that out; sounds like a plan. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1178#note_501182389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:05:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:05:10 +0000 Subject: [gnutls-devel] GnuTLS | handshake: TLS 1.3: don't generate session ID in resumption mode (!1381) In-Reply-To: References: Message-ID: Reassigned Merge Request 1381 https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 Assignee changed to Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:05:57 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:05:57 +0000 Subject: [gnutls-devel] GnuTLS | tests: enable all tests to run under valgrind (!1383) In-Reply-To: References: Message-ID: Reassigned Merge Request 1383 https://gitlab.com/gnutls/gnutls/-/merge_requests/1383 Assignee changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:07:14 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:07:14 +0000 Subject: [gnutls-devel] GnuTLS | tests: remove hand-written parallelism (!1372) In-Reply-To: References: Message-ID: Reviewer changed to Ivan Nikolchev -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:07:35 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:07:35 +0000 Subject: [gnutls-devel] GnuTLS | tests: enable all tests to run under valgrind (!1383) In-Reply-To: References: Message-ID: Reassigned Merge Request 1383 https://gitlab.com/gnutls/gnutls/-/merge_requests/1383 Assignee changed from Alexander Sosedkin to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:07:43 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:07:43 +0000 Subject: [gnutls-devel] GnuTLS | tests: enable all tests to run under valgrind (!1383) In-Reply-To: References: Message-ID: Reviewer changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:08:09 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:08:09 +0000 Subject: [gnutls-devel] GnuTLS | handshake: TLS 1.3: don't generate session ID in resumption mode (!1381) In-Reply-To: References: Message-ID: Reviewer changed to Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:08:01 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:08:01 +0000 Subject: [gnutls-devel] GnuTLS | handshake: TLS 1.3: don't generate session ID in resumption mode (!1381) In-Reply-To: References: Message-ID: Reassigned Merge Request 1381 https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 Assignee changed from Hubert Kario (@mention me if you need reply) to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:08:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:08:55 +0000 Subject: [gnutls-devel] GnuTLS | safe-memfuncs: rely on explicit_bzero implementation from gnulib (!1382) In-Reply-To: References: Message-ID: Merge Request !1382 was closed by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1382 Project:Branches: dueno/gnutls:wip/dueno/memset to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:08:54 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:08:54 +0000 Subject: [gnutls-devel] GnuTLS | safe-memfuncs: rely on explicit_bzero implementation from gnulib (!1382) In-Reply-To: References: Message-ID: Daiki Ueno commented: Superseded by !1383. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1382#note_501242397 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:09:37 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:09:37 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: include when checking scm_* functions (!1360) In-Reply-To: References: Message-ID: Reviewer changed to civodul -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1360 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:36:20 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:36:20 +0000 Subject: [gnutls-devel] GnuTLS | tests: enable all tests to run under valgrind (!1383) In-Reply-To: References: Message-ID: Daiki Ueno commented: The failing job is presumably a timeout in DTLS retransmit, which I'll try to prolong. By the way I have a feeling that the valgrind job might better be run on the upstream branches only, as it's too resource intensive to run on each MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1383#note_501278245 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 10:42:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 09:42:41 +0000 Subject: [gnutls-devel] libtasn1 | Out-of-bound access in ETYPE_OK (#32) References: Message-ID: David Trabish created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/32 ## Description of problem: The bound check in ETYPE_OK may lead to out-of-bound access. ## Version of libtasn1 used: 4.16.0 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: ``` #include #include #include int main(int argc, char *argv[]) { unsigned int etype = 38; unsigned int str_len = 10; unsigned char *str = malloc(str_len); unsigned int tl_len = 10; unsigned char *tl = malloc(tl_len); asn1_encode_simple_der(etype, str, str_len, tl, &tl_len); return 0; } ``` Steps to Reproduce: * Compile the program with `-fsanitize=address,leak,undefined` * Run ## Actual results: ``` ==23616==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000042e208 at pc 0x000000402854 bp 0x7fffe0995170 sp 0x7fffe0995160 READ of size 8 at 0x00000042e208 thread T0 #0 0x402853 in asn1_encode_simple_der ../../libtasn1-4.16.0/lib/coding.c:218 ``` ## Expected results: The macro should do this check instead: ``` (etype) < _asn1_tags_size ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/32 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 14:28:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 13:28:30 +0000 Subject: [gnutls-devel] GnuTLS | tests: remove hand-written parallelism (!1372) In-Reply-To: References: Message-ID: Ivan Nikolchev commented: I went briefly through all the changes and didn't find anything wrong. I didn't go line by line in the scripts though, from what I understand you are just separating the big scripts into smaller ones. Tell me if you need me to do more thorough review on the scripts and I'll do it. Btw, it seems like I can't mark the review as approved as I'm not in the default approvers group. Anyway, r+. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1372#note_501488445 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 15:03:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 14:03:27 +0000 Subject: [gnutls-devel] GnuTLS | tests: remove hand-written parallelism in testcompat-*openssl tests (#1099) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1372 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1372) Issue #1099: https://gitlab.com/gnutls/gnutls/-/issues/1099 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 15:03:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 14:03:41 +0000 Subject: [gnutls-devel] GnuTLS | tests: remove hand-written parallelism (!1372) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1372#note_501520705 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 4 15:03:28 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Feb 2021 14:03:28 +0000 Subject: [gnutls-devel] GnuTLS | tests: remove hand-written parallelism (!1372) In-Reply-To: References: Message-ID: Merge Request !1372 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1372 Project:Branches: dueno/gnutls:wip/dueno/parallel-openssl to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 5 17:05:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 Feb 2021 16:05:19 +0000 Subject: [gnutls-devel] libtasn1 | fix invalid unsigned arithmetic. (!73) References: Message-ID: ihsinme created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/73 Project:Branches: ihsinme/libtasn1:ihsinme-master-patch-12809 to gnutls/libtasn1:master Author: ihsinme I believe your checks are not correct. in my opinion they are equivalent to checks !=. I suggest a simple fix. only fix! ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/73 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 07:13:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 06:13:04 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS cannot parse the extension Netscape Cert Type (#1159) In-Reply-To: References: Message-ID: Daiki Ueno commented: Do you have any idea how commonly this extension is used? I am aware that NSS generated certs have it though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1159#note_503336394 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 07:14:31 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 06:14:31 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS cannot parse the ext Netscape Comment (#1162) In-Reply-To: References: Message-ID: Daiki Ueno commented: Similarly to #1159, do you have any idea how commonly this extension is used? I am aware that NSS generated certs have it though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1162#note_503336484 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 07:17:09 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 06:17:09 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS cannot parse the extension Policy Constraints (#1157) In-Reply-To: References: Message-ID: Daiki Ueno commented: As we don't have support for policy constraints at all, I'm concerned that this could give a wrong impression if they were printed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1157#note_503336624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 07:22:18 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 06:22:18 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap fails (#1150) In-Reply-To: References: Message-ID: Daiki Ueno commented: This seems strange, as `AC_MSG_ERROR` should be present in the autoconf distribution: https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.70/autoconf.html#AC_005fMSG_005fERROR Would you ensure that your checkout is clean, e.g., removing files not under version controlled with `git clean -xdff` before `./bootstrap`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1150#note_503337313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 15:15:18 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 14:15:18 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS cannot parse the extension Netscape Cert Type (#1159) In-Reply-To: References: Message-ID: Daiki Ueno commented: Also, is there any difference between this issue and #988? Should we close either of them as a duplicate? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1159#note_503419316 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 15:19:51 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 14:19:51 +0000 Subject: [gnutls-devel] GnuTLS | Missing dependency rule in tests/suite/Makefile.am (#921) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #921: https://gitlab.com/gnutls/gnutls/-/issues/921 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 15:19:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 14:19:50 +0000 Subject: [gnutls-devel] GnuTLS | Missing dependency rule in tests/suite/Makefile.am (#921) In-Reply-To: References: Message-ID: Daiki Ueno commented: This seems to be covered by #920, which has been fixed through !1265. Closing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/921#note_503420305 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 15:21:49 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 14:21:49 +0000 Subject: [gnutls-devel] GnuTLS | Merge CI clang UBSAN + ASAN runners (#922) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #922: https://gitlab.com/gnutls/gnutls/-/issues/922 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 15:21:48 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 14:21:48 +0000 Subject: [gnutls-devel] GnuTLS | Merge CI clang UBSAN + ASAN runners (#922) In-Reply-To: References: Message-ID: Daiki Ueno commented: I don't think this is still relevant after the CI pipeline rewrite in !1366. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/922#note_503420639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 18:56:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 17:56:10 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: update from Gnulib (!1384) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384 Project:Branches: dueno/gnutls:wip/dueno/bootstrap to gnutls/gnutls:master Author: Daiki Ueno Might fix #1143. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 18:57:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 17:57:13 +0000 Subject: [gnutls-devel] GnuTLS | build fails at "./bootstrap: getting translations into po/.reference for gnutls..." (#1143) In-Reply-To: References: Message-ID: Daiki Ueno commented: I think the only thing we can do is to update `bootstrap` to the version that libidn2 is using. I'm doing that in !1384 along with some cosmetic fixes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1143#note_503466805 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 7 23:23:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Feb 2021 22:23:04 +0000 Subject: [gnutls-devel] GnuTLS | Doc: Add missing algorithm keywords to priority string table (!1385) References: Message-ID: Dosenpfand created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1385 Project:Branches: Dosenpfand/gnutls:master to gnutls/gnutls:master Author: Dosenpfand Documentation: Add some missing algorithm keywords to priority string table (and remove trailing white spaces). ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [X] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1385 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 08:26:18 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 07:26:18 +0000 Subject: [gnutls-devel] GnuTLS | Doc: Add missing algorithm keywords to priority string table (!1385) In-Reply-To: References: Message-ID: Merge Request !1385 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1385 Project:Branches: Dosenpfand/gnutls:master to gnutls/gnutls:master Author: Dosenpfand Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1385 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 08:27:25 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 07:27:25 +0000 Subject: [gnutls-devel] GnuTLS | Doc: Add missing algorithm keywords to priority string table (!1385) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! Looks like the CI failure is a timeout; could you increase the limit and rerun the job? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1385#note_503674167 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 08:30:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 07:30:30 +0000 Subject: [gnutls-devel] GnuTLS | Speed up or avoid bootstrap in CI runners (#891) In-Reply-To: References: Message-ID: Daiki Ueno commented: @ep69 would you like to take a look perhaps? I suspect this might be straightforward to do with the current staged CI pipelines setup. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/891#note_503676342 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 08:38:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 07:38:59 +0000 Subject: [gnutls-devel] GnuTLS | Run tlsfuzzer against gnutls built with clang asan and ubsan (#741) In-Reply-To: References: Message-ID: Daiki Ueno commented: The UB+ASAN-Werror.Fedora.x86_64.gcc job actually [runs](https://gitlab.com/gnutls/gnutls/-/jobs/1007998953#L6863) tlsfuzzer tests. The only renaming thing is that, as the job name suggests, it's compiled with GCC, not clang. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/741#note_503680858 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 08:40:47 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 07:40:47 +0000 Subject: [gnutls-devel] GnuTLS | Run tlsfuzzer against gnutls built with clang asan and ubsan (#741) In-Reply-To: References: Message-ID: Daiki Ueno commented: @tomato42 would you confirm that it's sufficient or compiling with clang is still a thing? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/741#note_503681644 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 08:42:48 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 07:42:48 +0000 Subject: [gnutls-devel] GnuTLS | tests/memset[01] failing with valgrind on Debian unstable (#708) In-Reply-To: References: Message-ID: Daiki Ueno commented: Those tests are being removed in favor of gnulib provided `explicit_bzero`, in !1383. Otherwise the valgrind run always fails. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/708#note_503682609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 08:48:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 07:48:24 +0000 Subject: [gnutls-devel] GnuTLS | configure --enable-guile is default, but --disable-guile is missing in help output (#577) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks like this is still the case; a simple fix is included in !1384. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/577#note_503685926 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 09:02:02 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 08:02:02 +0000 Subject: [gnutls-devel] GnuTLS | Ensure array allocations overflow safe (#1179) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1179 As mentioned in the [comment](https://gitlab.com/gnutls/gnutls/-/merge_requests/1379#note_493204236), there are several occasions where arrays are allocated with `gnutls_malloc` without proper overflow checks: ```console git grep -E 'gnutls_malloc(\(sizeof\(.*\) *\* *.*\)|\(.* *\* *sizeof\(.*\)) cert-cred-x509.c: pcerts = gnutls_malloc(sizeof(gnutls_pcert_st) * count); cert-cred-x509.c: ccert = gnutls_malloc(sizeof(*ccert)*MAX_PKCS11_CERT_CHA cert-cred-x509.c: pcerts = gnutls_malloc(sizeof(gnutls_pcert_st) * count); cert-cred-x509.c: ccert = gnutls_malloc(sizeof(*ccert)*MAX_PKCS11_CERT_CHA IN); cert-cred-x509.c: pcerts = gnutls_malloc(sizeof(gnutls_pcert_st) * cert_list_size); cert-cred-x509.c: new_list = gnutls_malloc(ca_list_size * sizeof(gnutls_x509_crt_t)); cert-cred-x509.c: gnutls_x509_crl_t *new_crl = gnutls_malloc(crl_list_size * sizeof(gnutls_x509_crl_t)); cert-cred.c: new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size); cert-cred.c: local_certs = gnutls_malloc(sizeof(gnutls_pcert_st) * ncerts); pcert.c: crt = gnutls_malloc((*pcert_list_size) * sizeof(gnutls_x509_crt_t)); pkcs11.c: gnutls_malloc(sizeof(gnutls_buffer_st) * list->key_ids_size); pkcs11.c: ctx = gnutls_malloc(OBJECTS_A_TIME*sizeof(ctx[0])); x509/crl.c: *crls = gnutls_malloc(sizeof(gnutls_x509_crl_t) * init); x509/ocsp.c: *ocsps = gnutls_malloc(1*sizeof(gnutls_ocsp_resp_t)); x509/verify-high2.c: xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size); x509/verify-high2.c: xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size); x509/x509.c: *certs = gnutls_malloc(sizeof(gnutls_x509_crt_t) * init); x509/x509.c: *certs = gnutls_malloc(total*sizeof(gnutls_x509_crt_t)); ``` I assume most of them are for internal use, but it would be nice to replace them with `gnutls_calloc` unless there is any good reason to do the check by ourselves. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1179 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 12:12:29 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 11:12:29 +0000 Subject: [gnutls-devel] GnuTLS | Doc: Add missing algorithm keywords to priority string table (!1385) In-Reply-To: References: Message-ID: Merge Request !1385 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1385 Project:Branches: Dosenpfand/gnutls:master to gnutls/gnutls:master Author: Dosenpfand Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1385 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 15:09:44 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 14:09:44 +0000 Subject: [gnutls-devel] GnuTLS | optional: add support for signature_algorithms_cert extension (#399) In-Reply-To: References: Message-ID: Daiki Ueno commented: This is not trivial, as it also affects the server behavior to select matching certificate chains, though would definitely be a good feature. @FrantisekKrenzelok might be interesting for you perhaps. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/399#note_503966263 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 15:27:33 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 14:27:33 +0000 Subject: [gnutls-devel] GnuTLS | Older Let's Encrypt certificates are not recognized (#1139) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you check with the current git master? I believe it should be fixed now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1139#note_504075440 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 15:27:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 14:27:55 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap fails (#1150) In-Reply-To: References: Message-ID: Matteo Todescato commented: I runned the bootstap every time from a fresh clone of the repo, but i got that error every time -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1150#note_504075739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 15:29:20 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 14:29:20 +0000 Subject: [gnutls-devel] GnuTLS | Cross-compilation of the Guile bindings (#1137) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the report and the patch! @civodul any comments on this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1137#note_504077021 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 18:33:36 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 17:33:36 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap fails (#1150) In-Reply-To: References: Message-ID: Daiki Ueno commented: Are you able to reproduce it with a simpler package using the same infrastructure, such as hello? ```console git clone --depth=1 https://git.sv.gnu.org/git/hello.git cd hello ./bootstrap ... ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1150#note_504275110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 8 20:40:17 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Feb 2021 19:40:17 +0000 Subject: [gnutls-devel] GnuTLS | EPOLL (#1122) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1122: https://gitlab.com/gnutls/gnutls/-/issues/1122 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1122 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 9 14:23:14 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Feb 2021 13:23:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix test error with nettle in non-default location (!1386) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386 Project:Branches: ametzler/gnutls:tmp-tests-missing-nettle-cflags to gnutls/gnutls:master Author: Andreas Metzler Two tests #included gnutls_int.h without -I/path/to/nettle/headers in CPPFLAGS. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 9 14:53:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Feb 2021 13:53:42 +0000 Subject: [gnutls-devel] GnuTLS | Fix test error with nettle in non-default location (!1386) In-Reply-To: References: Message-ID: Daiki Ueno commented: I suppose the issue is that `lib/gnutls_int.h` includes ``, right? Can we move this include to the actual usage (`lib/cipher.c`)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386#note_505107560 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 9 15:34:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Feb 2021 14:34:27 +0000 Subject: [gnutls-devel] GnuTLS | tests/gnutls-cli-debug.sh: don't unset system priority settings (!1387) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1387 Project:Branches: dueno/gnutls:wip/dueno/cli-debug to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1387 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 9 16:01:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Feb 2021 15:01:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix test error with nettle in non-default location (!1386) In-Reply-To: References: Message-ID: Andreas Metzler commented: @dueno wrote: > I suppose the issue is that lib/gnutls_int.h includes , right? Can we move this include to the actual usage (lib/cipher.c)? I think so, yes. - I just mirrored what the other gnutls_int.h including tests did. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386#note_505179872 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 9 18:44:20 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Feb 2021 17:44:20 +0000 Subject: [gnutls-devel] libtasn1 | Cross compilation issue (#28) In-Reply-To: References: Message-ID: Roman Bolshakov commented: I'm not sure if the issue is fixed. I can reproduce if libtasn1 is compiled with -O1. Neither libgnu.a nor c-ctype.o have symbol of `c_isdigit`: ``` $ nm lib/gl/.libs/libgnu.a lib/gl/.libs/libgnu.a(c-ctype.o): 0000000000000000 t ltmp0 lib/gl/.libs/libgnu.a(strverscmp.o): 0000000000000000 T _strverscmp 00000000000000ec s _strverscmp.next_state 00000000000000f8 s _strverscmp.result_type 0000000000000000 t ltmp0 00000000000000ec s ltmp1 0000000000000120 s ltmp2 $ nm lib/gl/c-ctype.o 0000000000000000 t ltmp0 ``` If c-ctype.c is compiled with -E flag we can see that `c_isdigit` is declared as `static __attribute__ ((__unused__))`: ``` static __attribute__ ((__unused__)) _Bool c_isdigit (int c) { switch (c) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': return 1; default: return 0; } } ``` The function is static and compiler doesn't see if it's used so it optimizes it out and that's why the symbol is not available in c-ctype.o. If we look closer how `c_isdigit` is defined we can notice it's defined with `C_CTYPE_INLINE`: ``` C_CTYPE_INLINE bool c_isdigit (int c) { switch (c) { _C_CTYPE_DIGIT: return true; default: return false; } } ``` The symbol is assigned to `_GL_EXTERN_INLINE` in c-ctype.c: ``` #include #define C_CTYPE_INLINE _GL_EXTERN_INLINE #include "c-ctype.h" ``` _GL_EXTERN_INLINE is supposed to be [portable "extern inline"](https://www.gnu.org/software/gnulib/manual/html_node/extern-inline.html) but it doesn't seem to work as intended on modern macOS. I think the issue is caused by incorrect _GL_EXTERN_INLINE definition inside gnulib. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/28#note_505357689 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 10:09:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 09:09:24 +0000 Subject: [gnutls-devel] libtasn1 | Cross compilation issue (#28) In-Reply-To: References: Message-ID: Roman Bolshakov commented: Here's a patch to gnulib: https://lists.gnu.org/archive/html/bug-gnulib/2021-02/msg00043.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/28#note_505812203 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 18:43:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 17:43:27 +0000 Subject: [gnutls-devel] GnuTLS | tests/gnutls-cli-debug.sh: don't unset system priority settings (!1387) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'll go without approval process as this is trivial. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1387#note_506343169 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 18:43:32 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 17:43:32 +0000 Subject: [gnutls-devel] GnuTLS | tests/gnutls-cli-debug.sh: don't unset system priority settings (!1387) In-Reply-To: References: Message-ID: Merge Request !1387 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1387 Project:Branches: dueno/gnutls:wip/dueno/cli-debug to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1387 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 19:10:46 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 18:10:46 +0000 Subject: [gnutls-devel] GnuTLS | handshake: TLS 1.3: don't generate session ID in resumption mode (!1381) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: looks good as of 37e54a05 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381#note_506363698 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 19:10:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 18:10:50 +0000 Subject: [gnutls-devel] GnuTLS | handshake: TLS 1.3: don't generate session ID in resumption mode (!1381) In-Reply-To: References: Message-ID: Merge Request !1381 was approved by Hubert Kario (@mention me if you need reply) Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 Project:Branches: dueno/gnutls:wip/dueno/hrr-resumption to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 19:18:57 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 18:18:57 +0000 Subject: [gnutls-devel] GnuTLS | Run tlsfuzzer against gnutls built with clang asan and ubsan (#741) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: I thought that ubsan and asan were clang specific. Unless there are big differences between the gcc and clang versions of those, I think running with gcc is fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/741#note_506369161 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 20:17:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 19:17:04 +0000 Subject: [gnutls-devel] GnuTLS | handshake: TLS 1.3: don't generate session ID in resumption mode (!1381) In-Reply-To: References: Message-ID: Merge Request !1381 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 Project:Branches: dueno/gnutls:wip/dueno/hrr-resumption to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 20:17:21 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 19:17:21 +0000 Subject: [gnutls-devel] GnuTLS | handshake: TLS 1.3: don't generate session ID in resumption mode (!1381) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1381#note_506404166 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 20:23:44 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 19:23:44 +0000 Subject: [gnutls-devel] GnuTLS | Run tlsfuzzer against gnutls built with clang asan and ubsan (#741) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #741: https://gitlab.com/gnutls/gnutls/-/issues/741 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 10 20:23:43 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Feb 2021 19:23:43 +0000 Subject: [gnutls-devel] GnuTLS | Run tlsfuzzer against gnutls built with clang asan and ubsan (#741) In-Reply-To: References: Message-ID: Daiki Ueno commented: OK, let's close this then; thanks for the confirmation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/741#note_506407045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 11 12:19:58 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Feb 2021 11:19:58 +0000 Subject: [gnutls-devel] GnuTLS | danetool ipv4/ipv6 options (#1180) References: Message-ID: Lasse Brandt Thomsen created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1180 ## Description of the feature: I'm trying to verify DANE for some SMTP servers and want to make sure both ipv4 and ipv6 is valid. Running danetool with `--check` and it connects to the servers over ipv6 to obtain the certificate. But as far as I can tell, there isn't a way to force danetool to connect using ipv4 or forcing it to connect to a different host/ip, than the one provided in `--check`. Either an option for settings a custom host/ip than `--check` to connect to or options like `-4`/`-6` should do the trick. ## Applications that this feature may be relevant to: Manual testing or monitoring systems verifying DANE over ipv4 for ipv6 enabled servers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1180 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 12 18:47:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Feb 2021 17:47:42 +0000 Subject: [gnutls-devel] GnuTLS | resume-with-stek-expiration throws a fishy warning (#1181) References: Message-ID: Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1181 After 37e54a05221e076ba905d2d53fc7d885dc9e9ebc resume-with-stek-expiration throws a fishy warning but exits with success. Patching 3.7.0 release with e0bb98e1f71f94691f600839ff748d3a9f469d3e 09b40be6e0e0a59ba4bd764067eb353241043a70 05ee0d49fe93d8812ef220c7b830c4b3553ac4fd 37e54a05221e076ba905d2d53fc7d885dc9e9ebc results in something that seems to break resume-with-stek-expiration without triggering an actual error: ~~~ (sid)ametzler at argenau:/tmp/GNUTLS/gnutls-3.7.0/tests$ ./resume-with-stek-expiration --verbose ; echo $? [...] testing tls1.3 resumption STEK was rotated! client: Handshake was completed server: Handshake was completed client: Success: Session was NOT resumed server: Success: Session was NOT resumed STEK was rotated! client: Handshake was completed client: Success: Session was resumed server: Handshake was completed server: Success: Session was resumed STEK was rotated! server: Handshake was completed server: Success: Session was resumed client: Handshake was completed client: Success: Session was resumed STEK was rotated! client: Handshake was completed server: Handshake was completed server: Success: Session was NOT resumed resume_and_close:134: client: Session was resumed (but should not) Self test `./resume-with-stek-expiration' finished with 0 errors 0 ~~~ Not the "resume_and_close:134: client: Session was resumed (but should not)". (I accidentally stumbled over this while cherrypicking, Git HEAD (2ea09dff25c74a4da598efdc62e7d3b42a11727c) does not show the message. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 12 19:02:39 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Feb 2021 18:02:39 +0000 Subject: [gnutls-devel] GnuTLS | resume-with-stek-expiration throws a fishy warning (#1181) In-Reply-To: References: Message-ID: Andreas Metzler commented: @ametzler wrote: > I accidentally stumbled over this while cherrypicking, Git HEAD (2ea09dff) does not show the message. 5416fdc259d8df9b797d249f3e5d58789b2e2cf9 seems to make the difference. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1181#note_508119598 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 06:53:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 05:53:13 +0000 Subject: [gnutls-devel] GnuTLS | resume-with-stek-expiration throws a fishy warning (#1181) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1181#note_508322451 Yes, you need 5416fdc2 as well. It worked previously because session IDs are checked for resumption even in TLS 1.3, which was a logic error. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1181#note_508322451 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 06:53:35 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 05:53:35 +0000 Subject: [gnutls-devel] GnuTLS | resume-with-stek-expiration throws a fishy warning (#1181) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1181: https://gitlab.com/gnutls/gnutls/-/issues/1181 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 11:47:35 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 10:47:35 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS does not recognize the extension "Netscape Cert Type" (#988) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #988: https://gitlab.com/gnutls/gnutls/-/issues/988 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 11:47:34 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 10:47:34 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS does not recognize the extension "Netscape Cert Type" (#988) In-Reply-To: References: Message-ID: Daiki Ueno commented: Let's close this as a duplicate of #1159, as the other one has a little more information. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/988#note_508364157 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 11:51:40 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 10:51:40 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: update from Gnulib (!1384) In-Reply-To: References: Message-ID: Daiki Ueno commented: The CI is failing at the mingw32-vista testing phase: ```console $ mingw${arch_bits}-make -j$CHECKJOBS -C tests check make: Entering directory '/builds/dueno/gnutls/tests' make: *** No rule to make target 'check'. Stop. make: Leaving directory '/builds/dueno/gnutls/tests' ``` Looks like the artifacts are not properly extracted. @ep69 could you perhaps check what's happening? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384#note_508364574 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 12:10:53 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 11:10:53 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: update from Gnulib (!1384) In-Reply-To: References: Message-ID: Stanislav ?idek commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384#note_508366603 Could you try incrementing number in cache key? E.g., `$CI_JOB_NAME-ver19` -> `$CI_JOB_NAME-ver20` My suspicion is that the gnulib changes are interfering with the cache somehow. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384#note_508366603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 14:36:36 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 13:36:36 +0000 Subject: [gnutls-devel] GnuTLS | Fix test error with nettle in non-default location (!1386) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386#note_508394141 ametzler wrote > @dueno wrote: >> I suppose the issue is that lib/gnutls_int.h includes , right? Can we move this include to the actual usage (lib/cipher.c)? > I think so, yes. - I just mirrored what the other gnutls_int.h including tests did. I have just force-pushed an updated version that moves the #include. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386#note_508394141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 15:54:48 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 14:54:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix test error with nettle in non-default location (!1386) In-Reply-To: References: Message-ID: Merge Request !1386 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386 Project:Branches: ametzler/gnutls:tmp-tests-missing-nettle-cflags to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 18:47:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 17:47:00 +0000 Subject: [gnutls-devel] GnuTLS | Fix test error with nettle in non-default location (!1386) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386#note_508435405 Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386#note_508435405 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 18:47:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 17:47:00 +0000 Subject: [gnutls-devel] GnuTLS | Fix test error with nettle in non-default location (!1386) In-Reply-To: References: Message-ID: All discussions on Merge Request !1386 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1386 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 19:50:21 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 18:50:21 +0000 Subject: [gnutls-devel] GnuTLS | Fix test error with nettle in non-default location (!1386) In-Reply-To: References: Message-ID: Merge Request !1386 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386 Project:Branches: ametzler/gnutls:tmp-tests-missing-nettle-cflags to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 20:41:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 19:41:59 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: update from Gnulib (!1384) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384#note_508453434 Thanks! That did the trick. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384#note_508453434 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 20:41:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 19:41:59 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: update from Gnulib (!1384) In-Reply-To: References: Message-ID: All discussions on Merge Request !1384 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1384 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 21:16:31 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 20:16:31 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: update from Gnulib (!1384) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm merging this without approval, as it is mostly cosmetic. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384#note_508457356 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 21:16:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 20:16:42 +0000 Subject: [gnutls-devel] GnuTLS | build fails at "./bootstrap: getting translations into po/.reference for gnutls..." (#1143) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1384 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1384) Issue #1143: https://gitlab.com/gnutls/gnutls/-/issues/1143 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1143 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 13 21:16:43 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Feb 2021 20:16:43 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: update from Gnulib (!1384) In-Reply-To: References: Message-ID: Merge Request !1384 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384 Project:Branches: dueno/gnutls:wip/dueno/bootstrap to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 14 10:40:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 14 Feb 2021 09:40:00 +0000 Subject: [gnutls-devel] GnuTLS | Older Let's Encrypt certificates are not recognized (#1139) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1139: https://gitlab.com/gnutls/gnutls/-/issues/1139 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 14 10:39:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 14 Feb 2021 09:39:59 +0000 Subject: [gnutls-devel] GnuTLS | Older Let's Encrypt certificates are not recognized (#1139) In-Reply-To: References: Message-ID: Daiki Ueno commented: Closing this; feel free to reopen if the problem persists. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1139#note_508528052 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 14 12:27:34 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 14 Feb 2021 11:27:34 +0000 Subject: [gnutls-devel] GnuTLS | 3.7.0 errors against (old TLS 1.0?) FTPS (FTP/TLS) servers (#1152) In-Reply-To: References: Message-ID: Andreas Metzler commented: This was fixed by 05ee0d49fe93d8812ef220c7b830c4b3553ac4fd according to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980119#62 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1152#note_508539384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 14 12:27:35 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 14 Feb 2021 11:27:35 +0000 Subject: [gnutls-devel] GnuTLS | 3.7.0 errors against (old TLS 1.0?) FTPS (FTP/TLS) servers (#1152) In-Reply-To: References: Message-ID: Issue was closed by Andreas Metzler Issue #1152: https://gitlab.com/gnutls/gnutls/-/issues/1152 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1152 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 14 16:35:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 14 Feb 2021 15:35:19 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS and OpenSSL accept a cert while mbedTLS, wolfSSL and NSS reject it. (#1164) In-Reply-To: References: Message-ID: Daiki Ueno commented: I guess the counterpart OpenSSL issue is: https://github.com/openssl/openssl/issues/13963#issuecomment-767543289 where some nice analysis is done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1164#note_508580858 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 14 16:56:14 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 14 Feb 2021 15:56:14 +0000 Subject: [gnutls-devel] GnuTLS | certtool --generate-self-signed returns crt_sign: ASN1 parser: Value is not valid. (#1144) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for checking; I'm marking this as "bug" so not to forget importing the fix in our bundled copy of libtasn1, in the next gnutls release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1144#note_508583221 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 05:08:23 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 04:08:23 +0000 Subject: [gnutls-devel] GnuTLS | specialize gnutls_load_file() for unix-like OS (!1270) In-Reply-To: References: Message-ID: Merge Request !1270 was closed by GnuTLS bot Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270 Project:Branches: gstrauss/gnutls:specialize-gnutls_load_file to gnutls/gnutls:master Author: Glenn Strauss Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 05:08:23 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 04:08:23 +0000 Subject: [gnutls-devel] GnuTLS | specialize gnutls_load_file() for unix-like OS (!1270) In-Reply-To: References: Message-ID: GnuTLS bot commented: @gstrauss This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270#note_508803737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:21:34 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:21:34 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS accepts a non-CA cert with a critical ext nameConstraints (#1171) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks similar to #1164, but with a different extension. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1171#note_508845420 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:23:58 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:23:58 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects a cert since it cannot parse the critical ext Netscape Cert Type (#1170) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm not 100% sure that Netscape Cert Type is making the difference; adding a "need investigation" label for now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1170#note_508846062 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:26:05 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:26:05 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS accepts a cert whose basicConstraints.cA==False but keyUsage.keyCertSign is set (#1167) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks like a duplicate of #1164. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1167#note_508846645 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:26:06 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:26:06 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS accepts a cert whose basicConstraints.cA==False but keyUsage.keyCertSign is set (#1167) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1167: https://gitlab.com/gnutls/gnutls/-/issues/1167 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1167 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:28:20 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:28:20 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects a certificate since it parsed the critical extension policyConstraints to unknown ext (#1161) In-Reply-To: References: Message-ID: Daiki Ueno commented: Given we don't (yet) support policyConstraints, the current behavior seems to be reasonable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1161#note_508847286 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:28:21 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:28:21 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects a certificate since it parsed the critical extension policyConstraints to unknown ext (#1161) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1161: https://gitlab.com/gnutls/gnutls/-/issues/1161 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1161 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:38:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:38:41 +0000 Subject: [gnutls-devel] GnuTLS | Provide a better way to upload Windows artifacts upon release (#1182) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1182 The download page links to the (automatically generated) Windows build artifacts on gitlab.com, which are removed in a certain period. We should find a permanent place to host those artifacts and plumb the CI to upload the generated files. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1182 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:45:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:45:45 +0000 Subject: [gnutls-devel] GnuTLS | Gnutls 3.6.14 fails to compile on Mac OS Catalina (#1033) In-Reply-To: References: Message-ID: Daiki Ueno commented: Given it's an issue in libtasn1, I'm closing this for now (we should backport the patch to the bundled libtasn1). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1033#note_508856906 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:45:46 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:45:46 +0000 Subject: [gnutls-devel] GnuTLS | Gnutls 3.6.14 fails to compile on Mac OS Catalina (#1033) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1033: https://gitlab.com/gnutls/gnutls/-/issues/1033 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1033 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 07:49:17 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 06:49:17 +0000 Subject: [gnutls-devel] GnuTLS | via padlock: add support for AES-192 (#1004) In-Reply-To: References: Message-ID: Daiki Ueno commented: I wonder if this is already supported by the recently reworked padlock support. @zzjianhui would you mind taking a look perhaps? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1004#note_508858527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 08:37:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 07:37:26 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Daiki Ueno commented: Assuming this has the same root cause as #1044, I'm closing it for now; if the problem still persists, feel free to reopen. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_508883287 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 08:37:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 07:37:26 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #965: https://gitlab.com/gnutls/gnutls/-/issues/965 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 08:58:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 07:58:26 +0000 Subject: [gnutls-devel] GnuTLS | Use https:// instead of http:// in docs, README, examples, ... (#695) In-Reply-To: References: Message-ID: Daiki Ueno commented: I don't see any (fixable) occurrence of 'http://' in the above mentioned files: ```console git grep 'http://' doc README.md CONTRIBUTING.md doc/examples/ README.md:* [libev](hhttp://software.schmorp.de/pkg/libev.html) (for testing) Binary file doc/gnutls-client-server-use-case.pdf matches Binary file doc/gnutls-crypto-layers.pdf matches Binary file doc/gnutls-handshake-sequence.pdf matches Binary file doc/gnutls-handshake-state.pdf matches Binary file doc/gnutls-internals.pdf matches Binary file doc/gnutls-layers.pdf matches Binary file doc/gnutls-logo.pdf matches Binary file doc/gnutls-modauth.pdf matches Binary file doc/gnutls-x509.pdf matches Binary file doc/pkcs11-vision.pdf matches ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/695#note_508897753 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 08:58:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 07:58:27 +0000 Subject: [gnutls-devel] GnuTLS | Use https:// instead of http:// in docs, README, examples, ... (#695) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #695: https://gitlab.com/gnutls/gnutls/-/issues/695 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/695 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 08:59:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 07:59:55 +0000 Subject: [gnutls-devel] GnuTLS | configure --enable-guile is default, but --disable-guile is missing in help output (#577) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #577: https://gitlab.com/gnutls/gnutls/-/issues/577 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/577 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 09:03:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 08:03:03 +0000 Subject: [gnutls-devel] GnuTLS | reduce CI runs to less than 60 mins (#292) In-Reply-To: References: Message-ID: Daiki Ueno commented: Closing in favor of #674, which has more concrete plans. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/292#note_508900202 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 09:03:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 08:03:04 +0000 Subject: [gnutls-devel] GnuTLS | reduce CI runs to less than 60 mins (#292) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #292: https://gitlab.com/gnutls/gnutls/-/issues/292 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/292 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 09:03:47 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 08:03:47 +0000 Subject: [gnutls-devel] GnuTLS | handle OID 1.3.6.1.4.1.11129.2.4.2 (x.509 extension for certificate transparency SCTs) (#232) In-Reply-To: References: Message-ID: Reassigned Issue 232 https://gitlab.com/gnutls/gnutls/-/issues/232 Assignee changed to Ander Juaristi -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 09:04:33 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 08:04:33 +0000 Subject: [gnutls-devel] GnuTLS | Remove the support for SRP protocol (#201) In-Reply-To: References: Message-ID: Daiki Ueno commented: Duplicate of #943. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/201#note_508901102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 09:04:33 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 08:04:33 +0000 Subject: [gnutls-devel] GnuTLS | Remove the support for SRP protocol (#201) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #201: https://gitlab.com/gnutls/gnutls/-/issues/201 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/201 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 13:50:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 12:50:42 +0000 Subject: [gnutls-devel] GnuTLS | cppcheck skips most files in lib/ (#705) In-Reply-To: References: Message-ID: Daiki Ueno commented: This doesn't seem to be the case with the current version of cppcheck. With: ```console cppcheck --force -q -Ilib/includes -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring -i lib/minitasn1 -i lib/nettle/backport -i lib/nettle/ecc -j2 --enable=information --enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}' ``` I got [cppcheck.out.gz](/uploads/96d32b8fb0ea66b0f9e4635014cd9d63/cppcheck.out.gz). I'll fix the typo anyway. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/705#note_509185768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 13:50:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 12:50:55 +0000 Subject: [gnutls-devel] GnuTLS | cppcheck skips most files in lib/ (#705) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #705: https://gitlab.com/gnutls/gnutls/-/issues/705 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/705 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 13:53:23 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 12:53:23 +0000 Subject: [gnutls-devel] GnuTLS | Make in 3.6.11 fails with "error: storage size of 'rsa_pss_params' isn't known" with gcc 4.8.5 (#1015) In-Reply-To: References: Message-ID: Daiki Ueno commented: I suppose this could be worked around if you point to the recent enough version of `pkcs11.h` (included in p11-kit). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1015#note_509188178 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:08:01 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:08:01 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Merge Request !1388 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 Project:Branches: dueno/gnutls:wip/dueno/typo-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:07:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:07:50 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 Project:Branches: dueno/gnutls:wip/dueno/typo-fixes to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:08:38 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:08:38 +0000 Subject: [gnutls-devel] GnuTLS | specialize gnutls_load_file() for unix-like OS (!1270) In-Reply-To: References: Message-ID: Merge Request !1270 was reopened by Glenn Strauss Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270 Project:Branches: gstrauss/gnutls:specialize-gnutls_load_file to gnutls/gnutls:master Author: Glenn Strauss Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:08:38 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:08:38 +0000 Subject: [gnutls-devel] GnuTLS | specialize gnutls_load_file() for unix-like OS (!1270) In-Reply-To: References: Message-ID: Glenn Strauss commented: > @gstrauss This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. Still interested and awaiting feedback. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270#note_509353037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:09:09 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:09:09 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: include when checking scm_* functions (!1360) In-Reply-To: References: Message-ID: Daiki Ueno commented: Merging without approval as it's trivial. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1360#note_509353610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:09:15 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:09:15 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: include when checking scm_* functions (!1360) In-Reply-To: References: Message-ID: Merge Request !1360 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1360 Project:Branches: dueno/gnutls:wip/dueno/guile-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1360 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:09:15 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:09:15 +0000 Subject: [gnutls-devel] GnuTLS | Build failure with Xcode 12 (on macOS 10.15 and 11.0) (#1116) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1360 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1360) Issue #1116: https://gitlab.com/gnutls/gnutls/-/issues/1116 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1116 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:57:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:57:03 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: add option to skip the duplicate modules check (!1252) In-Reply-To: References: Message-ID: Merge Request !1252 was reopened by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1252 Branches: tmp-pkcs11-reject-duplicate-modules to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:55:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:55:45 +0000 Subject: [gnutls-devel] GnuTLS | Cannot connect to github.com, download.mono-project.com (#990) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #990: https://gitlab.com/gnutls/gnutls/-/issues/990 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/990 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 16:55:44 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 15:55:44 +0000 Subject: [gnutls-devel] GnuTLS | Cannot connect to github.com, download.mono-project.com (#990) In-Reply-To: References: Message-ID: Daiki Ueno commented: OK, let's close it then. Feel free to reopen if you can reproduce the issue on a different network. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/990#note_509417717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 17:36:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 16:36:50 +0000 Subject: [gnutls-devel] GnuTLS | Can't generate public.crt on Windows 2016 (#923) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm afraid we cannot help without looking at the exact content of the template file, which has not been provided. I'm closing this for now; please feel free to reopen if the issue still persists. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/923#note_509454349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 17:36:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 16:36:50 +0000 Subject: [gnutls-devel] GnuTLS | Can't generate public.crt on Windows 2016 (#923) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #923: https://gitlab.com/gnutls/gnutls/-/issues/923 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/923 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 18:08:15 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 17:08:15 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: eliminate warnings (#462) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #462: https://gitlab.com/gnutls/gnutls/-/issues/462 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 18:08:14 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 17:08:14 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: eliminate warnings (#462) In-Reply-To: References: Message-ID: Daiki Ueno commented: I don't see what's missing as we have UB+ASAN-Werror.Fedora.x86_64.gcc for quite a while. I'm closing this for now; feel free to reopen if there is anything else left to be done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/462#note_509480751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 18:18:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 17:18:45 +0000 Subject: [gnutls-devel] GnuTLS | Checked-in files in devel/ contain local paths that result in merge conflicts (#797) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm afraid this alone wouldn't improve the situation, because the XML file format is not stable over ABI changes (see https://gitlab.com/gnutls/gnutls/-/issues/954#note_305759879). For the time being I'd suggest using an external diff/merge driver for that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/797#note_509487468 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 18:18:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 17:18:45 +0000 Subject: [gnutls-devel] GnuTLS | Checked-in files in devel/ contain local paths that result in merge conflicts (#797) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #797: https://gitlab.com/gnutls/gnutls/-/issues/797 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/797 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 19:56:48 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 18:56:48 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: Evgeny Grin commented on a discussion on lib/system/sockets.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_509556788 > + bufs[to_send_cnt].buf = iovec[to_send_cnt].iov_base; > + bufs[to_send_cnt].len = (unsigned long) > + (space_left > ULONG_MAX ? > + ULONG_MAX : space_left); > + ovrflwn = true; > + } > + else if (iovec[to_send_cnt].iov_len > ULONG_MAX) { > + bufs[to_send_cnt].buf = iovec[to_send_cnt].iov_base; > + bufs[to_send_cnt].len = ULONG_MAX; > + ovrflwn = true; > + } > + else { > + bufs[to_send_cnt].buf = iovec[to_send_cnt].iov_base; > + bufs[to_send_cnt].len = > + (unsigned long) iovec[to_send_cnt].iov_len; > + to_send_bytes += iovec[to_send_cnt].iov_len; `WSASend()` can send more than `SSIZE_MAX` on x32 Windows. The problem is GnuTLS will unable to process this value, as return value could be negative when casted to `ssize_t`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_509556788 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 19:57:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 18:57:24 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: Evgeny Grin commented on a discussion on lib/system/sockets.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_509556996 > } > + > +ssize_t > +system_writev(gnutls_transport_ptr_t ptr, const giovec_t * iovec, > + int iovec_cnt) > +{ > + WSABUF bufs[iovec_cnt]; > + DWORD bytes_sent; > + int to_send_cnt; > + size_t to_send_bytes = 0; > + bool ovrflwn = false; > + > + for (to_send_cnt = 0; to_send_cnt < iovec_cnt && !ovrflwn; > + ++to_send_cnt) { > + if (to_send_bytes + iovec[to_send_cnt].iov_len > SSIZE_MAX || > + iovec[to_send_cnt].iov_len > SSIZE_MAX) { As per GnuTLS guidelines, I'm trying to avoid comments in code. :) If `iovec[to_send_cnt].iov_len` is large enough (close to 2x`SSIZE_MAX`) then sum of (something + large enough) can warp (overflow) to number less then `SSIZE_MAX`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_509556996 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 19:58:54 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 18:58:54 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: Evgeny Grin commented on a discussion on lib/system/sockets.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_509557869 > + int to_send_cnt; > + size_t to_send_bytes = 0; > + bool ovrflwn = false; > + > + for (to_send_cnt = 0; to_send_cnt < iovec_cnt && !ovrflwn; > + ++to_send_cnt) { > + if (to_send_bytes + iovec[to_send_cnt].iov_len > SSIZE_MAX || > + iovec[to_send_cnt].iov_len > SSIZE_MAX) { > + size_t space_left; > + > + space_left = (size_t)SSIZE_MAX - to_send_bytes; > + bufs[to_send_cnt].buf = iovec[to_send_cnt].iov_base; > + bufs[to_send_cnt].len = (unsigned long) > + (space_left > ULONG_MAX ? > + ULONG_MAX : space_left); > + ovrflwn = true; It can be replaced with `{++to_send_cnt; break;}`. Maybe is should be replace for readability. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_509557869 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 15 20:12:17 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Feb 2021 19:12:17 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: Evgeny Grin commented: @dueno Thanks. Let me know how to improve it. There are several thing must be handled in this function: 1. The size of each element must be less than `ULONG_MAX` (actually max value for `DWORD`). If any element with larger size if found, is must be truncated to ULONG_MAX and no more element must be processed. 2. GnuTLS cannot process successful return value more than `SSIZE_MAX`, so amount of total sent size must be limited to `SSIZE_MAX`. The code is so complicated because `ssize_t` is variable depending of x32/x64, but size of DWORD is fixed on Win32. To handle both x32 and x64 in uniformed way, code needs to be a bit complicated. We can shield the second `if` like: ``` C++ #if SIZE_MAX > ULONG_MAX else if (iovec[to_send_cnt].iov_len > ULONG_MAX) { bufs[to_send_cnt].buf = iovec[to_send_cnt].iov_base; bufs[to_send_cnt].len = ULONG_MAX; ovrflwn = true; } #endif ``` but it will not make code more readable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_509565944 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 02:01:14 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 01:01:14 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS cannot parse the extension Netscape Cert Type (#1159) In-Reply-To: References: Message-ID: GOODPWDCETCSZ commented: Some certs actually have the two exts Netscape Comment and Netscape Cert Type. The reported issue 9 months ago is duplicated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1159#note_509673934 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 07:56:39 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 06:56:39 +0000 Subject: [gnutls-devel] GnuTLS | cppcheck skips most files in lib/ (#705) In-Reply-To: References: Message-ID: Daiki Ueno commented: Fixing the typo revealed an issue: `operator=` is not properly implemented in the C++ binding. This [commit](https://gitlab.com/gnutls/gnutls/-/merge_requests/1388/diffs?commit_id=01ef02f4ec8183484a45defe5c7a64e36c688943) should fix it though I'm no expert in C++. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/705#note_509776900 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 08:19:32 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 07:19:32 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 1 alert** when merging 01ef02f4ec8183484a45defe5c7a64e36c688943 into 8314ad75b4a99e8b1fa5242607e272e31fc83ec2 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-7b6679a01de221093a3b5e9b33b5dbe67146606f) **fixed alerts:** * 1 for Overloaded assignment does not return 'this' --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388#note_509786759 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 08:52:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 07:52:10 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Merge Request !1388 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 Project:Branches: dueno/gnutls:wip/dueno/typo-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 08:55:05 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 07:55:05 +0000 Subject: [gnutls-devel] GnuTLS | Wrong CDP in certificate (#1126) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the report; I'm mostly convinced that copying CDP from the signing CA is not a good default, though we need a NEWS entry if we change that behavior. I'll take it for the next release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1126#note_509805041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 08:55:36 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 07:55:36 +0000 Subject: [gnutls-devel] GnuTLS | Wrong CDP in certificate (#1126) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.1 release (started on Dec 2, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/29 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1126 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 09:43:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 08:43:03 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 1 alert** when merging e650893d07189ee6759c9b5a13c543e48eb3084d into 8314ad75b4a99e8b1fa5242607e272e31fc83ec2 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-db6e91b4bed5e10385b8503a13bf7264d6d1e221) **fixed alerts:** * 1 for Overloaded assignment does not return 'this' --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388#note_509837979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 13:00:09 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 12:00:09 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: Evgeny Grin commented: MR has been updated with more readable version of the code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_510016976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 15:26:29 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 14:26:29 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: All discussions on Merge Request !1377 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1377 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 15:26:53 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 14:26:53 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: Merge Request !1377 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377 Project:Branches: karlson2k/gnutls:w32_sendmsg to gnutls/gnutls:master Author: Evgeny Grin Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 15:27:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 14:27:10 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks much better, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377#note_510174320 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 16 15:27:16 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 14:27:16 +0000 Subject: [gnutls-devel] GnuTLS | Sockets: implement sendmsg()-like function on Win32 (!1377) In-Reply-To: References: Message-ID: Merge Request !1377 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377 Project:Branches: karlson2k/gnutls:w32_sendmsg to gnutls/gnutls:master Author: Evgeny Grin Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 00:34:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Feb 2021 23:34:03 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) References: Message-ID: Dmitry Tsvettsikh created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389 Project:Branches: ReklatsMasters/gnutls:bug/require-gmp to gnutls/gnutls:master Author: Dmitry Tsvettsikh Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 06:07:48 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 05:07:48 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) In-Reply-To: References: Message-ID: Daiki Ueno commented: According to the [comment](https://git.lysator.liu.se/nettle/nettle/-/blob/master/hogweed.pc.in#L6): ``` # Uses Requires.private and Libs.private, under the assumption that # when using shared libraries, the ELF dependencies from libhogweed.so # to nettle and gmp work. ``` it seems like an issue in Nettle's .pc file generation (or pkg-config itself). Although including this change wouldn't hurt, I wonder what exact situation that causes the issue. Would it be possible to elaborate the commit message, with the actual configuration and the hogweed.pc content? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389#note_510739249 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 06:42:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 05:42:03 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Merge Request !1388 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 Project:Branches: dueno/gnutls:wip/dueno/typo-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 06:49:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 05:49:59 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389#note_510751514 Ah, ok, nevermind; I suppose this would solve a problem if `GMP_LIBS` is supplied to `configure` in GnuTLS (because GnuTLS is also a direct user of GMP). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389#note_510751514 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 06:50:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 05:50:10 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) In-Reply-To: References: Message-ID: Merge Request !1389 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389 Project:Branches: ReklatsMasters/gnutls:bug/require-gmp to gnutls/gnutls:master Author: Dmitry Tsvettsikh Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 06:50:18 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 05:50:18 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) In-Reply-To: References: Message-ID: All discussions on Merge Request !1389 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1389 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 06:50:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 05:50:26 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) In-Reply-To: References: Message-ID: Merge Request !1389 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389 Project:Branches: ReklatsMasters/gnutls:bug/require-gmp to gnutls/gnutls:master Author: Dmitry Tsvettsikh Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 07:01:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 06:01:30 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389#note_510755959 @dueno wrote > According to the comment: ``` # Uses Requires.private and Libs.private, under the assumption that # when using shared libraries, the ELF dependencies from libhogweed.so # to nettle and gmp work. ``` > it seems like an issue in Nettle's .pc file generation (or pkg-config itself). I also wonder about @ReklatsMasters test case. This seems to work perfectly fine on Debian: https://buildd.debian.org/status/fetch.php?pkg=gnutls28&arch=amd64&ver=3.7.0-7&stamp=1613160680&raw=0 ``` checking for nettle_get_secp_192r1 in -lhogweed... yes checking for nettle_rsa_sec_decrypt... yes checking for nettle_gost28147_set_key... no ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389#note_510755959 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 07:07:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 06:07:26 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 1 alert** when merging cf55180b260912454be6d9926b1028b74b4695fa into 49c955d26486ef939077e4e6d3f53ef1bd34d9df - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-c0e23bf05cdf959a3a5d5af273973f1b78c68aa4) **fixed alerts:** * 1 for Overloaded assignment does not return 'this' --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388#note_510758388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 07:10:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 06:10:24 +0000 Subject: [gnutls-devel] GnuTLS | [OSX, GnuTLS 3.6.15] "sed -i" requires null-length arg. if in-place editing doesn't require a backup file (#1088) In-Reply-To: References: Message-ID: Daiki Ueno commented: > I did indeed run "make clean" at some point. I could finally reproduce it; we need to ensure that we don't remove any stamp files (and the dependencies) at "make clean". -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1088#note_510759418 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 07:54:07 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 06:54:07 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 1 alert** when merging dc92c9ae0d9a389184db30ca7ea1d0e2d0bffb29 into a5d62b3f0bfc16d9448b7f5c5e4f50360e2e1fdb - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-e531cd2646a5ebd7993764b6bf7c4b6c9e30a96a) **fixed alerts:** * 1 for Overloaded assignment does not return 'this' --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388#note_510790775 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 07:59:40 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 06:59:40 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Merge Request !1388 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 Project:Branches: dueno/gnutls:wip/dueno/typo-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 08:32:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 07:32:55 +0000 Subject: [gnutls-devel] GnuTLS | README.md, .gitlab-ci.yml: fix typos and remove misleading information (!1388) In-Reply-To: References: Message-ID: Merge Request !1388 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 Project:Branches: dueno/gnutls:wip/dueno/typo-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 08:32:54 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 07:32:54 +0000 Subject: [gnutls-devel] GnuTLS | Avoid abort() in lib/extras/hex.c (#604) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1388 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1388) Issue #604: https://gitlab.com/gnutls/gnutls/-/issues/604 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 08:32:54 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 07:32:54 +0000 Subject: [gnutls-devel] GnuTLS | Avoid abort() in lib/system/fastopen.c (#603) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1388 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1388) Issue #603: https://gitlab.com/gnutls/gnutls/-/issues/603 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 08:32:54 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 07:32:54 +0000 Subject: [gnutls-devel] GnuTLS | With the distribution tarballs, "make" after "make clean" regenerates *.info files (#1088) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1388 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1388) Issue #1088: https://gitlab.com/gnutls/gnutls/-/issues/1088 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1088 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 08:47:56 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 07:47:56 +0000 Subject: [gnutls-devel] GnuTLS | Unwinding from sha256_block_data_order_avx2 crashes the process, GDB unable to backtrace (#1111) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1111: https://gitlab.com/gnutls/gnutls/-/issues/1111 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 08:47:56 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 07:47:56 +0000 Subject: [gnutls-devel] GnuTLS | Unwinding from sha256_block_data_order_avx2 crashes the process, GDB unable to backtrace (#1111) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm closing this, now that the updated code has been included in the 3.7.0 release. Feel free to reopen if the problem persists. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_510830077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 10:33:51 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 09:33:51 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) In-Reply-To: References: Message-ID: Dmitry Tsvettsikh commented: @ametzler here is my test case. `HOGWEED_LIBS="-L${ROOT_DIR}/dependencies/lib -lhogweed -lgmp" \` is hotfix for this bug, this should be whithout `-lgmp`. ```makefile # Source ARCHIVE_GNUTLS=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.15.tar.xz ARCHIVE_LIBTASN=https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.16.0.tar.gz ARCHIVE_NETTLE=https://ftp.gnu.org/gnu/nettle/nettle-3.7.tar.gz ARCHIVE_GMPLIB=https://gmplib.org/download/gmp/gmp-6.2.1.tar.xz # Build ROOT_DIR=${PWD} MAKE=make CFLAGS="-O3" CONFIGURE=./configure CFLAGS=${CFLAGS} --prefix=${ROOT_DIR}/dependencies --disable-shared CURL=curl -s EXTRACT_XZ=tar -xJ EXTRACT_GZ=tar -xz EMCC_DEBUG=0 all: gnutls clean: rm -rf gnutls-3.6.15 gmp-6.2.1 nettle-3.7 libtasn1-4.16.0 dependencies # gmp gmp-6.2.1/configure: ${CURL} ${ARCHIVE_GMPLIB} | ${EXTRACT_XZ} gmp-6.2.1/Makefile: gmp-6.2.1/configure cd gmp-6.2.1 && \ ${CONFIGURE} \ --prefix=${ROOT_DIR}/dependencies && \ cd - dependencies/lib/libgmp.a: gmp-6.2.1/Makefile cd gmp-6.2.1 && ${MAKE} install && cd - gmp: dependencies/lib/libgmp.a # libtasn1 libtasn1-4.16.0/configure: ${CURL} ${ARCHIVE_LIBTASN} | ${EXTRACT_GZ} libtasn1-4.16.0/Makefile: libtasn1-4.16.0/configure cd libtasn1-4.16.0 && \ ${CONFIGURE} \ --disable-doc \ --disable-valgrind-tests \ --prefix=${ROOT_DIR}/dependencies && \ cd - dependencies/lib/libtasn1.a: libtasn1-4.16.0/Makefile cd libtasn1-4.16.0 && ${MAKE} install && cd - asn1: dependencies/lib/libtasn1.a # nettle nettle-3.7/configure: ${CURL} ${ARCHIVE_NETTLE} | ${EXTRACT_GZ} nettle-3.7/Makefile: nettle-3.7/configure dependencies/lib/libgmp.a cd nettle-3.7 && \ ${CONFIGURE} \ LDFLAGS="-L${ROOT_DIR}/dependencies/lib" \ LIBS="-lgmp" \ --disable-documentation \ --enable-x86-aesni \ --enable-public-key \ && cd - dependencies/lib/libnettle.a: nettle-3.7/Makefile cd nettle-3.7 && ${MAKE} install && cd - nettle: dependencies/lib/libnettle.a # gnutls gnutls-3.6.15/configure: ${CURL} ${ARCHIVE_GNUTLS} | ${EXTRACT_XZ} gnutls-3.6.15/Makefile: gnutls-3.6.15/configure dependencies/lib/libnettle.a dependencies/lib/libtasn1.a dependencies/lib/libgmp.a cd gnutls-3.6.15 && \ ${CONFIGURE} \ NETTLE_CFLAGS="-I${ROOT_DIR}/dependencies/include" \ NETTLE_LIBS="-L${ROOT_DIR}/dependencies/lib -lnettle" \ HOGWEED_CFLAGS="-I${ROOT_DIR}/dependencies/include" \ HOGWEED_LIBS="-L${ROOT_DIR}/dependencies/lib -lhogweed -lgmp" \ GMP_CFLAGS="-I${ROOT_DIR}/dependencies/include" \ GMP_LIBS="-L${ROOT_DIR}/dependencies/lib -lgmp" \ LIBTASN1_CFLAGS="-I${ROOT_DIR}/dependencies/include" \ LIBTASN1_LIBS="-L${ROOT_DIR}/dependencies/lib -ltasn1" \ LDFLAGS="-L${ROOT_DIR}/dependencies/lib" \ --disable-maintainer-mode \ --disable-doc \ --disable-tools \ --disable-cxx \ --disable-ssl3-support \ --disable-ssl2-support \ --disable-tests \ --disable-valgrind-tests \ --disable-full-test-suite \ --disable-rpath \ --disable-libtool-lock \ --disable-libdane \ --with-included-unistring \ --without-zlib \ --without-libz-prefix \ --without-idn \ --without-libidn2 \ --without-tpm \ --without-p11-kit \ && cd - dependencies/lib/libgnutls.a: gnutls-3.6.15/Makefile cd gnutls-3.6.15 && ${MAKE} install && cd - gnutls: dependencies/lib/libgnutls.a ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389#note_510920946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 12:05:28 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 11:05:28 +0000 Subject: [gnutls-devel] GnuTLS | fips: replace fipshmac usage with internal program (!1390) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390 Project:Branches: dueno/gnutls:wip/dueno/nofipshmac to gnutls/gnutls:master Author: Daiki Ueno This introduces a non-installed program "fipshmac" and uses it for generating HMAC files required in FIPS 140-2. The generated files are installed along with the main library. Fixes: #1101 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 12:06:08 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 11:06:08 +0000 Subject: [gnutls-devel] GnuTLS | Replace fipshmac usage with our own HMAC functions (#1101) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1101#note_511017735 Thanks @The-Mule, I've integrated it in !1390. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1101#note_511017735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 12:08:49 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 11:08:49 +0000 Subject: [gnutls-devel] GnuTLS | fips: replace fipshmac usage with internal program (!1390) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm a bit concerned with a chicken-and-egg problem: the helper program (fipshmac) needs to explicitly disable FIPS enablement when generating the HMAC files. @smuellerDD do you think this is an acceptable approach? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390#note_511019941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 17 18:11:22 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Feb 2021 17:11:22 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389#note_511377355 I suspect it is triggered by your static-library-only setup. - I guess libnettle is only present as libnettle.a using it requires linking against libgmp.a? If that was the case, you need to set different NETTLE_LIBS and than you do. What does config.log say? It looks like this here: ~~~ configure:66498: checking for nettle_get_secp_192r1 in -lhogweed configure:66523: gcc -o conftest -g -O2 -ffile-prefix-map=/dev/shm/GNUTLS/gnutls-3.7.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now conftest.c -lhogweed -lhogweed -lnettle >&5 configure:66523: $? = 0 configure:66532: result: yes configure:66561: checking for nettle_rsa_sec_decrypt configure:66561: gcc -o conftest -g -O2 -ffile-prefix-map=/dev/shm/GNUTLS/gnutls-3.7.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now conftest.c -lhogweed -lnettle >&5 configure:66561: $? = 0 configure:66561: result: yes configure:66580: checking for nettle_gost28147_set_key ~~~ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1389#note_511377355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 18 08:15:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Feb 2021 07:15:27 +0000 Subject: [gnutls-devel] GnuTLS | fips: replace fipshmac usage with internal program (!1390) In-Reply-To: References: Message-ID: Stephan Mueller commented: This is fully acceptable - the generation of the HMAC control value does not need to be performed by a FIPS-validated product nor does the product be in compliance with FIPS rules. Ciao Stephan -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390#note_511710051 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 18 09:15:52 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Feb 2021 08:15:52 +0000 Subject: [gnutls-devel] GnuTLS | fips: replace fipshmac usage with internal program (!1390) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390#note_511755904 Thank you for the confirmation. One less dependency then; thanks @The-Mule for doing this! :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390#note_511755904 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 18 09:16:09 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Feb 2021 08:16:09 +0000 Subject: [gnutls-devel] GnuTLS | fips: replace fipshmac usage with internal program (!1390) In-Reply-To: References: Message-ID: All discussions on Merge Request !1390 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1390 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 18 09:16:18 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Feb 2021 08:16:18 +0000 Subject: [gnutls-devel] GnuTLS | Replace fipshmac usage with our own HMAC functions (#1101) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1390 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1390) Issue #1101: https://gitlab.com/gnutls/gnutls/-/issues/1101 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 18 09:16:18 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Feb 2021 08:16:18 +0000 Subject: [gnutls-devel] GnuTLS | fips: replace fipshmac usage with internal program (!1390) In-Reply-To: References: Message-ID: Merge Request !1390 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390 Project:Branches: dueno/gnutls:wip/dueno/nofipshmac to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 18 09:16:18 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Feb 2021 08:16:18 +0000 Subject: [gnutls-devel] GnuTLS | Replace fipshmac usage with our own HMAC functions (#1101) In-Reply-To: References: Message-ID: Issue was closed by Ondrej Moris via commit fe3f9e2111bc5e4c2c0a7678077eca42ee97405a Issue #1101: https://gitlab.com/gnutls/gnutls/-/issues/1101 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 18 10:41:12 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Feb 2021 09:41:12 +0000 Subject: [gnutls-devel] GnuTLS | Consider applying to GSoC (#1177) In-Reply-To: References: Message-ID: Daiki Ueno commented: Didn't get enough traction; let's not do that this time, but cultivate ideas for the future editions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1177#note_511836198 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 18 10:41:12 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Feb 2021 09:41:12 +0000 Subject: [gnutls-devel] GnuTLS | Consider applying to GSoC (#1177) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1177: https://gitlab.com/gnutls/gnutls/-/issues/1177 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1177 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 11:06:14 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 10:06:14 +0000 Subject: [gnutls-devel] GnuTLS | tests: enable all tests to run under valgrind (!1383) In-Reply-To: References: Message-ID: Merge Request !1383 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1383 Project:Branches: dueno/gnutls:wip/dueno/valgrind to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 11:06:14 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 10:06:14 +0000 Subject: [gnutls-devel] GnuTLS | tests/memset[01] failing with valgrind on Debian unstable (#708) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1383 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1383) Issue #708: https://gitlab.com/gnutls/gnutls/-/issues/708 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/708 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 11:06:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 10:06:03 +0000 Subject: [gnutls-devel] GnuTLS | tests: enable all tests to run under valgrind (!1383) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm merging this without approval, given the changes mostly affect tests only. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1383#note_512715220 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 11:06:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 10:06:13 +0000 Subject: [gnutls-devel] GnuTLS | enable valgrind tests for full testsuite (#1174) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1383 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1383) Issue #1174: https://gitlab.com/gnutls/gnutls/-/issues/1174 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1174 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 16:26:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 15:26:10 +0000 Subject: [gnutls-devel] GnuTLS | init_fds test fails when sssd is running (#1125) In-Reply-To: References: Message-ID: Daiki Ueno commented: The test has been removed as part of !1383. Closing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1125#note_513048840 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 16:26:11 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 15:26:11 +0000 Subject: [gnutls-devel] GnuTLS | init_fds test fails when sssd is running (#1125) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1125: https://gitlab.com/gnutls/gnutls/-/issues/1125 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1125 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 16:54:43 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 15:54:43 +0000 Subject: [gnutls-devel] GnuTLS | testcompat-main-openssl fails - 140270991812416:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310: (#572) In-Reply-To: References: Message-ID: Daiki Ueno commented: @ametzler is this still relevant? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/572#note_513089805 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 17:01:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 16:01:00 +0000 Subject: [gnutls-devel] GnuTLS | consider automating the .map file generation (#465) In-Reply-To: References: Message-ID: Daiki Ueno commented: @ansasaki is there any example of using abimap with autotools? I think libtool is already doing some code generation for Windows, etc. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/465#note_513095906 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 17:26:29 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 16:26:29 +0000 Subject: [gnutls-devel] GnuTLS | consider automating the .map file generation (#465) In-Reply-To: References: Message-ID: Anderson Sasaki commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/465#note_513127226 @dueno Sorry, I don't have an example using autotools. In libssh integration we added cmake scripts to call abimap and provide the input (symbols list). abimap is independent of the building framework, but needs a "glue" layer. The symbol maps in GnuTLS are a bit more complex and will require some improvements to abimap. If there is interest in trying it, I would be happy to investigate and provide patches. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/465#note_513127226 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 18:37:44 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 17:37:44 +0000 Subject: [gnutls-devel] GnuTLS | testcompat-main-openssl fails - 140270991812416:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310: (#572) In-Reply-To: References: Message-ID: Issue was closed by Andreas Metzler Issue #572: https://gitlab.com/gnutls/gnutls/-/issues/572 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/572 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 19 18:37:37 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Feb 2021 17:37:37 +0000 Subject: [gnutls-devel] GnuTLS | testcompat-main-openssl fails - 140270991812416:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310: (#572) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/572#note_513206242 I cannot reproduce anymore, let's close it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/572#note_513206242 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 20 06:31:09 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Feb 2021 05:31:09 +0000 Subject: [gnutls-devel] GnuTLS | [MSVC] lib/algorithms/protocols.c (#267) In-Reply-To: References: Message-ID: Daiki Ueno commented: This seems to have been already fixed in 9e0ddfb5ef2acf4a70d0ece0f72fc474a63638fc. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/267#note_513479179 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 20 06:31:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Feb 2021 05:31:10 +0000 Subject: [gnutls-devel] GnuTLS | [MSVC] lib/algorithms/protocols.c (#267) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #267: https://gitlab.com/gnutls/gnutls/-/issues/267 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/267 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 20 09:22:49 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Feb 2021 08:22:49 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: remove GNUTLS_*_LOOP macros (!1391) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1391 Project:Branches: dueno/gnutls:wip/dueno/no-loop-macro to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1391 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 20 12:56:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Feb 2021 11:56:30 +0000 Subject: [gnutls-devel] libtasn1 | fail to parse certificate then build with clang (#31) In-Reply-To: References: Message-ID: Samuel Harmer commented: #30 implies that `-O1` resolves the problem. However I'm seeing a failure via msmtp (see https://github.com/marlam/msmtp-mirror/issues/43) using [libtasn1 4.16.0_1](https://www.freshports.org/security/libtasn1/) and the "_1" suffix is the `-O1` compilation option so I think there's more to the compilation settings than just `-O1`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/31#note_513538402 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 20 13:24:40 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Feb 2021 12:24:40 +0000 Subject: [gnutls-devel] GnuTLS | certtool --generate-self-signed returns crt_sign: ASN1 parser: Value is not valid. (#1144) In-Reply-To: References: Message-ID: Samuel Harmer commented: Seeing this issue (via [msmtp](https://github.com/marlam/msmtp-mirror/issues/43)). ``` FreeBSD clang version 10.0.1 (git at github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2) Target: x86_64-unknown-freebsd12.2 Thread model: posix InstalledDir: /usr/bin ``` * [GnuTLS 3.6.15](https://www.freshports.org/security/gnutls/) (using package/[r547781](https://svnweb.freebsd.org/changeset/ports/547781)) * [libtasn1 4.16.0_1](https://www.freshports.org/security/libtasn1/) (using package/[r561219](https://svnweb.freebsd.org/changeset/ports/561219)) `certtool -i --infile=smtp-relay.gmail.com.txt` with [smtp-relay.gmail.com.txt](/uploads/234458182f2a41e43bce1c6a6716a150/smtp-relay.gmail.com.txt) ``` X.509 Certificate Information: Version: 3 Serial Number (hex): 0f40f2bf1a5ccc580300000000cb4080 Issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US Validity: Not Before: Tue Jan 26 09:05:20 UTC 2021 Not After: Tue Apr 20 09:05:19 UTC 2021 Subject: CN=smtp-relay.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 20:b0:68:e8:19:95:b3:01:03:d5:42:a2:a8:38:86:e5 65:3d:9f:2b:e5:1c:c3:fe:3b:93:69:9d:af:27:50:8b Y: 25:f3:66:ce:f1:26:99:ec:83:45:b6:ee:4e:3e:42:77 3a:81:e5:23:47:ea:8e:e4:1a:12:fd:b4:ac:b2:60:4d Extensions: Key Usage (critical): Digital signature. Key Purpose (not critical): TLS WWW Server. Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Key Identifier (not critical): 360be30736691791a438eef83b0812d489d53510 Authority Key Identifier (not critical): 98d1f86e10ebcf9bec609f18901ba0eb7d09fd2b Authority Information Access (not critical): Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) Access Location URI: http://ocsp.pki.goog/gts1o1core Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) Access Location URI: http://pki.goog/gsr2/GTS1O1.crt Subject Alternative Name (not critical): DNSname: smtp-relay.gmail.com Certificate Policies (not critical): 2.23.140.1.2.2 (CA/B Organization Validated) 1.3.6.1.4.1.11129.2.5.3 CRL Distribution points (not critical): URI: http://crl.pki.goog/GTS1O1core.crl Unknown extension 1.3.6.1.4.1.11129.2.4.2 (not critical): ASCII: ......v.D.e...... at ....(.......1.?.3........w>'.O.....G0E.!..E..O.s.3.....i.7.UR..........7.. i.Wv at .3/.....2k.K.}n.x..Y...D-Zb.v..\./.w0".T..0.V..M..3.../ ..N.d....w>'.......G0E. T....-.Y..H....b+8..=..t..x......!....,... .......|s.gF...:........ Hexdump: 0481f200f00076004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a8000001773e27a14f0000040300473045022100ef4503b24fbb73e23309c2b983b9698337945552d6c11bb9d4c38711028137fe022069e2577640af332fc984acd81a326bac4bef7d6e8c78c1165900f5d9442d5a62007600f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001773e27a11e0000040300473045022054d6a28ef22d0a59f3da48adf2a21a622b38d1143d991974d70a78f79c1095ac022100828fac2c08ada820c8f70a998c84fb7c73946746b883d13a00b886e1bb041d83 Signature Algorithm: RSA-SHA256 Signature: 51:bd:cf:2b:d3:08:ee:5a:68:6b:00:76:b3:31:dc:cc 36:ed:c3:d3:6c:16:42:7a:15:9e:95:e3:f3:e1:a3:67 4b:ae:f7:d5:bf:6f:ff:eb:10:98:0c:ee:3b:f8:61:1a d8:80:c6:00:f3:40:eb:54:15:61:7f:c3:de:7e:1b:a7 66:93:c4:69:1e:e5:b1:bd:40:54:51:5a:32:cd:a6:29 08:b8:bd:15:4f:ac:0d:2d:51:b4:79:e0:77:85:e4:2d 0e:75:12:cc:70:da:b9:6e:51:e7:52:6d:53:75:1f:8e b4:38:3e:73:2d:29:1f:1c:3a:3a:0b:e3:cd:3f:79:5a c4:07:b4:7a:80:fe:b5:bc:0b:72:0f:d0:38:11:ad:aa 21:81:3e:96:dc:c0:5d:e1:f1:9a:7d:76:21:b5:dc:7c 80:66:b5:89:90:e6:c1:c7:8f:3c:13:08:f1:56:99:4a 77:4e:d0:d8:f1:7f:c3:93:87:b8:e4:85:27:71:c8:9c 1f:e5:64:16:2d:dd:cc:58:5b:c6:32:24:82:59:92:66 19:6b:3e:17:d4:8c:d9:6c:20:e7:e7:39:07:bc:1f:dc 8f:0d:3f:e1:53:9f:5e:7d:c0:da:8e:06:be:37:2a:54 b6:47:06:90:a3:72:b2:f2:b2:42:4a:95:6e:e1:1d:b4 Other Information: Fingerprint: error: get_fingerprint: ASN1 parser: Value is not valid. Public Key ID: sha1:1c2919c88f95eee4b06fbc8274ab22306e1039c4 sha256:f7616f387c0ac33eb8b323cacd4638ef9aa8d2e1705fd1de53f4d88685a431e0 Public Key PIN: pin-sha256:92FvOHwKwz64syPKzUY475qo0uFwX9HeU/TYhoWkMeA= ``` [objdump_-p_certtool.txt](/uploads/b8db1b62abb8163b3aa58e8a029496f8/objdump_-p_certtool.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1144#note_513549011 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 20 20:33:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Feb 2021 19:33:27 +0000 Subject: [gnutls-devel] GnuTLS | build: remove procedual macros either by inlining or rewriting as inline functions (!1391) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **introduces 1 alert** when merging 94f413a688f0ac165297c524816b10b53b10b341 into 40d39fd8652b2cb3d413362e304bc8283de3113d - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-dd52546e00910465afcceca3b4898aa0fd222ee2) **new alerts:** * 1 for Missing return statement --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1391#note_513635598 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 21 09:38:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Feb 2021 08:38:41 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 Project:Branches: dueno/gnutls:wip/dueno/reallocarray to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1179 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 21 09:40:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Feb 2021 08:40:04 +0000 Subject: [gnutls-devel] GnuTLS | Ensure array allocations overflow safe (#1179) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.1 release (started on Dec 2, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/29 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1179 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 21 09:51:34 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Feb 2021 08:51:34 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Andreas Metzler commented: Hello, I do not think you can use reallocarray in the library, is is "LGPL", not LGPLv2+. cu Andreas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_513706945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 21 10:57:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Feb 2021 09:57:24 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_513713862 Yes, I already sent a relicense request to the author. Even if it doesn't happen, the shim should be trivial to implement (as we have in p11-kit). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_513713862 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 21 20:17:54 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Feb 2021 19:17:54 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_513796461 For the meantime I replaced it with a simple guard before calling `realloc`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_513796461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 21 20:17:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Feb 2021 19:17:55 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: All discussions on Merge Request !1392 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 22 03:38:09 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Feb 2021 02:38:09 +0000 Subject: [gnutls-devel] GnuTLS | via padlock: add support for AES-192 (#1004) In-Reply-To: References: Message-ID: zzjianhui commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1004#note_513886000 Sorry, I was on vacation because of Chinese New Year. I will look now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1004#note_513886000 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 22 19:23:58 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Feb 2021 18:23:58 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS cannot parse the extension Policy Constraints (#1157) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: Being able to say what the extension is without looking it up elsewhere is concretely useful, and is something that i'd like to be able to depend on GnuTLS-based tooling for. If the concern is that we don't want to signal support for policy constraints, perhaps the display could flag the field with something like ("Note: GnuTLS does not support policy constraints") -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1157#note_514575800 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 23 19:52:08 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Feb 2021 18:52:08 +0000 Subject: [gnutls-devel] GnuTLS | Feature request: CMS (PKCS#7) encryption (enveloped and authenveloped data) in `certtool` (#1185) References: Message-ID: Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1185 ## Description of the feature: `certtool` currently supports creation of PKCS#7-style signatures. It would be great if it could also offer PKCS#7-style encryption and decryption. In its modern form, this is lumped under [Cryptographic Message Syntax](https://tools.ietf.org/html/rfc5652), and is used in S/MIME [EnvelopedData](https://tools.ietf.org/html/rfc8551#section-3.3) or [AuthEnvelopedData](https://tools.ietf.org/html/rfc8551#section-3.4) parts. ## Applications that this feature may be relevant to: S/MIME e-mail and other messaging clients may use encryption to protect messages. ## Is this feature implemented in other libraries (and which) `gpgsm` from the GnuPG project offers some flavors of CMS. OpenSSL offers some as well, in particular the library functions `SMIME_{read,write}_{CMS,PKCS7}` and `{CMS,PKCS7}_{en,de}crypt`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1185 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 02:38:38 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 01:38:38 +0000 Subject: [gnutls-devel] GnuTLS | WIP: CMS support (RFC 5652) (!1248) In-Reply-To: References: Message-ID: Merge Request !1248 was reopened by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1248 Branches: tmp-cms-support to master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1248 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 02:41:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 01:41:30 +0000 Subject: [gnutls-devel] GnuTLS | Feature request: CMS (PKCS#7) encryption (enveloped and authenveloped data) in `certtool` (#1185) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 release ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1185 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 02:42:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 01:42:10 +0000 Subject: [gnutls-devel] GnuTLS | Feature request: CMS (PKCS#7) encryption (enveloped and authenveloped data) in `certtool` (#1185) In-Reply-To: References: Message-ID: Daiki Ueno commented: >From the library front, !1248 by @lumag is hanging for a while. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1185#note_515715601 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 04:39:47 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 03:39:47 +0000 Subject: [gnutls-devel] GnuTLS | Feature request: CMS (PKCS#7) encryption (enveloped and authenveloped data) in `certtool` (#1185) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: Ah, i see that !1248 suggests a `cmstool` which would provide this functionality, rather than having it merged into `certtool`. I'd be fine with either approach. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1185#note_515742566 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 09:21:38 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 08:21:38 +0000 Subject: [gnutls-devel] GnuTLS | Support PKCS 7 decryption (#152) In-Reply-To: References: Message-ID: Daiki Ueno commented: Let's move the discussion to #1185. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/152#note_515857786 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 09:21:38 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 08:21:38 +0000 Subject: [gnutls-devel] GnuTLS | Support PKCS 7 decryption (#152) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #152: https://gitlab.com/gnutls/gnutls/-/issues/152 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/152 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 09:22:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 08:22:03 +0000 Subject: [gnutls-devel] GnuTLS | Soft-disabling configuration capabilities should match the hard-disabling ones (#1172) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.1 release (started on Dec 2, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/29 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1172 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 09:21:57 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 08:21:57 +0000 Subject: [gnutls-devel] GnuTLS | Soft-disabling configuration capabilities should match the hard-disabling ones (#1172) In-Reply-To: References: Message-ID: Reassigned Issue 1172 https://gitlab.com/gnutls/gnutls/-/issues/1172 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1172 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 15:05:29 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 14:05:29 +0000 Subject: [gnutls-devel] libtasn1 | fix invalid unsigned arithmetic. (!73) In-Reply-To: References: Message-ID: ihsinme commented: eto moy vtoroy piar v gitlab. s etim piar chto to poshlo ne tak. kto nibud' mozhet mne pomoch' ili napravit' menya? spasibo. 120 / 5000 ?????????? ???????? this is my second PR in gitlab. with this PR something went wrong. can anyone help me or guide me? thank. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/73#note_516226556 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 18:12:22 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 17:12:22 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 was reviewed by Stanislav ?idek -- Stanislav ?idek started a new discussion on lib/x509/crl.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516422512 > - gnutls_realloc_fast(*crls, > - sizeof(gnutls_x509_crl_t) * init); > + *crls = _gnutls_reallocarray_fast(*crls, init, If I understand correctly, the `_fast` version does also frees the original array if reallocation fails. What I don't fully understand is why e.g. this line uses `_gnutls_reallocarray_fast`, but line 1265 does not. Could you clarify? -- Stanislav ?idek started a new discussion on lib/x509/pkcs12.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516422515 > - ++(*chain_len)); > + *chain = _gnutls_reallocarray_fast(*chain, > + ++(*chain_len), This is inconsistent with other places that do `X + 1` most of the time (instead of `++X`). Shall we make it consistent? -- Stanislav ?idek started a new discussion on lib/x509/ocsp.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516422519 > - new_ocsps = gnutls_realloc(*ocsps, (*size + 1)*sizeof(gnutls_ocsp_resp_t)); > + new_ocsps = _gnutls_reallocarray(*ocsps, > + *size + 1, One generic and theoretical question: I was told at the university that allocations are pretty expensive operations and we should not use them to expand arrays only by one item. I bet there is a pretty good reason for this in multiple places here, could you perhaps explain? -- Stanislav ?idek started a new discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516422524 > - sizeof(certs_st)); > + res->certs = _gnutls_reallocarray_fast(res->certs, > + 1 + res->ncerts, Inconsisten with the rest of the code here and on line 59 - `1 + X` vs. `X + 1`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 24 18:16:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Feb 2021 17:16:41 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Stanislav ?idek commented: See my review. I also checked other use of `gnutls_malloc` and found couple of examples with some arithmetic in arguments (mostly adding and multiplying by a constant). I suppose we don't want to be this paranoid, but wanted to raise this just in case. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516426807 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 07:16:34 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 06:16:34 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/crl.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516788186 > gnutls_x509_crl_list_import(*crls, &init, data, format, > flags | GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); > if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { > - *crls = > - gnutls_realloc_fast(*crls, > - sizeof(gnutls_x509_crl_t) * init); > + *crls = _gnutls_reallocarray_fast(*crls, init, In this specific case, line 1265 is the first time where `*crls` is allocated so there is no need for freeing anything. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516788186 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 07:20:15 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 06:20:15 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/ocsp.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516789411 > goto fail; > } > > - new_ocsps = gnutls_realloc(*ocsps, (*size + 1)*sizeof(gnutls_ocsp_resp_t)); > + new_ocsps = _gnutls_reallocarray(*ocsps, > + *size + 1, I suppose there is a trade-off (i.e. alloc cost vs the frequency of the function call), but this specific case is about realloc, which should already have an [optimization](https://sourceware.org/glibc/wiki/MallocInternals#Realloc_Algorithm) underneath to avoid frequent malloc-copy-free. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516789411 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 08:54:05 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 07:54:05 +0000 Subject: [gnutls-devel] GnuTLS | padlock:add support for AES-192-CBC (!1393) References: Message-ID: zzjianhui created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393 Project:Branches: zzjianhui/gnutls:padlock-aes-192 to gnutls/gnutls:master Author: zzjianhui Padlock code misses support for AES-192. Extend it to support AES-192. Due to poor performance of padlock-aes-xxx-gcm, only padlock-aes-192-cbc is added. Fixes: #1004 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 10:06:25 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 09:06:25 +0000 Subject: [gnutls-devel] GnuTLS | padlock:add support for AES-192-CBC (!1393) In-Reply-To: References: Message-ID: Merge Request !1393 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393 Project:Branches: zzjianhui/gnutls:padlock-aes-192 to gnutls/gnutls:master Author: zzjianhui Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 10:06:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 09:06:27 +0000 Subject: [gnutls-devel] GnuTLS | padlock:add support for AES-192-CBC (!1393) In-Reply-To: References: Message-ID: Merge Request !1393 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393 Project:Branches: zzjianhui/gnutls:padlock-aes-192 to gnutls/gnutls:master Author: zzjianhui Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 10:06:21 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 09:06:21 +0000 Subject: [gnutls-devel] GnuTLS | padlock:add support for AES-192-CBC (!1393) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you so much for looking into it and providing the patch! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393#note_516885527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 11:17:06 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 10:17:06 +0000 Subject: [gnutls-devel] GnuTLS | Support ECH (#595) In-Reply-To: References: Message-ID: Reassigned Issue 595 https://gitlab.com/gnutls/gnutls/-/issues/595 Assignee changed from Daiki Ueno to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/595 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 11:18:34 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 10:18:34 +0000 Subject: [gnutls-devel] GnuTLS | Support ECH (#595) In-Reply-To: References: Message-ID: Daiki Ueno commented: I guess this needs to wait for the HPKE implementation, hopefully upstreamed into nettle. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/595#note_516959886 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 12:39:36 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 11:39:36 +0000 Subject: [gnutls-devel] GnuTLS | via padlock: add support for AES-192 (#1004) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1393 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1393) Issue #1004: https://gitlab.com/gnutls/gnutls/-/issues/1004 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1004 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 12:39:36 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 11:39:36 +0000 Subject: [gnutls-devel] GnuTLS | padlock:add support for AES-192-CBC (!1393) In-Reply-To: References: Message-ID: Merge Request !1393 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393 Project:Branches: zzjianhui/gnutls:padlock-aes-192 to gnutls/gnutls:master Author: zzjianhui Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1393 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 15:48:21 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 14:48:21 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) References: Message-ID: Tom created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 Project:Branches: Vrancken/gnutls:tmp-ctype-handling-improvements to gnutls/gnutls:master Author: Tom This MR includes some improvements in code readability, documentation, and logging with regards to certificate type handling. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 18:09:43 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 17:09:43 +0000 Subject: [gnutls-devel] libtasn1 | Merge !71 along with CI fixes (!74) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/74 Project:Branches: dueno/libtasn1:wip/dueno/ci-fixes to gnutls/libtasn1:master Author: Daiki Ueno This merges !71 along with other CI fixes; we can't merge otherwise because of those test failures. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/74 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 18:11:35 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 17:11:35 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Daiki Ueno commented: Apologies for the long delay and thank you very much for looking into the fix. I'm merging this along with the other CI failures as !74. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71#note_517380465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 18:11:35 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 17:11:35 +0000 Subject: [gnutls-devel] libtasn1 | Fix handling of code which uses NULL pointers + offset (fixes issue #30) (!71) In-Reply-To: References: Message-ID: Merge Request !71 was closed by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71 Project:Branches: stweil/libtasn1:fix-for-apple-clang to gnutls/libtasn1:master Author: Stefan Weil Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 18:12:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 17:12:04 +0000 Subject: [gnutls-devel] libtasn1 | Merge !71 along with CI fixes (!74) In-Reply-To: References: Message-ID: Merge Request !74 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/libtasn1/-/merge_requests/74 Project:Branches: dueno/libtasn1:wip/dueno/ci-fixes to gnutls/libtasn1:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/74 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 19:19:07 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 18:19:07 +0000 Subject: [gnutls-devel] libtasn1 | Merge !71 along with CI fixes (!74) In-Reply-To: References: Message-ID: Merge Request !74 was merged Merge Request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/74 Project:Branches: dueno/libtasn1:wip/dueno/ci-fixes to gnutls/libtasn1:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/74 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 20:31:23 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 19:31:23 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/Makefile.am: do not force static (!61) In-Reply-To: References: Message-ID: Daiki Ueno commented: Sorry for the shameless delay; looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/61#note_517468288 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 20:31:31 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 19:31:31 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/Makefile.am: do not force static (!61) In-Reply-To: References: Message-ID: Merge Request !61 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/61 Project:Branches: ffontaine/libtasn1:master to gnutls/libtasn1:master Author: Fabrice Fontaine Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/61 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 20:31:32 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 19:31:32 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/Makefile.am: do not force static (!61) In-Reply-To: References: Message-ID: Merge Request !61 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/libtasn1/-/merge_requests/61 Project:Branches: ffontaine/libtasn1:master to gnutls/libtasn1:master Author: Fabrice Fontaine Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/61 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 20:33:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 19:33:27 +0000 Subject: [gnutls-devel] libtasn1 | SIZE: restore handling of SIZE nodes (!68) In-Reply-To: References: Message-ID: Merge Request !68 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/68 Branches: tmp-restore-size to master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/68 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 20:33:29 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 19:33:29 +0000 Subject: [gnutls-devel] libtasn1 | SIZE: restore handling of SIZE nodes (!68) In-Reply-To: References: Message-ID: Merge Request !68 was merged Merge Request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/68 Branches: tmp-restore-size to master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/68 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 20:34:39 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 19:34:39 +0000 Subject: [gnutls-devel] libtasn1 | fix invalid unsigned arithmetic. (!73) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you please rebase it against the latest git master? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/73#note_517469877 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 25 20:34:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Feb 2021 19:34:42 +0000 Subject: [gnutls-devel] libtasn1 | fix invalid unsigned arithmetic. (!73) In-Reply-To: References: Message-ID: Merge Request !73 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/73 Project:Branches: ihsinme/libtasn1:ihsinme-master-patch-12809 to gnutls/libtasn1:master Author: ihsinme Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/73 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 26 09:26:16 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 26 Feb 2021 08:26:16 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_517745086 > * > + * Raw public-keys: > + * In case raw public-keys are negotiated as certificate type, certifactes typo: "certifactes" -- Daiki Ueno started a new discussion on lib/ext/server_cert_type.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_517745088 > + cert_type = cert_priorities->priorities[i]; > + > + if (_gnutls_session_cert_type_supported(session, cert_type, I tend to think this function should return a boolean instead of zero-or-negative, as "git grep" shows all the uses are in `if (...)`? -- Daiki Ueno started a new discussion on lib/ext/server_cert_type.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_517745092 > uint8_t i = 0, num_cert_types = 0; > priority_st* cert_priorities; > gnutls_datum_t tmp_cert_types; // For type conversion nit: given many of those local variables are not used in the server case, I would suggest moving them to the actual usage below. The same applies to the other extension. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 26 15:53:23 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 26 Feb 2021 14:53:23 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: Tom commented on a discussion on lib/ext/server_cert_type.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518141213 > * structure of the code here. > */ > for (i = 0; i < cert_priorities->num_priorities; i++) { > - if (_gnutls_session_cert_type_supported > - (session, cert_priorities->priorities[i], > - false, GNUTLS_CTYPE_SERVER) == 0) { > + > + cert_type = cert_priorities->priorities[i]; > + > + if (_gnutls_session_cert_type_supported(session, cert_type, You are right. It was a rewrite from a function Nikos once made. Back then all functions returned an integer. I will update it to return a bool. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518141213 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 26 16:04:44 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 26 Feb 2021 15:04:44 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: Tom commented on a discussion on lib/ext/server_cert_type.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518150268 > gnutls_buffer_st* data) > { > int ret; > - uint8_t cert_type; // Holds an IANA cert type ID > + uint8_t cert_type_IANA; // Holds an IANA cert type ID > + uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported (IANA) cert types. Inv: 0 <= cert type Id < 256 > uint8_t i = 0, num_cert_types = 0; > priority_st* cert_priorities; > gnutls_datum_t tmp_cert_types; // For type conversion What is your rationale for this? Memory efficiency? Scoping? I thought that all local variables are allocated on the stack regardless of where they are defined? The reason that I put all declarations at the top is readability, i.e., one place where all the variables are defined. Can you elaborate on your desire to move some of the declarations? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518150268 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 26 17:56:07 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 26 Feb 2021 16:56:07 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/ext/server_cert_type.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518230758 > gnutls_buffer_st* data) > { > int ret; > - uint8_t cert_type; // Holds an IANA cert type ID > + uint8_t cert_type_IANA; // Holds an IANA cert type ID > + uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported (IANA) cert types. Inv: 0 <= cert type Id < 256 > uint8_t i = 0, num_cert_types = 0; > priority_st* cert_priorities; > gnutls_datum_t tmp_cert_types; // For type conversion I meant for readability; otherwise one would need to go to the beginning of the function every time when she wants to know the type of a variable used in the middle of the function. Although the current code doesn't exceed the [5-10 limit](https://www.kernel.org/doc/html/latest/process/coding-style.html#functions), it's approaching to it (9 currently). I wouldn't say we should split the function, but re-organizing with separate code blocks would make the code a little more readable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518230758 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 26 23:31:08 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 26 Feb 2021 22:31:08 +0000 Subject: [gnutls-devel] libtasn1 | asn1_object_id_der: Fix UB due to null pointer arithmetic (!72) In-Reply-To: References: Message-ID: Merge Request !72 was closed by Roman Bolshakov Merge Request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/72 Project:Branches: roolebo/libtasn1:fix-arithmetic-on-null-pointers to gnutls/libtasn1:master Author: Roman Bolshakov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/72 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 27 09:02:23 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 27 Feb 2021 08:02:23 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/pkcs12.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518464570 > != 0) > goto skip; > > - *chain = > - gnutls_realloc_fast(*chain, > - sizeof((*chain)[0]) * > - ++(*chain_len)); > + *chain = _gnutls_reallocarray_fast(*chain, > + ++(*chain_len), I guess that's because we need to update `*chain_len` anyway here, while in other places we don't. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518464570 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 27 09:02:46 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 27 Feb 2021 08:02:46 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: All discussions on Merge Request !1392 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 27 19:22:56 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 27 Feb 2021 18:22:56 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: Tom commented on a discussion on lib/ext/server_cert_type.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518620453 > gnutls_buffer_st* data) > { > int ret; > - uint8_t cert_type; // Holds an IANA cert type ID > + uint8_t cert_type_IANA; // Holds an IANA cert type ID > + uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported (IANA) cert types. Inv: 0 <= cert type Id < 256 > uint8_t i = 0, num_cert_types = 0; > priority_st* cert_priorities; > gnutls_datum_t tmp_cert_types; // For type conversion > I meant for readability; otherwise one would need to jump to the beginning of the function every time when she wants to know the type of a variable used in the middle of the function. I don't think this is an issue anymore nowadays. A decent IDE solves this by displaying the variable types and by assisting by means of auto-complete ;-) Nevertheless, I will change it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518620453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 11:57:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 10:57:26 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Stanislav ?idek commented on a discussion on lib/x509/pkcs12.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518756989 > != 0) > goto skip; > > - *chain = > - gnutls_realloc_fast(*chain, > - sizeof((*chain)[0]) * > - ++(*chain_len)); > + *chain = _gnutls_reallocarray_fast(*chain, > + ++(*chain_len), I see, my bad. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518756989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 12:00:46 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 11:00:46 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Stanislav ?idek commented on a discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518757353 > int nr) > { > - res->sorted_cert_idx = gnutls_realloc_fast(res->sorted_cert_idx, > - (1 + res->ncerts) * > - sizeof(unsigned int)); > + res->sorted_cert_idx = _gnutls_reallocarray_fast(res->sorted_cert_idx, > + 1 + res->ncerts, > + sizeof(unsigned int)); > if (res->sorted_cert_idx == NULL) > return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); > > - res->certs = gnutls_realloc_fast(res->certs, > - (1 + res->ncerts) * > - sizeof(certs_st)); > + res->certs = _gnutls_reallocarray_fast(res->certs, > + 1 + res->ncerts, Is there a reason why `1 + res->ncerts` is better than `res->ncerts + 1`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518757353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 14:18:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 13:18:41 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: All discussions on Merge Request !1394 were resolved by Tom https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 17:52:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 16:52:13 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: Merge Request !1394 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 Project:Branches: Vrancken/gnutls:tmp-ctype-handling-improvements to gnutls/gnutls:master Author: Tom Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 17:52:18 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 16:52:18 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: Merge Request !1394 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 Project:Branches: Vrancken/gnutls:tmp-ctype-handling-improvements to gnutls/gnutls:master Author: Tom Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 17:52:25 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 16:52:25 +0000 Subject: [gnutls-devel] GnuTLS | Certificate type handling improvements (!1394) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1394#note_518821767 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 17:55:57 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 16:55:57 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518822155 > int nr) > { > - res->sorted_cert_idx = gnutls_realloc_fast(res->sorted_cert_idx, > - (1 + res->ncerts) * > - sizeof(unsigned int)); > + res->sorted_cert_idx = _gnutls_reallocarray_fast(res->sorted_cert_idx, > + 1 + res->ncerts, > + sizeof(unsigned int)); > if (res->sorted_cert_idx == NULL) > return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); > > - res->certs = gnutls_realloc_fast(res->certs, > - (1 + res->ncerts) * > - sizeof(certs_st)); > + res->certs = _gnutls_reallocarray_fast(res->certs, > + 1 + res->ncerts, The follow-up change actually makes it consistent with the latter style. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518822155 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 17:55:58 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 16:55:58 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: All discussions on Merge Request !1392 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 28 17:58:05 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Feb 2021 16:58:05 +0000 Subject: [gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518822430 This is a good point; we should probably use `xsum` and `size_overflow_p` for the addtions as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_518822430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: