From gnutls-devel at lists.gnutls.org Mon Aug 1 13:04:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Aug 2022 11:04:45 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutlsxx header-only library (#1381) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented: How can this be done? For example, there is in `lib/gnutlsxx.cpp`: session::session (unsigned int flags) { RETWRAP (gnutls_init (&s, flags)); } Do you suggest that the `session` constructor should re-implement the logic of `gnutls_init()` and its definition should be moved in a C++ header file? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1381#note_1046333685 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 1 14:43:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Aug 2022 12:43:47 +0000 Subject: [gnutls-devel] GnuTLS | guile: reauth test is failing (#1388) In-Reply-To: References: Message-ID: civodul commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1388#note_1046483332 Hi Daiki, > @civodul could you take a look? The CI trace is available at: > https://gitlab.com/gnutls/gnutls/-/jobs/2771635108 Is it reproducible (I can?t reproduce it here on Guix)? Could you share the full `guile/test-suite.log` file? Thanks, Ludo?. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1388#note_1046483332 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 1 15:44:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Aug 2022 13:44:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) References: Message-ID: Nikolaos Chatzikonstantinou created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622 Project:Branches: createyourpersonalaccount/gnutls:gnutlsxx-headeronly to gnutls/gnutls:master Author: Nikolaos Chatzikonstantinou Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 00:59:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Aug 2022 22:59:11 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) References: Message-ID: Neustradamus created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1391 Can you add the support of RFC 9266: Channel Bindings for TLS 1.3? - https://datatracker.ietf.org/doc/html/rfc9266 Little details, to know easily: - tls-unique for TLS =< 1.2 - tls-exporter for TLS = 1.3 Thanks in advance. Linked to: - https://gitlab.com/gnutls/gnutls/-/issues/1214 - https://gitlab.com/gnutls/gnutls/-/merge_requests/1422 cc: @rufferson, @dueno. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 03:13:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 01:13:38 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you elaborate what is missing in the current implementation? I believe both tls-unique and tls-exporter are already supported by `gnutls_session_channel_binding`, but perhaps we could restrict the use of tls-exporter taking into account of [4.2 Use with legacy TLS](https://datatracker.ietf.org/doc/html/rfc9266#section-4.2). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391#note_1047157032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 03:17:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 01:17:25 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1047158138 > # C++ library > > if ENABLE_CXX > -libgnutlsxx_la_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes -I$(srcdir)/includes > > AM_CXXFLAGS = \ > -I$(srcdir)/includes \ > -I$(builddir)/includes > > -lib_LTLIBRARIES += libgnutlsxx.la Unless we target the next major release, I suspect we might still need to ship this shared library for binary compatibility (e.g., if the shared library suddenly removed from the distribution package, existing applications linked to it will stop working). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1047158138 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 03:21:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 01:21:00 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno commented: Great work, thank you for looking into it! I only have a concern on the backward compatibility. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1047159139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 03:30:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 01:30:20 +0000 Subject: [gnutls-devel] GnuTLS | guile: reauth test is failing (#1388) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1388#note_1047162214 > Is it reproducible (I can?t reproduce it here on Guix)? I can reliably reproduce it on Fedora. Assuming podman installed, maybe you could try: ```console $ podman run -ti --pull=always registry.gitlab.com/gnutls/build-images:buildenv-fedora35 # git clone https://gitlab.com/gnutls/gnutls.git # cd gnutls # git revert 0ee85e0a8e4b1fad3960efe00bd733d02076e4ea # ./bootstrap # GUILE=/usr/bin/guile2.2 # GUILD=/usr/bin/guild2.2 # guile_snarf=/usr/bin/guile-snarf2.2 # export GUILE GUILD guile_snarf # mkdir build # cd build # ../configure --disable-doc # make -j$(nproc) # cd guile # make check ``` > Could you share the full guile/test-suite.log file? Full log is available at: https://gitlab.com/gnutls/gnutls/-/jobs/2771635108/artifacts/file/gnutls-3.7.6/_build/sub/guile/test-suite.log -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1388#note_1047162214 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 03:58:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 01:58:44 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) In-Reply-To: References: Message-ID: Neustradamus commented: @dueno: Yes @rufferson has already done a good job a long time ago! We are okay that since the @rufferson code with the old draft, all are good? Oh sorry, I have not seen the last PR from @jas! - https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 @jas: It is possible to add a little important detail and to have: - `* @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding for TLS` - `* @GNUTLS_CB_TLS_SERVER_END_POINT: "tls-server-end-point" (RFC 5929) channel binding for TLS` - `* @GNUTLS_CB_TLS_EXPORTER: "tls-exporter" (RFC 9266) channel binding for TLS 1.3` RFCs: - https://tools.ietf.org/html/rfc5056 "On the Use of Channel Bindings to Secure Channels" - https://tools.ietf.org/html/rfc5929 "Channel Bindings for TLS" - https://tools.ietf.org/html/rfc9266 "Channel Bindings for TLS 1.3" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391#note_1047171732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 12:29:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 10:29:20 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion on lib/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1047718968 > # C++ library > > if ENABLE_CXX > -libgnutlsxx_la_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes -I$(srcdir)/includes > > AM_CXXFLAGS = \ > -I$(srcdir)/includes \ > -I$(builddir)/includes > > -lib_LTLIBRARIES += libgnutlsxx.la I think it is best to wait for the next major release for this. In the meantime, I can think more about it, and test it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1047718968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 13:14:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 11:14:13 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) In-Reply-To: References: Message-ID: Veterans Mod commented: **I had a similar issues few days ago, i was troubled but finally i sorted it out with customer service via a live chat https://direct.lc.chat/14345826/** -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391#note_1047790674 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 13:14:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 11:14:17 +0000 Subject: [gnutls-devel] GnuTLS | Support multiple identities for TLS 1.3 PSK (#1385) In-Reply-To: References: Message-ID: Veterans Mod commented: **I had a similar issues few days ago, i was troubled but finally i sorted it out with customer service via a live chat https://direct.lc.chat/14345826/** -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1385#note_1047790854 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 13:14:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 11:14:24 +0000 Subject: [gnutls-devel] GnuTLS | Cannot build static library successfully (#1389) In-Reply-To: References: Message-ID: Veterans Mod commented: **I had a similar issues few days ago, i was troubled but finally i sorted it out with customer service via a live chat https://direct.lc.chat/14345826/** -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1389#note_1047790977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 13:14:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 11:14:30 +0000 Subject: [gnutls-devel] GnuTLS | guile: reauth test is failing (#1388) In-Reply-To: References: Message-ID: Veterans Mod commented: **I had a similar issues few days ago, i was troubled but finally i sorted it out with customer service via a live chat https://direct.lc.chat/14345826/** -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1388#note_1047791129 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 13:14:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 11:14:37 +0000 Subject: [gnutls-devel] GnuTLS | Check all OCSP responses (#1372) In-Reply-To: References: Message-ID: Veterans Mod commented: **I had a similar issues few days ago, i was troubled but finally i sorted it out with customer service via a live chat https://direct.lc.chat/14345826/** -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1372#note_1047791266 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 14:11:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 12:11:54 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno commented: Conditionalizing with a preprocessor macro like [this](https://www.cppengineer.com/blog/using-cmake-to-create-header-only-shared-and-static-libraries) might be an option, though that would increase code duplication. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1047863434 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 14:30:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 12:30:19 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno, Anderson Sasaki, and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 14:30:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 12:30:21 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) References: Message-ID: Stanislav ?idek created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 Project:Branches: ep69/gnutls:interop to gnutls/gnutls:master Author: Stanislav ?idek Reviewers: Daiki Ueno, Anderson Sasaki, and Alexander Sosedkin Add a description of the new feature/bug fix. Reference any relevant bugs.. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 15:16:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 13:16:23 +0000 Subject: [gnutls-devel] GnuTLS | Draft: interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1047989200 > + - COMPONENT: > + - openssl > + #- nss # currently fails on Fedora due to NSS bug > + TYPE: > + - 2way > + #- 3way # these tests take too long, plan is to split them > + #- 4way > + #- 5way > + #- p256 > + #- p384 > + #- p521 > + #- rsae > + #- rsapss > + allow_failure: true > + script: > + - dnf install -y tmt beakerlib Can we move this package installation to build-images? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1047989200 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 16:28:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 14:28:34 +0000 Subject: [gnutls-devel] build-images | added tmt and beakerlib for interoperability tests (!29) References: Message-ID: Stanislav ?idek created a merge request: https://gitlab.com/gnutls/build-images/-/merge_requests/29 Project:Branches: ep69/gnutls-build-images:interop to gnutls/build-images:master Author: Stanislav ?idek -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 16:30:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 14:30:39 +0000 Subject: [gnutls-devel] GnuTLS | Draft: interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Stanislav ?idek commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1048162235 > + - COMPONENT: > + - openssl > + #- nss # currently fails on Fedora due to NSS bug > + TYPE: > + - 2way > + #- 3way # these tests take too long, plan is to split them > + #- 4way > + #- 5way > + #- p256 > + #- p384 > + #- p521 > + #- rsae > + #- rsapss > + allow_failure: true > + script: > + - dnf install -y tmt beakerlib Created https://gitlab.com/gnutls/build-images/-/merge_requests/29 , could you have a look? Is there an explicit action required to rebuild the images after merging? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1048162235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 16:41:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 14:41:49 +0000 Subject: [gnutls-devel] build-images | added tmt and beakerlib for interoperability tests (!29) In-Reply-To: References: Message-ID: Merge request !29 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/build-images/-/merge_requests/29 Project:Branches: ep69/gnutls-build-images:interop to gnutls/build-images:master Author: Stanislav ?idek Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 16:42:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 14:42:14 +0000 Subject: [gnutls-devel] build-images | added tmt and beakerlib for interoperability tests (!29) In-Reply-To: References: Message-ID: Merge request !29 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/build-images/-/merge_requests/29 Project:Branches: ep69/gnutls-build-images:interop to gnutls/build-images:master Author: Stanislav ?idek Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 18:01:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 16:01:32 +0000 Subject: [gnutls-devel] build-images | added tmt and beakerlib for interoperability tests (!29) In-Reply-To: References: Message-ID: Stanislav ?idek commented: @dueno I made a mistake in previous commit, should be fine now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/29#note_1048334432 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 2 18:20:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 16:20:52 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1048355905 I re-introduced `gnutlsxx.cpp` as a simple file that only includes the header. The macro `GNUTLS_GNUTLSXX_HEADERONLY` controls the effect of the header file; whether it should be header-only or not. Where should `` be? I have it in the cpp file, but not in the header file. I believe there is an implication for the header-only user of the library, that certain macros will not be defined. How do you suggest to solve this problem? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1048355905 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 3 00:43:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Aug 2022 22:43:00 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) In-Reply-To: References: Message-ID: Neustradamus commented: It is not complete: - 5929: https://gitlab.com/search?search=5929&nav_source=navbar&project_id=179611&group_id=121613&search_code=true&repository_ref=master vs - 9266: https://gitlab.com/search?search=9266&nav_source=navbar&project_id=179611&group_id=121613&search_code=true&repository_ref=master And one example where there is 5929 in other code: - https://github.com/git-for-windows/git-sdk-64/blob/main/mingw64/share/info/gnutls.info -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391#note_1048671017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 3 10:15:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Aug 2022 08:15:28 +0000 Subject: [gnutls-devel] build-images | added tmt and beakerlib for interoperability tests (!29) In-Reply-To: References: Message-ID: Stanislav ?idek commented: @dueno Could you please merge (if everything is fine)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/29#note_1049035304 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 3 11:18:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Aug 2022 09:18:00 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Adjust RSA key size restrictions (!1624) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 Project:Branches: dueno/gnutls:wip/dueno/rsa-key-sizes to gnutls/gnutls:master Author: Daiki Ueno This series changes how the library allows/approves RSA operations based on key sizes. Namely: - any operation with key size shorter than 1024 bits is disallowed - in FIPS140 mode, signature verification is approved for either key sizes longer than 2048 bits, or known key sizes between 1024 bits and 2048 bits (1024, 1280, 1536, and 1792 bits) - in FIPS140 mode, signature and key generation are only approved for key sizes longer than 2048 bits ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 3 13:31:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Aug 2022 11:31:44 +0000 Subject: [gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625) In-Reply-To: References: Message-ID: Reassigned merge request 1625 https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 Assignee changed to Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 3 13:31:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Aug 2022 11:31:45 +0000 Subject: [gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625) References: Message-ID: Franti?ek Kren?elok created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 Project:Branches: FrantisekKrenzelok/gnutls:wip/ktls_keyupdate to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno Add ktls support for gnutls_session_key_update() This functionality requires a kernel patch ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 3 13:31:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Aug 2022 11:31:43 +0000 Subject: [gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 3 16:20:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Aug 2022 14:20:36 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1049627366 Has to be off by default until the next major release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1049627366 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 09:43:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 07:43:00 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_decrypt_pbes1_des_md5_data: use public crypto API (!1626) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 Project:Branches: dueno/gnutls:wip/dueno/fips-pbes1 to gnutls/gnutls:master Author: Daiki Ueno This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd. In the decryption code path with PBES1, algorithm checks for FIPS was not applied, because it used internal functions that bypass those checks. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 10:01:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 08:01:54 +0000 Subject: [gnutls-devel] GnuTLS | DES-CBC bag is decryptable under FIPS (#1392) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1392 ``` $ fips-mode-setup --check FIPS mode is enabled. $ wget -q 'https://github.com/redhat-qe-security/keyfile-corpus/raw/master/rsa(2048,sha256),cert&key(pbeWithMD5AndDES-CBC,salt(8),iter(2048)),mac(sha1,salt(8),iter(2048)),pass(ascii).p12' $ certtool --p12-info --inder --infile 'rsa(2048,sha256),cert&key(pbeWithMD5AndDES-CBC,salt(8),iter(2048)),mac(sha1,salt(8),iter(2048)),pass(ascii).p12' --password 'Red Hat Enterprise Linux 7.4' MAC info: MAC: SHA1 (1.3.14.3.2.26) Salt: 052281f5da42b212 Salt size: 8 Iteration count: 2048 BAG #0 Type: Encrypted Cipher: DES-CBC Schema: PBES1-DES-CBC-MD5 (1.2.840.113549.1.5.3) Salt: Salt size: 0 Iteration count: 2048 Decrypting... Elements: 1 Type: Certificate Friendly name: localhost Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0 -----BEGIN CERTIFICATE----- MIIC+zCCAeOgAwIBAgIJALcX+trIX5ynMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV BAMMCWxvY2FsaG9zdDAeFw0xNzAzMTYxMTAzMTBaFw0xNzA0MTUxMTAzMTBaMBQx EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBANykRgfq8TW1B6NNUaR3cG0OW0nzy1RW74k4pfg/3CxOh/JBk6YX9TJ2GJ2j mE9el3mMgItrCAv6cduWvYkl7H/B/iLpLO/8ie5bwL6IDC/s107uxTMBJwE83gwt jE1bgJ02rf602BKqTB9COuCLQAM46u3liukOPOAFhiF6dGSOX7wGm36EqS11EZiO UHRLJeIV6ruLf35Sme26Lzefd1Pj6J5T/vYlrd54QcBqRRL3jBw2j4DUphG4LroR eVCNMiYTx9+kqlqHrz4NWNFsms7r6LYTA1Q3KcwjuDVq7aznVKXRxnI09e919Txk veYoK+E7e4M+X4o/Mc41IUZguAkCAwEAAaNQME4wHQYDVR0OBBYEFJ2pF/DIt1Gf DHgXypnHtptyeghoMB8GA1UdIwQYMBaAFJ2pF/DIt1GfDHgXypnHtptyeghoMAwG A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFO29MmqGIBwP4F3ehNlIBnv pSZiLraBN9HKOCJKOJxSJ69KL4FFV/pqXegdXDHebdx3YfRV0tC+nF0izUtNC+kO 8XKU/sFwwMG4bP+rU1cl2mZZK8vVWA0mippphOe3Jwr/cZWK5rMja6OIGsIQieWx Ot5vBruOYOfoNAOIms7ezEKCIhgi7lhT06Voe8DlVM2/dxmyIgxenl0i45WRVd9u 4C+a2HQULDbBS2GdqHkyD8guY6HFLkeDZrymKZDYDsH6P+qUqK97/WhFqgTCSTQy XcMXQPzfo2bP7KqY/WvwAbekZ4psv22fRs3g6NPxQvMSpqoRZ0sHHvnM40NoBWQ= -----END CERTIFICATE----- BAG #1 Elements: 1 Type: PKCS #8 Encrypted key PKCS #8 information: Cipher: DES-CBC Schema: PBES1-DES-CBC-MD5 (1.2.840.113549.1.5.3) Salt: Salt size: 0 Iteration count: 2048 Friendly name: localhost Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0 -----BEGIN ENCRYPTED PRIVATE KEY----- MIIE6TAbBgkqhkiG9w0BBQMwDgQIxOUh2dwiYk8CAggABIIEyG7fO0wGc6GveVQX 1sHnirPDSxMF39c9Aj4tIK/1x4eul+KGwQ4hZIDgNq4nwp+BHG8Cna5uTi/mpy/v XOeWFlf2kicPMmJkR4hLiMij+rSuAox28ChFNIvn2y1zyTP6MTXIDrNg3WQ2hFR6 tnO/Lhs+YHA5Zt386lN3DH/SxarRpCCaS6TOcRCfuuEdQNROMPNaPO1AekssjOcF LOCqg2Xi2pc4ZsTT2066OVjFKaeRV/Libg7buTx2l0cR+B+0GovUm42wvwNitGq3 QvkSjiMiQ+OFt81R7xcQmGHbz2CF22FMjYpkjbrtC5Rc1dqW1NA1Y83eoYhJzJhR x4W/Y8BvOaPDfCSvBXDDFHr8nOqscs9xxKCpFb6Vh4TlytrbcWKc8bNurNLxfEwS 89LXif+jphZ12A3biqjNNQHXMk/TdA7vAb/Xk7xpg7R8LBpV34+mwX+7k0tXARDq Ck377vijd4mvHX65ol8FQuC3ggkeZrk3lmj8FUC4nSzacvS3kXQNr8MtblyvhhJE 4FerJdYPNWsnDxqimaUI+c+bjbotaDTUWeJcxJdAki0brgPCeWcak3oCEBNWuLu8 BsMAx6Iuw7ECcGKitaIc+zkxokcJZe4rjSOc9bMXuTOpkukpzZ9JZVDh+z/n4ALN uvUbA2/alAVoWZO/OL4BST65uUZxM7nOHR63tTd5HgroxkZHlOlG4p919kqe7s1S XE8nmjIa0ruFHqHg/FjiwL4rUTcg3OLeo7MVUQfqjI0rSL1XKWDgrpWEcVp5pPuu NtDH6gQO0t5t3JBxGVYiZ4A3rLIZeIavz51A/2OwNFHKxXdJGgskv/Xk4vsFL/EB VCThi2c5S2z/jQtP493faKSSHGsK9cJXfOmTv24YqisO/JYQg1/d7srCcYkgmmFh LKJMTYdARuGFs2UtcUubqve/UJp4Zg6FuG51Ga47qJBwS79SqKBeXeC23vf3USn1 szInO5WBSCKinFmA9AXnuFDS2gxDi/fJgq9untjg+cqonmPd4pn1vHCibICoyO8V qzELqXasmjSimzzC8WQkEfHln/YqiPonYtvW9Iqf/gjaf1XDwCYSzclIzHT+/E7q j+kY1iJiJU65vvjUmdB+T7h4IqEiAwZhNiqe1RQp7QWThwdefL6THZGEudQarj3z J73buBtY2zf8GfB2b2lmFYzp6MjJQpnT5WLnxBQl2l8/r6ms57ds+avC50CXWf/J Z4I6cN8Q0RKax2Y7nUcNXqrzIHk25cGMn1HPY02F/h9h70JsxrKBHJEFBXXLnZ21 72NjT8fGSUgoQ0Qh9epOfaKfQqRiquYkMHiT7ksnIuHF+4x4JYze2HVSYs36Wu3y l7/8cZmH2f356trgcycOLve32xZkx6edcbIWHNWNW2gXsP4LmGxtP58uFtwTxN6v RUmzb9XOWfBCsk4wGF3OGfQpM6pWulxMtjXr8URpyUquCR3E8hzBHg/UJPSkQBIb WSmrZHQH1zRoK7RxPWqjWD5s99fZlPmRTmirVfKynq/5dbsCNIdPPW+qwhGHLlHX jAQwxW5sqEE6m2ENmECrHm5mHjmAUShlu/x55rQuKrQvWwGZXCVOH3NKt8rum/tg Iw3Jj8IrAn8/Do/4vQ== -----END ENCRYPTED PRIVATE KEY----- ``` I expect DES-CBC bag decryption to fail with `bag_decrypt: An algorithm that is not enabled was negotiated.` Related: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 10:09:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 08:09:16 +0000 Subject: [gnutls-devel] libtasn1 | How to Run the test cases manually (#39) References: Message-ID: Naveenkumar created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/39 ## Description of problem: I need to run the test case from the fuzz and tests directory manually. I created the Binary from the fuzz, tests directories. ## Version of libtasn1 used: libtasn1-4.18.0 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: ## Actual results: ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/39 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 10:15:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 08:15:01 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_decrypt_pbes1_des_md5_data: use public crypto API (!1626) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Tested to fix #1392. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626#note_1050495810 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 10:15:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 08:15:25 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_decrypt_pbes1_des_md5_data: use public crypto API (!1626) In-Reply-To: References: Message-ID: Merge request !1626 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 Project:Branches: dueno/gnutls:wip/dueno/fips-pbes1 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 10:56:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 08:56:37 +0000 Subject: [gnutls-devel] build-images | added tmt and beakerlib for interoperability tests (!29) In-Reply-To: References: Message-ID: Merge request !29 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/build-images/-/merge_requests/29 Project:Branches: ep69/gnutls-build-images:interop to gnutls/build-images:master Author: Stanislav ?idek Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 10:56:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 08:56:46 +0000 Subject: [gnutls-devel] build-images | added tmt and beakerlib for interoperability tests (!29) In-Reply-To: References: Message-ID: Merge request !29 was merged Merge request URL: https://gitlab.com/gnutls/build-images/-/merge_requests/29 Project:Branches: ep69/gnutls-build-images:interop to gnutls/build-images:master Author: Stanislav ?idek -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 11:28:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 09:28:37 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_decrypt_pbes1_des_md5_data: use public crypto API (!1626) In-Reply-To: References: Message-ID: Reassigned merge request 1626 https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 11:28:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 09:28:48 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_decrypt_pbes1_des_md5_data: use public crypto API (!1626) In-Reply-To: References: Message-ID: Reviewer changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 11:29:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 09:29:00 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_decrypt_pbes1_des_md5_data: use public crypto API (!1626) In-Reply-To: References: Message-ID: Merge request !1626 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 Project:Branches: dueno/gnutls:wip/dueno/fips-pbes1 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 11:29:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 09:29:02 +0000 Subject: [gnutls-devel] GnuTLS | DES-CBC bag is decryptable under FIPS (#1392) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit df6c95f7d156100bd935c6904d588b0aef6e3442 Issue #1392: https://gitlab.com/gnutls/gnutls/-/issues/1392 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 12:15:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 10:15:14 +0000 Subject: [gnutls-devel] GnuTLS | Draft: interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: All discussions on merge request !1623 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 13:37:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 11:37:22 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Stanislav ?idek changed the draft status of merge request !1623 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 13:37:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 11:37:39 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Stanislav ?idek commented: Ready for review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1050774690 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 15:59:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 13:59:56 +0000 Subject: [gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1051007326 > case GNUTLS_HANDSHAKE: > // ignore post-handshake messages > + if (*(char *)data == GNUTLS_HANDSHAKE_KEY_UPDATE) { Do we need this check? Also remove the comment on the previous line (`ignore post-handshake messages`) which is no longer the case. -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1051007352 > + gnutls_handshake_description_t htype, > + const void *data, size_t data_size) > +{ Maybe add `(void)level` to suppress compiler warning? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 18:03:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 16:03:47 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Adjust RSA key size restrictions (!1624) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1051200017 > + /* RSA key size shorter than 1024-bit is not allowed. */ > + if (unlikely(pub.size < 128)) { > + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); Shouldn't it fall under `GNUTLS_CERT_INSECURE_ALGORITHM`, especially in verification case? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 18:04:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 16:04:19 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Adjust RSA key size restrictions (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: I'm working on extra tests for this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1051200621 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 4 18:14:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Aug 2022 16:14:38 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Adjust RSA key size restrictions (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1051212134 > Copyright (C) 2013-2019 Nikos Mavrogiannopoulos > See the end for copying conditions. > > +* Version 3.7.8 (unreleased) > + > +** libgnutls: RSA operations with key size shorter than 1024 bits are now While FIPS has its own lifecycle specifics justifying tightening FIPS restrictions in a minor release, I'm not sure a non-FIPS tightening with no opt-out would enjoy a warm welcome. Especially since it overrides profiles. Please consider making it opt-in. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1051212134 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 5 03:23:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 Aug 2022 01:23:57 +0000 Subject: [gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1051673032 > * write keys */ > if (session->internals.recv_state == RECV_STATE_EARLY_START) { > - ret = _tls13_write_connection_state_init(session, stage); I think we need to keep those `_tls13_*_connection_state_init` as is. The reason is that the next traffic keys are calculated based on the previous keys, and thus we need to somehow keep track of them even if we don't use them for encrypting/decrypting traffic in userspace. -- Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1051673036 > + ret = _tls13_write_connection_state_init(session, stage); > } else { > - ret = _tls13_connection_state_init(session, stage); Same here, let's keep it as is. -- Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1051673039 > } else { > - ret = _tls13_connection_state_init(session, stage); > + switch (session->internals.ktls_enabled) { Now that we move `_tls13_connection_state_init(session, stage)` this switch could be simply replaced with a single call to `_gnutls_ktls_set_keys(session, session->internals.ktls_enabled)`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 5 09:39:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 Aug 2022 07:39:42 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Stanislav ?idek commented: @ansasaki @asosedkin Would you also like to have a look on this MR? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1051893113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 5 10:01:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 Aug 2022 08:01:15 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1051927749 > + - COMPONENT: > + - openssl > + #- nss # currently fails on Fedora due to NSS bug > + TYPE: > + - 2way > + #- 3way # these tests take too long, plan is to split them > + #- 4way > + #- 5way > + #- p256 > + #- p384 > + #- p521 > + #- rsae > + #- rsapss > + allow_failure: true > + script: > + - git clone --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git It's also tempting to embed this repo as a submodule as we do for tlsfuzzer, so we can track the revision of the copy. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1051927749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 5 15:13:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 Aug 2022 13:13:54 +0000 Subject: [gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625) In-Reply-To: References: Message-ID: All discussions on merge request !1625 were resolved by Franti?ek Kren?elok https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 5 18:50:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 Aug 2022 16:50:37 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Adjust RSA key size restrictions (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: ``` certtool --generate-privkey --bits 1023 --outfile /tmp/key cat > /tmp/tmpl < /tmp/sig build/src/certtool --p7-verify --load-privkey /tmp/key --load-certificate /tmp/crt --load-data tests/cert-tests/data/pkcs7-detached.txt --infile /tmp/sig ``` ``` eContent Type: 1.2.840.113549.1.7.1 Signers: Signer's issuer DN: CN=RSA 1023 Signer's serial: 7b9278add8f8883723075f1c21b6b6b777bb28af Signature Algorithm: RSA-SHA256 Signature status: ok ``` I expected this to be blocked. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1052636443 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 6 13:39:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 06 Aug 2022 11:39:45 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1627) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 Project:Branches: ametzler/gnutls:tmp-ametzler-2022-bashism to gnutls/gnutls:master Author: Andreas Metzler Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 6 14:24:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 06 Aug 2022 12:24:58 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1627) In-Reply-To: References: Message-ID: Merge request !1627 was approved by Airtower Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 Project:Branches: ametzler/gnutls:tmp-ametzler-2022-bashism to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 6 19:21:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 06 Aug 2022 17:21:39 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1053063594 I can come up with two solutions, but first let me summarize the current situation: In the first commit, I included `` in the header. This is wrong. In the second commit, I removed `` from the header, and placed it in the `gnutlsx.cpp` file instead. But now the header has no support for extra features configured during the build process, even if the C library supports them. The two solutions: One is a generated header that includes only the definitions of enabled features, that is included by ``. This again ties the header to the C library, since a differently-built C library (say, less features) may be missing symbols. The other option is to add functions in the C++ header-only library, such as: bool have_X_feature(void) { #ifdef GNUTLS_X_FEATURE return true; #else return false; #endif } The user would check that `have_X_feature()` is true before using said feature. Note that `have_X_feature()` is a function in the C library. This decouples the C++ header from the C library and allows the user to have a choice of which C library to link to, using the same C++ header. Yet another behavior of the C++ wrapper would be to throw an exception if the feature is missing in an invoked function. Again the underlying C library function as above would be required. I'm leaning towards providing a C function that lets the user know at runtime whether a feature was enabled or disabled, but I wanted to ask for your opinion. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1053063594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 8 06:56:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Aug 2022 04:56:44 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 Project:Branches: dueno/gnutls:wip/dueno/interruptible to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1390 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 8 07:11:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Aug 2022 05:11:41 +0000 Subject: [gnutls-devel] GnuTLS | Integrate "coverage" subproject into this repository (#1393) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1393 Currently the code coverage report, etc. are generated by running the CI on a separate [coverage](https://gitlab.com/gnutls/coverage/) project either manually or through webhook. As we do the same coverage report generation in fedora-abicoverage target, we could do that in the gnutls repo itself (though the URL will be different). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1393 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 8 13:21:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Aug 2022 11:21:11 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1627) In-Reply-To: References: Message-ID: Andreas Metzler commented: No idea about the CI errors, they are not related to my one-line change: UB+ASAN-Werror-aggressive.Fedora.x86_64.gcc: FAIL: tls-fuzzer/tls-fuzzer-nocert.sh fedora-abicoverage: FAIL: gnutls-cli-debug.sh mingw32-vista ERROR: Job failed: execution took longer than 3h0m0s seconds mingw32 ERROR: Job failed: execution took longer than 3h0m0s seconds -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627#note_1053990614 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 03:12:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 01:12:15 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1054832153 > + - COMPONENT: > + - openssl > + #- nss # currently fails on Fedora due to NSS bug > + TYPE: > + - 2way > + #- 3way # these tests take too long, plan is to split them > + #- 4way > + #- 5way > + #- p256 > + #- p384 > + #- p521 > + #- rsae > + #- rsapss > + allow_failure: true > + script: > + - cd tests/suite/tls-interoperability/ && git submodule update --init --depth 1 . Do we need the manual run of `git submodule update`? I thought it is automatically done through `bootstrap` as long as the submodule is properly listed in bootstrap.conf. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1054832153 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 03:13:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 01:13:40 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1627) In-Reply-To: References: Message-ID: Daiki Ueno commented: I think those are all intermittent, given they are now passing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627#note_1054832963 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 07:45:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 05:45:09 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Stanislav ?idek commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1054965758 > + - COMPONENT: > + - openssl > + #- nss # currently fails on Fedora due to NSS bug > + TYPE: > + - 2way > + #- 3way # these tests take too long, plan is to split them > + #- 4way > + #- 5way > + #- p256 > + #- p384 > + #- p521 > + #- rsae > + #- rsapss > + allow_failure: true > + script: > + - cd tests/suite/tls-interoperability/ && git submodule update --init --depth 1 . We don't, you are right. I was not aware of bootstrapping when I added this and forgot to remove it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623#note_1054965758 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 07:51:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 05:51:28 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: All discussions on merge request !1623 were resolved by Stanislav ?idek https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 08:29:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 06:29:54 +0000 Subject: [gnutls-devel] GnuTLS | Adjust RSA key size restrictions (!1624) In-Reply-To: References: Message-ID: Daiki Ueno changed the draft status of merge request !1624 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 08:31:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 06:31:36 +0000 Subject: [gnutls-devel] GnuTLS | Adjust RSA key size restrictions (!1624) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055002626 > Copyright (C) 2013-2019 Nikos Mavrogiannopoulos > See the end for copying conditions. > > +* Version 3.7.8 (unreleased) > + > +** libgnutls: RSA operations with key size shorter than 1024 bits are now I've introduced `min-rsa-key-bits` option, which can be set to 1024, instead of hard-coding the limit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055002626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 08:32:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 06:32:39 +0000 Subject: [gnutls-devel] GnuTLS | Adjust RSA key size restrictions (!1624) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055003428 I've added a test that exercises the similar scenario (I think we can simply assume `--generate-self-signed` to sign with the short RSA key). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055003428 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 08:35:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 06:35:09 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Merge request !1623 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 Project:Branches: ep69/gnutls:interop to gnutls/gnutls:master Author: Stanislav ?idek Assignees: Reviewers: Daiki Ueno, Anderson Sasaki, and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 08:41:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 06:41:11 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) In-Reply-To: References: Message-ID: Reassigned merge request 1628 https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 08:41:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 06:41:18 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) In-Reply-To: References: Message-ID: Reviewer changed to Stanislav ?idek -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 08:56:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 06:56:15 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) In-Reply-To: References: Message-ID: Stanislav ?idek started a new discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628#note_1055027947 I think the better approach would be to add `interruptible: true` to `default` section to prevent errors in future and limit duplication. Other problem: `interruptible: true` is missing in `commit-check` job and docs say "You can?t cancel subsequent jobs after a job with interruptible: false starts." I am not sure about the precise definition of "subsequent job" though, if it is only about time of starting, or if it means jobs need to be dependent. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628#note_1055027947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 09:05:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 07:05:06 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628#note_1055036875 Good point, and it makes the change much simpler. I've amended the commit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628#note_1055036875 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 09:05:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 07:05:24 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Reassigned merge request 1624 https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 09:05:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 07:05:33 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Reviewer changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 09:06:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 07:06:13 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1627) In-Reply-To: References: Message-ID: Reassigned merge request 1627 https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 Assignee changed to Andreas Metzler -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 09:06:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 07:06:21 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1627) In-Reply-To: References: Message-ID: Reviewer changed to Airtower -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 09:12:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 07:12:23 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 was reviewed by Stanislav ?idek -- Stanislav ?idek commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628#note_1055044141 Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 09:12:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 07:12:23 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) In-Reply-To: References: Message-ID: All discussions on merge request !1628 were resolved by Stanislav ?idek https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 09:17:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 07:17:24 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) In-Reply-To: References: Message-ID: Merge request !1628 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 Project:Branches: dueno/gnutls:wip/dueno/interruptible to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Stanislav ?idek -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 10:17:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 08:17:42 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1627) In-Reply-To: References: Message-ID: Merge request !1627 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 Project:Branches: ametzler/gnutls:tmp-ametzler-2022-bashism to gnutls/gnutls:master Author: Andreas Metzler Assignee: Andreas Metzler Reviewer: Airtower -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 10:47:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 08:47:06 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on tests/system-override-min-rsa-key-bits.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055167482 > +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 > + > +if ! test -x "$CERTTOOL"; then > + exit 77 > +fi > + > +. "${srcdir}/scripts/common.sh" > + > +testdir=`create_testdir min-rsa-key-bits` > + > +unset GNUTLS_SYSTEM_PRIORITY_FILE > + > +"$CERTTOOL" --generate-privkey --key-type rsa --bits 512 --outfile "$testdir/rsa-512.pem" || \ > + fail "unable to generate 512-bit RSA key without min-rsa-key-bits" > + > +"$CERTTOOL" --generate-self-signed --load-privkey "$testdir/rsa-512.pem" --outfile "$testdir/cert-rsa-512.pem" || \ Needs a `--template` (otherwise it loops infinitely in my testing). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055167482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 11:41:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 09:41:45 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/system-override-min-rsa-key-bits.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055248581 > +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 > + > +if ! test -x "$CERTTOOL"; then > + exit 77 > +fi > + > +. "${srcdir}/scripts/common.sh" > + > +testdir=`create_testdir min-rsa-key-bits` > + > +unset GNUTLS_SYSTEM_PRIORITY_FILE > + > +"$CERTTOOL" --generate-privkey --key-type rsa --bits 512 --outfile "$testdir/rsa-512.pem" || \ > + fail "unable to generate 512-bit RSA key without min-rsa-key-bits" > + > +"$CERTTOOL" --generate-self-signed --load-privkey "$testdir/rsa-512.pem" --outfile "$testdir/cert-rsa-512.pem" || \ Indeed, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055248581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 11:42:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 09:42:03 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: All discussions on merge request !1624 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 11:44:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 09:44:37 +0000 Subject: [gnutls-devel] GnuTLS | interoperability testing with openssl (!1623) In-Reply-To: References: Message-ID: Merge request !1623 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 Project:Branches: ep69/gnutls:interop to gnutls/gnutls:master Author: Stanislav ?idek Reviewers: Daiki Ueno, Anderson Sasaki, and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 12:31:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 10:31:50 +0000 Subject: [gnutls-devel] GnuTLS | Make use of `interruptible` keyword in Gitlab CI (#1390) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1628 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1628) Issue #1390: https://gitlab.com/gnutls/gnutls/-/issues/1390 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 12:31:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 10:31:50 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: mark all CI jobs interruptible (!1628) In-Reply-To: References: Message-ID: Merge request !1628 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 Project:Branches: dueno/gnutls:wip/dueno/interruptible to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Stanislav ?idek -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 13:10:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 11:10:23 +0000 Subject: [gnutls-devel] GnuTLS | fips: disable GNUTLS_CIPHER_3DES_CBC self-test (!1629) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1629 Project:Branches: asosedkin/gnutls:drop-3des-selftest to gnutls/gnutls:master Author: Alexander Sosedkin Following up on !1570/4f43efcd5a, remove 3DES FIPS self-test. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 13:37:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 11:37:56 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: ! Remembering at least our discussion with Knot DNS folks, we do need an API to relax the restriction back when the vendor dials it up and the app wants to dial it back down. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055398915 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 13:38:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 11:38:00 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055398947 > Copyright (C) 2013-2019 Nikos Mavrogiannopoulos > See the end for copying conditions. > > +* Version 3.7.8 (unreleased) > + > +** libgnutls: RSA operations with key size shorter than 1024 bits are now In the end I renamed it to `min-rsa-size`, as it's obvious that the option is about keys and in bits. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055398947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 14:05:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 12:05:07 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: All discussions on merge request !1624 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 14:05:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 12:05:18 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: All discussions on merge request !1624 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 14:13:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 12:13:56 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: All discussions on merge request !1624 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 14:15:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 12:15:40 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055448801 I think we need more details on that to decide whether API is needed. Originally we intended to: * hard-disable verifying / signing with <2k RSA keys in FIPS mode * soft-disable <2k RSA keys through crypto-policies for more than just TLS through some future configuration file option Now, we are doing something like: * there is no hard-disablement * `min-rsa-size` option is provided to soft-disable RSA keys through crypto-policies (though it might not be mapped 1:1 to a specific crypto-policies keyword) * FIPS service indicator reports the usage of <2k RSA keys as non-approved in signature generation; this limitation is hard-coded in the library * FIPS service indicator reports the usage of <2k except 1024, 1280, 1536, 1792 RSA keys as non-approved in signature verification; this limitation is hard-coded in the library So if we set `min-rsa-size` to the current status quo (1K?), I suspect the requirements from both FIPS and DNSSEC might be already satisfied. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055448801 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 14:21:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 12:21:56 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055457308 ... but vendors can't raise it without angering app developers =) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055457308 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 14:45:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 12:45:31 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055499492 > ctx->curves = tmp; > ctx->curves[ctx->curves_size] = curve; > ctx->curves_size++; > + } else if (c_strcasecmp(name, "min-rsa-size")==0) { > + char *endptr; > + > + cfg->min_rsa_size = strtoul(value, &endptr, 10); > Since strtoul() can legitimately return 0 or ULONG_MAX (ULLONG_MAX for strtoull()) on both success and failure, **the calling program should set errno to 0 before the call**, and then determine if an error occurred by checking whether errno has a nonzero value after the call. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055499492 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 9 14:52:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Aug 2022 12:52:39 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055509919 Please consider https://gitlab.com/-/snippets/2385318; currently fails to start with any value for me due to non-zero errno. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1055509919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 10 07:59:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Aug 2022 05:59:05 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/cligen/-/merge_requests/4 Branches: wip/dueno/arg-default to main Author: Daiki Ueno This corresponds to "arg-default" attribute in AutoGen definition, which was missed in the initial conversion. Reported by Taru Varshney. Signed-off-by: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 10 08:20:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Aug 2022 06:20:45 +0000 Subject: [gnutls-devel] GnuTLS | fips: disable GNUTLS_CIPHER_3DES_CBC self-test (!1629) In-Reply-To: References: Message-ID: Merge request !1629 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1629 Project:Branches: asosedkin/gnutls:drop-3des-selftest to gnutls/gnutls:master Author: Alexander Sosedkin Assignee: Alexander Sosedkin Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 10 08:20:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Aug 2022 06:20:21 +0000 Subject: [gnutls-devel] GnuTLS | fips: disable GNUTLS_CIPHER_3DES_CBC self-test (!1629) In-Reply-To: References: Message-ID: Reassigned merge request 1629 https://gitlab.com/gnutls/gnutls/-/merge_requests/1629 Assignee changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 10 12:07:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Aug 2022 10:07:35 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: Reviewer changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 10 12:44:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Aug 2022 10:44:55 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1056860236 > ctx->curves = tmp; > ctx->curves[ctx->curves_size] = curve; > ctx->curves_size++; > + } else if (c_strcasecmp(name, "min-rsa-size")==0) { > + char *endptr; > + > + cfg->min_rsa_size = strtoul(value, &endptr, 10); Sigh, error reporting guarantees could be better ("if no conversion could be performed, zero is returned" but no guaranteed way to discern it from a legit zero), but I see that errno is not guaranteed to be set in all such cases, so I don't have better proposals anyway. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1056860236 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 10 18:50:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Aug 2022 16:50:54 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: v15: rebased on top of 5c143a37eb (3.7.7 +6) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1057495576 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 11 03:50:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Aug 2022 01:50:24 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1057929349 > + > +/* > + * struct cfg Is this splitting really needed? If yes, why not moving them to a `cfg.c`? I would try to keep struct definitions in .c for better encapsulation, unless there is a good reason to expose them library wide. -- Daiki Ueno started a new discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1057929350 > + gnutls_digest_algorithm_t* src, size_t len) > +{ > + if (unlikely(len >= MAX_ALGOS)) { `len > MAX_ALGOS`, as we allocate `MAX_ALGOS + 1`? -- Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1057929352 > + */ > + > +static inline int /* not locking system_wide_config */ I would return `bool` for the functions named as `*_is_*`. In that case the following debug logs could be `_gnutls_audit_log`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 11 09:38:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Aug 2022 07:38:31 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1058135737 > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +/* Code split off from priority.c, `struct cfg` and some operations on it */ > + > +#ifndef GNUTLS_LIB_CONFIG_INT_H > +#define GNUTLS_LIB_CONFIG_INT_H > + > +/* > + * struct cfg > Is this splitting really needed? No, but priority.c is growing out of control and I felt bad making it even larger. > I would try to keep struct definitions in .c for better encapsulation, unless there is a good reason to expose them library wide. `priority.c` is the sole user of the definition. I'm not sure what you're proposing, renaming it to `cfg.c` and including it as `cfg.c` from `priority.c`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1058135737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 11 10:11:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Aug 2022 08:11:11 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 was reviewed by Alexander Sosedkin -- Alexander Sosedkin commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1058175665 > + gnutls_digest_algorithm_t* src, size_t len) > +{ > + if (unlikely(len >= MAX_ALGOS)) { Right. Changed to `len > MAX_ALGOS` here and also amended `i > MAX_ALGOS` to `i >= MAX_ALGOS` in `APPEND_TO_NULL_TERMINATED_ARRAY`. -- Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1058175711 > + */ > + > +static inline int /* not locking system_wide_config */ As you wish. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 11 11:25:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Aug 2022 09:25:03 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Seems to work functionally, nits inline. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4#note_1058280049 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 11 11:25:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Aug 2022 09:25:06 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/cligen/-/merge_requests/4 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on cligen/doc/man.py: https://gitlab.com/gnutls/cligen/-/merge_requests/4#note_1058280024 > +\\f\\*[I-Font]number\\f[] > +for this option is: > +.in +4 Nits: 1. I'm not sure the formatting should make it stand out this much 2. I'd expect a matching `.in -4` -- Alexander Sosedkin started a new discussion on cligen.schema.json: https://gitlab.com/gnutls/cligen/-/merge_requests/4#note_1058280029 > + "properties": { > + "argument-default": { > + "description": "The defalut value of the option argument", `s/defalut/default/`x2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 12 03:10:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 01:10:52 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1059267067 > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +/* Code split off from priority.c, `struct cfg` and some operations on it */ > + > +#ifndef GNUTLS_LIB_CONFIG_INT_H > +#define GNUTLS_LIB_CONFIG_INT_H > + > +/* > + * struct cfg > I'm not sure what you're proposing, renaming it to cfg.c and including it as cfg.c from priority.c? I suggest simply linking (not including) the new cfg.c. That would require separation of specification and implementation, like: ```c /* cfg.h */ struct cfg; /* declaration */ static void cfg_steal(struct cfg *dst, struct cfg *src); ... ``` ```c /* cfg.c */ struct cfg { ... }; static void cfg_steal(struct cfg *dst, struct cfg *src) { ... } ``` This loses `static inline` but I suppose it's not a big problem as it's not on the performance critical path. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1059267067 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 12 04:08:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 02:08:08 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1059284748 > + * the setting is modified with a prior call to this function. > + * > + * Since: 3.7.3 > + */ > +int > +gnutls_digest_set_secure(gnutls_digest_algorithm_t dig, unsigned int secure) > +{ > +#ifndef DISABLE_SYSTEM_CONFIG > + int ret; > + ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); > + if (ret < 0) { > + (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); > + return gnutls_assert_val(ret); > + } > + ret = system_wide_config_is_malleable(); > + if (ret != 1) { ```suggestion:-1+0 if (system_wide_config_is_malleable()) { ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1059284748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 12 04:32:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 02:32:07 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-key-sizes to gnutls/gnutls:master Author: Daiki Ueno Split off from !1624 with only FIPS related changes. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 12 04:42:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 02:42:08 +0000 Subject: [gnutls-devel] GnuTLS | Make RSA modulus size restrictions configurable (!1624) In-Reply-To: References: Message-ID: Daiki Ueno commented: Rebased on top of !1630. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1059297500 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 12 10:43:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 08:43:42 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/cligen/-/merge_requests/4 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on cligen/doc/man.py: https://gitlab.com/gnutls/cligen/-/merge_requests/4#note_1059570197 > +\\f\\*[I-Font]number\\f[] > +for this option is: > +.in +4 It was actually meant as `.ti +4`. Good catch! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 12 10:43:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 08:43:42 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: All discussions on merge request !4 were resolved by Daiki Ueno https://gitlab.com/gnutls/cligen/-/merge_requests/4 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 13 01:07:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 23:07:12 +0000 Subject: [gnutls-devel] GnuTLS | fips: disable GNUTLS_CIPHER_3DES_CBC self-test (!1629) In-Reply-To: References: Message-ID: Merge request !1629 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1629 Project:Branches: asosedkin/gnutls:drop-3des-selftest to gnutls/gnutls:master Author: Alexander Sosedkin Assignee: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 13 01:11:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 23:11:03 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) In-Reply-To: References: Message-ID: Reassigned merge request 1630 https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 13 01:11:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Aug 2022 23:11:13 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) In-Reply-To: References: Message-ID: Reviewer changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 14 01:36:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Aug 2022 23:36:41 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Rui Ribeiro commented: GnuTLS is crashing on me on the Fedora 37 pre-release, and I think it is related to this. VMWare it runs ok, but it crashing when running in Parallels 17 and 18. Fedora Rawhide-20220806.n.0 FC37 x86_64 Also did reinstall of the packages, and reinstalled the iSO, same behaviour. ----> wget core dumping when doing https requests (wget http requests are okay, curl requests do not core dump): # wget https://www.cnn.com --2022-08-14 00:22:10-- https://www.cnn.com/ Resolving www.cnn.com (www.cnn.com)... 151.101.127.5 Connecting to www.cnn.com (www.cnn.com)|151.101.127.5|:443... connected. Illegal instruction (core dumped) ----> package versions: $ rpm -q -a | egrep "wget|gnutls" gnutls-3.7.7-1.fc37.x86_64 wget-1.21.3-4.fc37.x86_64 ---> GnuTLS problem # ltrace wget https://www.cnn.com ........... memcpy(0x5574d9c3a990, "www.cnn.com\0", 12) = 0x5574d9c3a990 strlen("www.cnn.com") = 11 gnutls_server_name_set(0x5574da9083b0, 1, 0x5574d9c3a990, 11) = 0 free(0x5574d9c3a990) = gnutls_credentials_set(0x5574da9083b0, 1, 0x5574d9c46a80, 0) = 0 gnutls_transport_set_ptr(0x5574da9083b0, 3, 0, 5) = 0 gnutls_set_default_priority(0x5574da9083b0, 0, 0x5574d9bd6340, 5) = 0 gnutls_session_enable_compatibility_mode(0x5574da9083b0, 0x5574d9cb0c30, 0x5000000, 45) = 257 fcntl(3, 3, 0, 45) = 2 fcntl(3, 4, 2050, 0x7f483827baa4) = 0 gnutls_handshake(0x5574da9083b0, 4, 0, 0x7f483827baa4) = 0xffffffe4 gnutls_record_get_direction(0x5574da9083b0, 0x7f483834ece0, 0x5574da8dcf01, 0x4d00) = 0 __fdelt_chk(3, 1, 0x5574da8dcf01, 0) = 0 select(4, 0x7fff3e41e980, 0, 0) = 1 gnutls_error_is_fatal(0xffffffe4, 0x7fff3e41e980, 0xd5a60, 0) = 0 gnutls_handshake(0x5574da9083b0, 0x7fff3e41e980, 0xd5a60, 0 --- SIGILL (Illegal instruction) --- +++ killed by SIGILL +++ # lscpu (Fedora VM - does not advertise AVX1/2 ) [root at fedora ~]# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 36 bits physical, 48 bits virtual Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Vendor ID: GenuineIntel BIOS Vendor ID: GenuineIntel Model name: Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz BIOS Model name: CPU @ 2.7GHz BIOS CPU family: 2 CPU family: 6 Model: 94 Thread(s) per core: 1 Core(s) per socket: 4 Socket(s): 1 Stepping: 3 BogoMIPS: 5424.00 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mc a cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscal l nx rdtscp lm constant_tsc nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 cx16 pcid sse4 _1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes f1 6c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_ single pti fsgsbase tsc_adjust bmi1 smep bmi2 invpcid r dseed adx smap clflushopt dtherm arat pln pts Virtualization features: Hypervisor vendor: KVM Virtualization type: full Caches (sum of all): L1d: 128 KiB (4 instances) L1i: 128 KiB (4 instances) L2: 1 MiB (4 instances) L3: 8 MiB (1 instance) NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0-3 Vulnerabilities: Itlb multihit: KVM: Mitigation: VMX unsupported L1tf: Mitigation; PTE Inversion Mds: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown Meltdown: Mitigation; PTI Mmio stale data: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown Retbleed: Vulnerable Spec store bypass: Vulnerable Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling Srbds: Unknown: Dependent on hypervisor status Tsx async abort: Not affected Host i7 Macbook Pro late 2016. AXV1, No AVX2 % sysctl -a | grep machdep.cpu.featuresmachdep.cpu.features: FPU VME DE PSE TSC MSR PAE MCE CX8 APIC SEP MTRR PGE MCA CMOV PAT PSE36 CLFSH DS ACPI MMX FXSR SSE SSE2 SS HTT TM PBE SSE3 PCLMULQDQ DTES64 MON DSCPL VMX SMX EST TM2 SSSE3 FMA CX16 TPR PDCM SSE4.1 SSE4.2 x2APIC MOVBE POPCNT AES PCID XSAVE OSXSAVE SEGLIM64 TSCTMR AVX1.0 RDRAND F16C [root at fedora ~]# gdb -ex=r --args wget https://www.cnn.com GNU gdb (GDB) Fedora 12.1-4.fc37 Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from wget... Reading symbols from /usr/lib/debug/usr/bin/wget-1.21.3-4.fc37.x86_64.debug... Starting program: /usr/bin/wget https://www.cnn.com [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". --2022-08-14 00:31:05-- https://www.cnn.com/ Resolving www.cnn.com (www.cnn.com)... 151.101.127.5 Connecting to www.cnn.com (www.cnn.com)|151.101.127.5|:443... connected. Program received signal SIGILL, Illegal instruction. 0x00007ffff7dc168a in sha512_block_data_order_avx2 () from /lib64/libgnutls.so.30 (gdb) bt full #0 0x00007ffff7dc168a in sha512_block_data_order_avx2 () from /lib64/libgnutls.so.30 No symbol table info available. #1 0x00007ffff7db48a2 in x86_sha512_update (ctx=0x7fffffffcb90, length=128, data=0x7fffffffca90 '\\' , "0\177\024VUU") at sha-x86-ssse3.c:215 octx = {h = {14680500436340154072, 7105036623409894663, 10473403895298186519, 1526699215303891257, 7436329637833083697, 10282925794625328401, 15784041429090275239, 5167115440072839076}, Nl = 1, Nh = 93825006243152, u = {d = { 17856615494224707584, 6209326166487105535, 21845, 4294967296, 17860264794792132608, 14740327792639, 17179869184, 18446687655019184127, 18446687517580230655, 18446687929897091071, 18446687861177614335, 18446687380141277183, 18446688067336044543, 18446687998616567807, 11243226574125826047, 19256245714}, p = "\000\000\000\000/q\317\367\377\177\000\000@\365+VUU\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\064h\334\367\377\177\000\000h\r\000\000\000\000\000\000\004\000\000\000\377\177\000\000\260\314\377\377\377\177\000\000\220\314\377\377\377\177\000\000\360\314\377\377\377\177\000\000\340\314\377\377\377\177\000\000p\314\377\377\377\177\000\000\020\315\377\377\377\177\000\000\000\315\377\377\377\177\000\000\000\367\a\234\322\375\302{\004\000\000"}, num = 0, md_len = 0} res = 0 t2 = 1 i = #2 0x00007ffff7eb1fdb in nettle_hmac_set_key (outer=, inner=0x7fffffffcc68, state=, hash=0x7ffff7e83640 , key_length=0, key=0x7ffff7df4ea3 "") at /usr/src/debug/nettle-3.8-2.fc37.x86_64/hmac.c:83 pad = 0x7fffffffca90 '\\' , "0\177\024VUU" __PRETTY_FUNCTION__ = "nettle_hmac_set_key" #3 0x00007ffff7db26aa in wrap_x86_hmac_fast (algo=, nonce=, nonce_size=, key=0x7ffff7df4ea3, key_size=0, text=0x7fffffffcf30, text_size=48, digest=0x5555562bfae0) at hmac-x86-ssse3.c:297 ctx = {ctx = {sha1 = {outer = {state = {3238371032, 3418070365, 914150663, 1654270250, 812702999}, count = 1526699215303891257, index = 4290775857, block = "g&3g\021\025Xh\207J\264\216\247\217\371d\r.\f?O\372\276\035H\265G", '\000' , "/q\317\367\377\177\000\000@\365+V"}, inner = {state = {0, 0, 1, 0, --Type for more, q to quit, c to continue without paging--c 4158416948}, count = 3432, index = 4, block = "\377\177\000\000\260\314\377\377\377\177\000\000\220\314\377\377\377\177\000\000\360\314\377\377\377\177\000\000\340\314\377\377\377\177\000\000p\314\377\377\377\177\000\000\020\315\377\377\377\177\000\000\000\315\377\377\377\177\000\000\000\367\a\234"}, state = {state = {4, 21845, 3238371032, 3418070365, 914150663}, count = 10473403895298186519, index = 4144912697, block = "\330\354/\025\061\v\300\377g&3g\021\025Xh\207J\264\216\247\217\371d\r.\f?O\372\276\035H\265G", '\000' }}, sha224 = {outer = {state = {3238371032, 3418070365, 914150663, 1654270250, 812702999, 2438529370, 4144912697, 355462360}, count = 7436329637833083697, index = 1750603025, block = "\207J\264\216\247\217\371d\r.\f?O\372\276\035H\265G", '\000' , "/q\317\367\377\177\000\000@\365+VUU\000\000\000\000\000"}, inner = {state = {1, 0, 4158416948, 32767, 3432, 0, 4, 32767}, count = 140737488342192, index = 4294954128, block = "\377\177\000\000\360\314\377\377\377\177\000\000\340\314\377\377\377\177\000\000p\314\377\377\377\177\000\000\020\315\377\377\377\177\000\000\000\315\377\377\377\177\000\000\000\367\a\234\322\375\302{\004\000\000\000UU\000\000?\005\301"}, state = {state = {914150663, 1654270250, 812702999, 2438529370, 4144912697, 355462360, 4290775857, 1731405415}, count = 10282925794625328401, index = 1694076839, block = "\r.\f?O\372\276\035H\265G", '\000' }}, sha256 = {outer = {state = {3238371032, 3418070365, 914150663, 1654270250, 812702999, 2438529370, 4144912697, 355462360}, count = 7436329637833083697, index = 1750603025, block = "\207J\264\216\247\217\371d\r.\f?O\372\276\035H\265G", '\000' , "/q\317\367\377\177\000\000@\365+VUU\000\000\000\000\000"}, inner = {state = {1, 0, 4158416948, 32767, 3432, 0, 4, 32767}, count = 140737488342192, index = 4294954128, block = "\377\177\000\000\360\314\377\377\377\177\000\000\340\314\377\377\377\177\000\000p\314\377\377\377\177\000\000\020\315\377\377\377\177\000\000\000\315\377\377\377\177\000\000\000\367\a\234\322\375\302{\004\000\000\000UU\000\000?\005\301"}, state = {state = {914150663, 1654270250, 812702999, 2438529370, 4144912697, 355462360, 4290775857, 1731405415}, count = 10282925794625328401, index = 1694076839, block = "\r.\f?O\372\276\035H\265G", '\000' }}, sha384 = {outer = {state = {14680500436340154072, 7105036623409894663, 10473403895298186519, 1526699215303891257, 7436329637833083697, 10282925794625328401, 15784041429090275239, 5167115440072839076}, count_low = 0, count_high = 0, index = 0, block = "\000\000\000\000/q\317\367\377\177\000\000@\365+VUU\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\064h\334\367\377\177\000\000h\r\000\000\000\000\000\000\004\000\000\000\377\177\000\000\260\314\377\377\377\177\000\000\220\314\377\377\377\177\000\000\360\314\377\377\377\177\000\000\340\314\377\377\377\177\000\000p\314\377\377\377\177\000\000\020\315\377\377\377\177\000\000\000\315\377\377\377\177\000\000\000\367\a\234\322\375\302{\004\000\000"}, inner = {state = {14680500436340154072, 7105036623409894663, 10473403895298186519, 1526699215303891257, 7436329637833083697, 10282925794625328401, 15784041429090275239, 5167115440072839076}, count_low = 0, count_high = 0, index = 0, block = '\000' }, state = {state = {0, 93825006255222, 32, 0, 0, 0, 0, 0}, count_low = 0, count_high = 0, index = 0, block = '\000' }}, sha512 = {outer = {state = {14680500436340154072, 7105036623409894663, 10473403895298186519, 1526699215303891257, 7436329637833083697, 10282925794625328401, 15784041429090275239, 5167115440072839076}, count_low = 0, count_high = 0, index = 0, block = "\000\000\000\000/q\317\367\377\177\000\000@\365+VUU\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\064h\334\367\377\177\000\000h\r\000\000\000\000\000\000\004\000\000\000\377\177\000\000\260\314\377\377\377\177\000\000\220\314\377\377\377\177\000\000\360\314\377\377\377\177\000\000\340\314\377\377\377\177\000\000p\314\377\377\377\177\000\000\020\315\377\377\377\177\000\000\000\315\377\377\377\177\000\000\000\367\a\234\322\375\302{\004\000\000"}, inner = {state = {14680500436340154072, 7105036623409894663, 10473403895298186519, 1526699215303891257, 7436329637833083697, 10282925794625328401, 15784041429090275239, 5167115440072839076}, count_low = 0, count_high = 0, index = 0, block = '\000' }, state = {state = {0, 93825006255222, 32, 0, 0, 0, 0, 0}, count_low = 0, count_high = 0, index = 0, block = '\000' }}}, ctx_ptr = 0x7fffffffcb90, algo = GNUTLS_MAC_UNKNOWN, length = 48, update = 0x7ffff7db2960 , digest = 0x7ffff7db28a0 , setkey = 0x7ffff7db27b0 } ret = __func__ = "wrap_x86_hmac_fast" #4 0x00007ffff7cc6a27 in _gnutls_mac_fast (algorithm=GNUTLS_MAC_SHA384, key=0x7ffff7df4ea3, keylen=0, text=0x7fffffffcf30, textlen=48, digest=0x5555562bfae0) at hash_int.c:167 ret = cc = __func__ = "_gnutls_mac_fast" #5 0x00007ffff7ce7c2d in gnutls_hmac_fast (algorithm=GNUTLS_MAC_SHA384, key=key at entry=0x7ffff7df4ea3, keylen=keylen at entry=0, ptext=0x7fffffffcf30, ptext_len=ptext_len at entry=48, digest=digest at entry=0x5555562bfae0) at crypto-api.c:801 ret = not_approved = true __func__ = "gnutls_hmac_fast" #6 0x00007ffff7d0033f in _tls13_init_secret2 (prf=0x7ffff7e87888 , psk=, psk at entry=0x0, psk_size=48, psk_size at entry=0, out=out at entry=0x5555562bfae0) at secrets.c:61 buf = '\000' , "(\345+VUU", '\000' , "\b\000\000\000\000\000\000\000`\177\350\367\377\177\000\000\000\000\000\000\000\000\000\000\330\360\347\367\377\177\000\000\275\252\314\367\377\177\000\000\320\343+VUU\000\000\b\000\000\000\261\000\000" __func__ = "_tls13_init_secret2" #7 0x00007ffff7d00410 in _tls13_init_secret (session=session at entry=0x5555562be3d0, psk=psk at entry=0x0, psk_size=psk_size at entry=0) at secrets.c:37 No locals. #8 0x00007ffff7cb7db0 in read_server_hello (datalen=, data=, session=0x5555562be3d0) at handshake.c:2100 session_id_len = session_id = major = minor = pos = cs_pos = ret = 0 saved_vers = comp_pos = srandom_pos = len = ext_parse_flag = 8 vers = 0x7ffff7e87f60 session_id_len = session_id = cs_pos = comp_pos = srandom_pos = major = minor = pos = ret = len = ext_parse_flag = vers = saved_vers = __func__ = "read_server_hello" cipher = #9 _gnutls_recv_handshake (session=session at entry=0x5555562be3d0, type=type at entry=GNUTLS_HANDSHAKE_SERVER_HELLO, optional=optional at entry=0, buf=buf at entry=0x0) at handshake.c:1658 ret = ret2 = hsk = {htype = GNUTLS_HANDSHAKE_SERVER_HELLO, rtype = GNUTLS_HANDSHAKE_SERVER_HELLO, length = 118, sequence = 0, start_offset = 0, end_offset = 117, header = "\002\000\000v\000\000\000\000\000\000\000", header_size = 4, data = {allocd = 0x5555562b3c20 "\003\003f.\354<`\240~g\006)\340\242N\315[?\336\353\276n\004\024\360l\027\336f\b,a\321 \362\345\273c\016p\254O\374\372?\231X\305F\277A\321L\256\"\272{4\321\f\a\022?\203|\023\002", data = 0x5555562b3c20 "\003\003f.\354<`\240~g\006)\340\242N\315[?\336\353\276n\004\024\360l\027\336f\b,a\321 \362\345\273c\016p\254O\374\372?\231X\305F\277A\321L\256\"\272{4\321\f\a\022?\203|\023\002", max_length = 2048, length = 118}} __func__ = "_gnutls_recv_handshake" #10 0x00007ffff7cba51b in handshake_client (session=0x5555562be3d0) at handshake.c:3085 ret = ver = ret = ver = reset = __func__ = "handshake_client" #11 gnutls_handshake (session=session at entry=0x5555562be3d0) at handshake.c:2884 vers = 0x7ffff7e87f38 ret = __func__ = "gnutls_handshake" #12 0x000055555559208c in _do_handshake (session=0x5555562be3d0, fd=fd at entry=3, read_timer=read_timer at entry=0x0) at /usr/src/debug/wget-1.21.3-4.fc37.x86_64/src/gnutls.c:557 flags = 2 err = next_timeout = 900 #13 0x00005555555972cc in ssl_connect_wget (fd=3, hostname=, continue_session=) at /usr/src/debug/wget-1.21.3-4.fc37.x86_64/src/gnutls.c:936 ctx = session = 0x5555562be3d0 err = #14 0x0000555555576eae in establish_connection (u=, conn_ref=0x7fffffffd498, hs=0x7fffffffdd00, proxy=, proxyauth=, req_ref=, using_ssl=0x7fffffffd487, inhibit_keep_alive=false, sock_ref=0x7fffffffd48c) at /usr/src/debug/wget-1.21.3-4.fc37.x86_64/src/http.c:2211 host_lookup_failed = sock = 3 req = 0x5555558a1f50 conn = 0x5555555fc820 resp = write_error = statcode = #15 0x000055555557fd79 in gethttp (u=, original_url=, hs=, dt=, proxy=, iri=, count=) at /usr/src/debug/wget-1.21.3-4.fc37.x86_64/src/http.c:3326 conn_err = req = 0x5555558a1f50 type = 0x0 user = 0x0 passwd = 0x0 proxyauth = 0x0 statcode = write_error = contlen = contrange = conn = 0x5555555fc820 fp = err = retval = sock = -1 auth_finished = false basic_auth_finished = false ntlm_seen = false using_ssl = false head_only = cond_get = metalink = head = 0x0 resp = 0x0 hdrval = '\000' , "_f\316G?\275\n\000\367\a\234\322\375\302{\377\000\000\000\000\000\000\000\370\376\377\377\377\377\377\377\000\000\000\000\000\000\000\000\060\333\377\377\377\177\000\000z\326\377\377\377\177\000\000\t\000\000\000\000\000\000\000\060\321]UUU\000\000p\326\377\377\377\177\000\000\354\000\000\000\000\000\000\000\060\333\377\377\377\177\000\000p\326\377\377\377\177\000\000\354\000\000\000\000\000\000\000p\326\377\377\377\177\000\000_\211ZUUU\000\000\000\000\000\000\n\000\000\000\000\000\000\000\n\000\000\000p\326\377\377\377\177\000\000\377\000\000\000\000\000\000\000index.html\000b\000\000\000\000{p\v\017\000\000\000\000\207"... message = 0x0 warc_enabled = warc_tmp = 0x0 warc_timestamp_str = "\234\243\356", '\000' warc_request_uuid = '\000' , "\367\a\234\322\375\302{u\334\340\367\377\177\000\000\351\217[UUU\000" warc_ip_buf = {family = 255, data = {d4 = {s_addr = 0}, d6 = {__in6_u = {__u6_addr8 = "\000\000\000\000\000\020\000\000\000\000\000\000 \020\000", __u6_addr16 = {0, 0, 4096, 0, 0, 0, 4128, 0}, __u6_addr32 = {0, 4096, 0, 4128}}}}, ipv6_scope = 0} warc_ip = 0x0 warc_payload_offset = keep_alive = chunked_transfer_encoding = inhibit_keep_alive = body_data_size = #16 0x00005555555841b9 in http_loop (u=0x5555555fc820, original_url=0x5555555fc820, newloc=0x7fffffffe048, local_file=0x7fffffffe040, referer=, dt=0x7fffffffe228, proxy=0x0, iri=0x5555555fc7f0) at /usr/src/debug/wget-1.21.3-4.fc37.x86_64/src/http.c:4423 count = 1 got_head = false time_came_from_head = false got_name = true tms = tmrate = err = ret = TRYLIMEXC tmr = -1 hstat = {len = 0, contlen = -1, restval = 0, res = -1, rderrmsg = 0x0, newloc = 0x0, remote_time = 0x0, error = 0x0, statcode = 0, message = 0x0, rd_size = 0, dltime = 0, referer = 0x0, local_file = 0x5555555dcb30 "index.html", existence_checked = false, timestamp_checked = false, orig_file_name = 0x0, orig_file_size = 0, orig_file_tstamp = 0, metalink = 0x0, local_encoding = ENC_NONE, remote_encoding = ENC_NONE, temporary = false} st = {st_dev = 0, st_ino = 140737348518733, st_nlink = 140737342332928, st_mode = 1432339232, st_uid = 21845, st_gid = 48, __pad0 = 0, st_rdev = 93824992920304, st_size = 16, st_blksize = 140737349799040, st_blocks = 48, st_atim = {tv_sec = 140737348550882, tv_nsec = 140737339375616}, st_mtim = {tv_sec = 89, tv_nsec = 0}, st_ctim = {tv_sec = 140737348521314, tv_nsec = 93824992920304}, __glibc_reserved = {140737348123288, 3, 0}} send_head_first = false force_full_retrieve = false #17 0x000055555558d84c in retrieve_url (orig_parsed=0x5555555fc820, origurl=0x7fffffffe6ec "https://www.cnn.com", file=0x7fffffffe238, newloc=0x7fffffffe230, refurl=0x0, dt=0x7fffffffe228, recursive=false, iri=0x5555555fc7f0, register_status=true) at /usr/src/debug/wget-1.21.3-4.fc37.x86_64/src/retr.c:983 result = NOCONERROR url = 0x5555555dc470 "https://www.cnn.com" location_changed = iri_fallbacked = false dummy = 21845 mynewloc = 0x0 proxy = u = 0x5555555fc820 proxy_url = up_error_code = 1431876999 local_file = 0x0 redirection_count = 0 method_suspended = false saved_body_data = saved_method = saved_body_file_name = 0x0 #18 0x0000555555562551 in main (argc=, argv=) at /usr/src/debug/wget-1.21.3-4.fc37.x86_64/src/main.c:2172 dt = 0 url_err = 0 t = 0x7fffffffe6ec "https://www.cnn.com" filename = 0x0 redirected_URL = 0x0 iri = 0x5555555fc7f0 url_parsed = 0x5555555fc820 error = p = i = 0 ret = longindex = -1 nurls = 1 retconf = argstring_length = use_userconfig = noconfig = false append_to_log = start_time = 3.467e-06 (gdb) Crashing/SIGILL culprit (gdb) x/i 0x00007ffff7dc168a => 0x7ffff7dc168a : vzeroupper (gdb) Regards -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1061663361 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 02:48:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 00:48:25 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bit if it cannot be queried through XSAVE (!1631) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 Project:Branches: dueno/gnutls:wip/dueno/cpuid-fixes to gnutls/gnutls:master Author: Daiki Ueno The algorithm to detect AVX is described in 14.3 of "Intel? 64 and IA-32 Architectures Software Developer?s Manual". GnuTLS previously only followed that algorithm when registering the crypto backend, while the CRYPTOGAMS derived SHA code assembly expects that the extension bits are propagated to _gnutls_x86_cpuid_s. Fixes: #1282 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 03:10:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 01:10:00 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Daiki Ueno commented: !1631 is my attempt to fix it. Rui, could you try this scratch build https://koji.fedoraproject.org/koji/taskinfo?taskID=90808584 on your system? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1064404791 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 06:27:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 04:27:26 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1064464575 OK, I cleared AVX bits, but forgot to clear AVX2. Perhaps you could try again with https://koji.fedoraproject.org/koji/taskinfo?taskID=90811207 ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1064464575 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 09:33:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 07:33:25 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Rui Ribeiro commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1064553201 I can confirm it is now working successfully without SIGILL. Thank you # wget https://www.google.com --2022-08-15 08:31:24-- https://www.google.com/ Resolving www.google.com (www.google.com)... 216.239.38.120 Connecting to www.google.com (www.google.com)|216.239.38.120|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ?index.html? index.html [ <=> ] 14.23K --.-KB/s in 0.001s 2022-08-15 08:31:25 (24.4 MB/s) - ?index.html? saved [14569]
... On Mon, 15 Aug 2022 at 05:27, Daiki Ueno (@dueno) wrote: > Daiki Ueno commented on a discussion > : > > OK, I cleared AVX bits, but forgot to clear AVX2. Perhaps you could try > again with https://koji.fedoraproject.org/koji/taskinfo?taskID=90811207 ? > > ? > Reply to this email directly or view it on GitLab > . > You're receiving this email because of your account on gitlab.com. > Unsubscribe > > from this thread ? Manage all notifications > ? Help > > -- Regards, -- Rui Ribeiro https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
-- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1064553201 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 10:49:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 08:49:03 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064617146 > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +/* Code split off from priority.c, `struct cfg` and some operations on it */ > + > +#ifndef GNUTLS_LIB_CONFIG_INT_H > +#define GNUTLS_LIB_CONFIG_INT_H > + > +/* > + * struct cfg ... and add accessors for all fields? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064617146 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 12:43:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 10:43:46 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064726603 > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +/* Code split off from priority.c, `struct cfg` and some operations on it */ > + > +#ifndef GNUTLS_LIB_CONFIG_INT_H > +#define GNUTLS_LIB_CONFIG_INT_H > + > +/* > + * struct cfg Yes, otherwise we should at least remove the existing accessors, e.g., `_gnutls_get_system_wide_verification_profile`, but I still don't see a very good reason to split the file even if its size is growing while the logic is tightly connected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064726603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 14:54:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 12:54:18 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064848052 > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +/* Code split off from priority.c, `struct cfg` and some operations on it */ > + > +#ifndef GNUTLS_LIB_CONFIG_INT_H > +#define GNUTLS_LIB_CONFIG_INT_H > + > +/* > + * struct cfg (`_gnutls_get_system_wide_verification_profile` is used beyond `priority.c`, so it's different) Undid the splitting in v18. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064848052 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 14:57:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 12:57:43 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064851276 > + * the setting is modified with a prior call to this function. > + * > + * Since: 3.7.3 > + */ > +int > +gnutls_digest_set_secure(gnutls_digest_algorithm_t dig, unsigned int secure) > +{ > +#ifndef DISABLE_SYSTEM_CONFIG > + int ret; > + ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); > + if (ret < 0) { > + (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); > + return gnutls_assert_val(ret); > + } > + ret = system_wide_config_is_malleable(); > + if (ret != 1) { `if (!system_wide_config_is_malleable()) {` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064851276 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 14:59:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 12:59:30 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: All discussions on merge request !1533 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 14:59:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 12:59:45 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: v19: rebased, addressed recent feedback -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1064853741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 15 22:54:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Aug 2022 20:54:11 +0000 Subject: [gnutls-devel] GnuTLS | windows: Avoid -Wint-conversion errors (!1632) References: Message-ID: Martin Storsj? created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 Project:Branches: mstorsjo/gnutls:int-conversion to gnutls/gnutls:master Author: Martin Storsj? Clang 15 made "incompatible pointer to integer conversion" an error instead of a plain warning. This fixes errors like these: ``` system/keys-win.c:257:13: error: incompatible pointer to integer conversion initializing 'HCRYPTHASH' (aka 'unsigned long') with an expression of type 'void *' [-Wint-conversion] HCRYPTHASH hHash = NULL; ^ ~~~~ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 03:31:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 01:31:14 +0000 Subject: [gnutls-devel] GnuTLS | windows: Avoid -Wint-conversion errors (!1632) In-Reply-To: References: Message-ID: Daiki Ueno commented: @mstorsjo the change itself looks good to me, though the commit is based on an old revision from 1.5 years ago. Could you rebase it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632#note_1065465485 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 06:19:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 04:19:31 +0000 Subject: [gnutls-devel] GnuTLS | windows: Avoid -Wint-conversion errors (!1632) In-Reply-To: References: Message-ID: Martin Storsj? commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632#note_1065541246 Oops, sorry about that - rebased it now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632#note_1065541246 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 06:19:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 04:19:39 +0000 Subject: [gnutls-devel] GnuTLS | windows: Avoid -Wint-conversion errors (!1632) In-Reply-To: References: Message-ID: All discussions on merge request !1632 were resolved by Martin Storsj? https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 06:30:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 04:30:35 +0000 Subject: [gnutls-devel] GnuTLS | windows: Avoid -Wint-conversion errors (!1632) In-Reply-To: References: Message-ID: Merge request !1632 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 Project:Branches: mstorsjo/gnutls:int-conversion to gnutls/gnutls:master Author: Martin Storsj? Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 06:30:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 04:30:44 +0000 Subject: [gnutls-devel] GnuTLS | windows: Avoid -Wint-conversion errors (!1632) In-Reply-To: References: Message-ID: Merge request !1632 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 Project:Branches: mstorsjo/gnutls:int-conversion to gnutls/gnutls:master Author: Martin Storsj? Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 06:33:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 04:33:28 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1065548146 > +/* > + * high-level interface for overriding configuration files > + */ > + > +static inline bool /* not locking system_wide_config */ > +system_wide_config_is_malleable(void) { > + if (!system_wide_config.allowlisting) { > + _gnutls_audit_log(NULL, "allowlisting is not enabled!\n"); > + return 0; > + } > + if (system_wide_config.priority_string) { > + _gnutls_audit_log(NULL, "priority strings have already been " > + "initialized!\n"); > + return 0; > + } > + return 1; nit: `true` / `false`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1065548146 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 06:33:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 04:33:46 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Merge request !1533 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 Project:Branches: asosedkin/gnutls:restrict-allowlisting-api to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 09:07:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 07:07:09 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: All discussions on merge request !1533 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 09:07:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 07:07:25 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: v20: `true`/`false` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1065651630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 09:50:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 07:50:25 +0000 Subject: [gnutls-devel] GnuTLS | windows: Avoid -Wint-conversion errors (!1632) In-Reply-To: References: Message-ID: Merge request !1632 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 Project:Branches: mstorsjo/gnutls:int-conversion to gnutls/gnutls:master Author: Martin Storsj? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1632 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 10:20:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 08:20:20 +0000 Subject: [gnutls-devel] GnuTLS | cipher: Ensure correct alignment (!1633) References: Message-ID: Doug Nazar created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1633 Project:Branches: dougnazar/gnutls:fix_nettle_alignment to gnutls/gnutls:master Author: Doug Nazar Unsigned math is required to calculate the current alignment. As seen on an armv7 box: ``` (gdb) print ctx $6 = (struct nettle_cipher_ctx *) 0xae502670 (gdb) print ctx_ptr $7 = (uint8_t *) 0xae5026c4 "" (gdb) print cur_alignment $8 = -12 ``` ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1633 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 10:59:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 08:59:18 +0000 Subject: [gnutls-devel] GnuTLS | cipher: Ensure correct alignment (!1633) In-Reply-To: References: Message-ID: Merge request !1633 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1633 Project:Branches: dougnazar/gnutls:fix_nettle_alignment to gnutls/gnutls:master Author: Doug Nazar Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1633 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 10:59:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 08:59:28 +0000 Subject: [gnutls-devel] GnuTLS | cipher: Ensure correct alignment (!1633) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1633#note_1065803303 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 11:01:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 09:01:37 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: I don't see a problem with these changes. I'd like to propose a test for the exceptional sizes though: https://gitlab.com/asosedkin/gnutls/-/commit/4894bf174fc6c2600c35dcc1f155024c96586783 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630#note_1065806121 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 11:51:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 09:51:20 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630#note_1065880526 Thanks; cherry-picked it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630#note_1065880526 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 12:46:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 10:46:57 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: I am not competent enough in this domain, so here are some (inline) questions about the unexplained parts instead of a proper review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1065959637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 12:46:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 10:46:58 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/accelerated/x86/x86-common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1065959622 > > - if ((ecx & OSXSAVE_MASK) != OSXSAVE_MASK) > + if ((ecx & bit_OSXSAVE) != bit_OSXSAVE) What's the reason for the change? I don't get what's the benefit of not checking for MOVBE. -- Alexander Sosedkin started a new discussion on lib/accelerated/x86/x86-common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1065959628 > { > - if (check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1]) == 0) > - return 0; What's the reason for the change? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 13:08:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 11:08:45 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) In-Reply-To: References: Message-ID: All discussions on merge request !1630 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 14:01:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 12:01:22 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/accelerated/x86/x86-common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1066051813 > { > uint32_t xcr0; > > - if ((ecx & OSXSAVE_MASK) != OSXSAVE_MASK) > + if ((ecx & bit_OSXSAVE) != bit_OSXSAVE) This check is to detect support for `xgetbv`, which we use on the following line. We could check MOVBE here, but it can be detected independently on XSAVE, so I guess we should move the check to `check_avx_movbe` (it's currently missing; good catch). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1066051813 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 16:16:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 14:16:22 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) In-Reply-To: References: Message-ID: Merge request !1630 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-key-sizes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 16:20:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 14:20:17 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) In-Reply-To: References: Message-ID: Merge request !1630 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-key-sizes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 16 16:20:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Aug 2022 14:20:30 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark RSA SigVer operation approved for known modulus sizes (!1630) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1630#note_1066273039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 09:45:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 07:45:02 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Daiki Ueno commented: Can we merge this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1067099905 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 09:55:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 07:55:00 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: All discussions on merge request !4 were resolved by Daiki Ueno https://gitlab.com/gnutls/cligen/-/merge_requests/4 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 09:55:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 07:55:53 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review. The issues should be addressed now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4#note_1067112897 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 10:28:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 08:28:16 +0000 Subject: [gnutls-devel] GnuTLS | compress_certificate is being set on ServerHello (#1397) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1397 ## Description of problem: compress_certificate is being set on ServerHello ## Version of gnutls used: master ## How reproducible: reliably Steps to Reproduce: * `gnutls-serv -a --x509certfile cert.pem --x509keyfile key.pem --compress-cert zlib -d9` * `gnutls-cli localhost:5556` ## Actual results: |<4>| EXT[0x1f16840]: Preparing extension (Compress Certificate/27) for 'TLS 1.3 server hello' ## Expected results: `compress_certificate` only being encountered on ClientHello and CertificateRequest, not ServerHello (https://datatracker.ietf.org/doc/html/rfc8879#section-3). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1397 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 10:29:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 08:29:13 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: Merge request !4 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/cligen/-/merge_requests/4 Branches: wip/dueno/arg-default to main Author: Daiki Ueno Assignees: Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 10:32:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 08:32:05 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1067162362 I consider it ready, if that's what you're asking. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_1067162362 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 10:43:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 08:43:24 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: All discussions on merge request !1631 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 10:59:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 08:59:49 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: All discussions on merge request !1533 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 10:59:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 08:59:55 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Merge request !1533 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 Project:Branches: asosedkin/gnutls:restrict-allowlisting-api to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 11:05:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 09:05:50 +0000 Subject: [gnutls-devel] cligen | Support "argument-default" attribute on option (!4) In-Reply-To: References: Message-ID: Merge request !4 was merged Merge request URL: https://gitlab.com/gnutls/cligen/-/merge_requests/4 Branches: wip/dueno/arg-default to main Author: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 12:08:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 10:08:16 +0000 Subject: [gnutls-devel] GnuTLS | compress_certificate is being set on ServerHello (#1397) In-Reply-To: References: Message-ID: Reassigned Issue 1397 https://gitlab.com/gnutls/gnutls/-/issues/1397 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1397 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 12:08:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 10:08:21 +0000 Subject: [gnutls-devel] GnuTLS | compress_certificate is being set on ServerHello (#1397) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.8 (Jul 1, 2022?Sep 1, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/37 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1397 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 13:07:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 11:07:34 +0000 Subject: [gnutls-devel] libtasn1 | License of libtasn1.map (#38) In-Reply-To: References: Message-ID: Issue was closed by Simon Josefsson via commit 33adcd0774158bc6fbbb4c08940bf9b9bbd2e9f9 Issue #38: https://gitlab.com/gnutls/libtasn1/-/issues/38 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/38 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 17 22:06:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 20:06:51 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/corpus2array: fix build with gnu89 (!70) In-Reply-To: References: Message-ID: Simon Josefsson commented: The information about GCC 4.8.5 not supporting gnu99/gnu11 seems wrong and got me off track on this -- I have built libtasn1 using GCC 4.1.1 on Debian 4 (in fact, this will be part of future CI/CD) and it seems to support gnu99. So I could never reproduce the problem. However now I can reproduce this by `make CC='cc -ansi' WERROR_CFLAGS="-Werror -Dinline= -Wno-unused-function" V=1` (which also will be part of future CI/CD) and fixing so that builds doesn't seem completely unreasonable since it only required a couple of minor patches. The reason the person did not notice the errors that @rockdaboot got is that they were part of the 'make check' code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70#note_1068125468 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 01:06:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 23:06:06 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/corpus2array: fix build with gnu89 (!70) In-Reply-To: References: Message-ID: Merge request !70 was closed by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70 Project:Branches: mangix/libtasn1:mangix-master-patch-15289 to gnutls/libtasn1:master Author: Rosen Penev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 01:06:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Aug 2022 23:06:05 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/corpus2array: fix build with gnu89 (!70) In-Reply-To: References: Message-ID: Simon Josefsson commented: Solved with 5ce3238a -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70#note_1068251353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 02:05:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Aug 2022 00:05:20 +0000 Subject: [gnutls-devel] GnuTLS | srptool: resurrect default value for -i (!1634) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 Project:Branches: dueno/gnutls:wip/dueno/cligen-update to gnutls/gnutls:master Author: Daiki Ueno The default option value for `-i` (`--index`) was dropped during the cligen conversion. This adds it back for compatibility with the existing command line usage. Fixes: #1394 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 08:34:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Aug 2022 06:34:24 +0000 Subject: [gnutls-devel] GnuTLS | srptool: resurrect default value for -i (!1634) In-Reply-To: References: Message-ID: Reassigned merge request 1634 https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 08:34:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Aug 2022 06:34:32 +0000 Subject: [gnutls-devel] GnuTLS | srptool: resurrect default value for -i (!1634) In-Reply-To: References: Message-ID: Reviewer changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 08:34:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Aug 2022 06:34:52 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Reassigned merge request 1631 https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 08:37:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Aug 2022 06:37:36 +0000 Subject: [gnutls-devel] GnuTLS | srptool: resurrect default value for -i (!1634) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: I've tested it as part of reviewing https://gitlab.com/gnutls/cligen/-/merge_requests/4 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634#note_1068462252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 08:37:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Aug 2022 06:37:38 +0000 Subject: [gnutls-devel] GnuTLS | srptool: resurrect default value for -i (!1634) In-Reply-To: References: Message-ID: Merge request !1634 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 Project:Branches: dueno/gnutls:wip/dueno/cligen-update to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 08:58:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Aug 2022 06:58:53 +0000 Subject: [gnutls-devel] GnuTLS | srptool: resurrect default value for -i (!1634) In-Reply-To: References: Message-ID: Merge request !1634 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 Project:Branches: dueno/gnutls:wip/dueno/cligen-update to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 18 08:58:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Aug 2022 06:58:58 +0000 Subject: [gnutls-devel] GnuTLS | srptool: resurrect default value for -i (!1634) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1634#note_1068487080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 19 05:43:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Aug 2022 03:43:05 +0000 Subject: [gnutls-devel] GnuTLS | build: allow GMP to be statically linked (!1635) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1635 Project:Branches: dueno/gnutls:wip/dueno/gmp-static to gnutls/gnutls:master Author: Daiki Ueno Even though we set the custom allocator[1] to zeroize sensitive data, it can be easily invalidated if the application sets its own custom allocator. An approach to prevent that is to link against a static library of GMP, so the use of GMP is privatized and the custom allocator configuration is not shared with other applications. This patch allows libgnutls to be linked with the static library of GMP. Note that, to this work libgmp.a needs to be compiled with -fPIC and libhogweed in Nettle is also linked to the static library of GMP. 1. https://gitlab.com/gnutls/gnutls/-/merge_requests/1554 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 19 05:44:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Aug 2022 03:44:20 +0000 Subject: [gnutls-devel] GnuTLS | build: allow GMP to be statically linked (!1635) In-Reply-To: References: Message-ID: Daiki Ueno commented: @tobhe fyi -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1635#note_1070031989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 19 07:27:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Aug 2022 05:27:56 +0000 Subject: [gnutls-devel] GnuTLS | build: allow GMP to be statically linked (!1635) In-Reply-To: References: Message-ID: Reassigned merge request 1635 https://gitlab.com/gnutls/gnutls/-/merge_requests/1635 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 19 07:28:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Aug 2022 05:28:14 +0000 Subject: [gnutls-devel] GnuTLS | build: allow GMP to be statically linked (!1635) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 19 10:16:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Aug 2022 08:16:09 +0000 Subject: [gnutls-devel] GnuTLS | build: allow GMP to be statically linked (!1635) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: I see no problems in the code. Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1635#note_1070255708 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 19 10:16:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Aug 2022 08:16:18 +0000 Subject: [gnutls-devel] GnuTLS | build: allow GMP to be statically linked (!1635) In-Reply-To: References: Message-ID: Reviewer changed from Zolt?n Fridrich to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 20 04:09:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Aug 2022 02:09:26 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) References: Message-ID: Luke D'Alessandro created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1398 ## Description of problem: The GMP library indirects dynamic memory allocation through a couple of function pointers, and allows client code to get and set those values through calls to `mp_set_memory_functions()`. 41c9c845 introduced code into `gnutls_crypto_init` that leverages this functionality to replace GMP's realloc and free functions to use `gnutls_realloc_zero` and `gnutls_free_zero`. I have some static global `mpq_class` objects (using GMP's C++ API) that have their destructors run in `__run_exit_handlers`, after `main()`. These destructors attempt to use GMP's `__gmp_free_func` to free their data, which was set to `gnutls_free_zero`, however due to the vagaries of shared-object ctor/dtor ordering, libgnutls.so has **already been unloaded** and thus that call segfaults. I do not personally load libgnutls, that is done transitively by OpenMPI in this case. As an end user, I don't really know of a great way to workaround this. I can manually reset GMP's pointers to their default after gnutls resets them now that I know this is a problem. I think the fix might be to have gnutls remember these values and reset them during `deinit()`, but that assumes everyone is correctly calling that function. ## Version of gnutls used: ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Various means, this occurs on all platforms that I run on. ## How reproducible: Forgive me, I don't know how to actually call any functions in gnutls, but the following code reproduces the problem when compiled with mpic++. ```C++ #include #include static mpq_class _; int main() { MPI_Init(NULL, NULL); MPI_Finalize(); } ``` ## Actual results: ``` ldalessa at portland:~/temp$ mpic++ -o test test.cpp -lgmpxx -lgmp ldalessa at portland:~/temp$ ./test [portland:74170] *** Process received signal *** [portland:74170] Signal: Segmentation fault (11) [portland:74170] Signal code: Address not mapped (1) [portland:74170] Failing at address: 0x7fab9d15d0e0 Segmentation fault ``` ## Expected results: No SEGFAULT. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 20 04:22:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Aug 2022 02:22:32 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Luke D'Alessandro commented: Actually I take it back, I can't workaround this by resetting GMP's allocators to their defaults, as those defaults are not visible in `gmp.h`. I can set them to `NULL`, which is probably fine but will show up as leaked memory in various tools, or I think I can hope that they're malloc/realloc/free, and write my own interposition functions to forward to those. Neither one of these is really compelling. Also, I should note this isn't a C++-only issue, any sort of `__attribute__((destructor))` can run into this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071172363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 20 10:09:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Aug 2022 08:09:10 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 Project:Branches: dueno/gnutls:wip/dueno/cb-fixes to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1391 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 20 16:38:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Aug 2022 14:38:41 +0000 Subject: [gnutls-devel] GnuTLS | Use custom allocators for GMP to make sure temporary secrets (41c9c845) In-Reply-To: References: Message-ID: Luke D'Alessandro started a new discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/commit/41c9c845a342359327403431050d3458246896af#note_1071304858 > + > + /* Check if non-default allocators are being used. > + * Some applications like guile override GMP allocators > + * with GC capable alternatives. Do nothing if this is > + * the case. > + */ > + mp_get_memory_functions(&allocfunc, &reallocfunc, &freefunc); > + mp_set_memory_functions(NULL, NULL, NULL); > + mp_get_memory_functions(&defallocfunc, &defreallocfunc, &deffreefunc); > + if (reallocfunc != defreallocfunc || freefunc != deffreefunc) { > + mp_set_memory_functions(allocfunc, reallocfunc, freefunc); > + return (0); > + } > + > + /* Overload GMP allocators with safe alternatives */ > + mp_set_memory_functions(NULL, gnutls_realloc_zero, gnutls_free_zero); This causes a segfault during `__run_exit_handlers` if `libgnutls.so` is unloaded before GMP tries to free memory. See issue 1398. I think gnutls needs to at least store the previous functions and restore them as part of `gnutls_crypto_deinit()`. Assuming this gets called prior to `exit()` it will avoid the issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/41c9c845a342359327403431050d3458246896af#note_1071304858 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 20 19:58:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Aug 2022 17:58:42 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Luke D'Alessandro commented: I would also suggest that silently "stealing" the allocation functions and making them more expensive for _all_ GMP users is not necessarily a friendly solution for anything. I have some phases of computation that are heavily dependent on the performance of GMP and any additional overhead during these phases is really not something I appreciate. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071368298 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 21 06:43:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Aug 2022 04:43:27 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Reassigned merge request 1636 https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 21 06:43:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Aug 2022 04:43:34 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 21 06:44:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Aug 2022 04:44:40 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) In-Reply-To: References: Message-ID: Daiki Ueno commented: @Neustradamus could you check !1636? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391#note_1071453181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 21 06:46:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Aug 2022 04:46:46 +0000 Subject: [gnutls-devel] GnuTLS | DES-CBC bag is decryptable under FIPS (#1392) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.8 (Jul 1, 2022?Sep 1, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/37 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 21 09:35:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Aug 2022 07:35:33 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Daiki Ueno commented: I agree in general. To ensure zeroization of sensitive materials in GnuTLS/Nettle while not sacrificing the GMP users, the current alternatives under discussion are: - switch `mpz_` usage in Nettle and GnuTLS to using the low-level [`mpn_`](https://gmplib.org/manual/Low_002dlevel-Functions) functions, and implement zeroization directly - link to a static library of GMP so the call to `mp_set_memory_functions` doesn't affect other GMP users While the former would be better in the long run, it would require significant effort in porting. The latter would be simpler, though it would slightly increase the library size (see !1635 and the example usage in [nettle](https://gitlab.com/redhat/centos-stream/rpms/nettle/-/merge_requests/6/) and [gnutls](https://gitlab.com/redhat/centos-stream/rpms/gnutls/-/merge_requests/41) packages in CentOS Stream 9). Tagging @tobhe @nielsmoller for further feedback. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071468742 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 21 18:25:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Aug 2022 16:25:52 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Luke D'Alessandro commented: Sounds good, and also sounds like it would avoid the SEGVs that I'm getting and resolve this PR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071549158 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 21 18:52:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Aug 2022 16:52:32 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071554068 Daiki Ueno @dueno wrote > the current alternatives under discussion are: > > - switch mpz_ usage in Nettle and GnuTLS to using the low-level mpn_ functions, and implement zeroization directly > - link to a static library of GMP so the call to mp_set_memory_functions doesn't affect other GMP users > >While the former would be better in the long run, it would require significant effort in porting. The latter would be simpler, though it would slightly increase the library size (see !1635 and the example usage in nettle and gnutls packages in CentOS Stream 9). Increased size is not the only downside, any (security, serious, ...) issue in GMP would only be fixed in GnuTLS _if_ it was rebuilt against a fixed version of GMP. (Increased memory usage is another, but less significant point.) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1071554068 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 00:55:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 21 Aug 2022 22:55:33 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) In-Reply-To: References: Message-ID: Neustradamus commented: @dueno: Good improvements, thanks a lot! Can you look for this file too? - https://gitlab.com/gnutls/gnutls/-/blob/master/doc/latex/gnutls.bib When it will be the moment, do not forget to add RFC9266... in https://gitlab.com/gnutls/gnutls/-/blob/master/NEWS like a long time ago with RFC5929 (https://gitlab.com/gnutls/gnutls/-/blob/master/NEWS#L4267). cc: @jas. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391#note_1071752836 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 08:01:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Aug 2022 06:01:30 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Merge request !1636 was approved by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 Project:Branches: dueno/gnutls:wip/dueno/cb-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 08:01:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Aug 2022 06:01:27 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Simon Josefsson commented: I was just about to work on this myself, thank you! Looks good to me. One minor comment: The code will only ever print one of tls-unique and tls-exporter, aren't there situations where both values are possible to print? Instead of the version-related checking, the src/common.c code should just try to get the values from the library and print them if the library returns anything. Although I believe everyone is better off forgetting the tls-unique mess anyway. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1071915297 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 08:23:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Aug 2022 06:23:20 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1071929414 I wonder if it implies that we should move the version check to the library and return error when tls-exporter is unusable, though it may introduce a minor backward incompatibility. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1071929414 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 09:38:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Aug 2022 07:38:02 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Niels M?ller commented: I don't see any really easy solution. Some comments: 1. Moving to using mpn interfaces exclusively in Nettle would be nice, but it's not going to happen anytime soon. mpz_t is used in the DSA and RSA implementation, and in many public key interfaces. So first step would be to introduce interfaces that pass byte strings rather than mpz_t bignums. 2. Note that there are also some direct calls to gmp allocation functions, via TMP_GMP_ALLOC. 3. In general I'm not that fond of application level zeroization of sensitive data. I think it ought to be the job of the operating system to protect the application's memory, by isolation between processes, and by encrypting data with some short-lived key if RAM contents is paged to disk. But I realize that there may still be some need for this, since encrypted paging isn't widely used (as far as I'm aware), and in particular for users that like to save all system state to disk for hibernation, vm migration, or the like. 4. There are also plenty of temporary stack allocations, which don't have any zeroization. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1072006989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 09:46:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Aug 2022 07:46:01 +0000 Subject: [gnutls-devel] GnuTLS | Draft: priority: partial fix for gnutls_protocol_set_enabled enabling (!1501) In-Reply-To: References: Message-ID: Merge request !1501 was closed by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1501 Project:Branches: asosedkin/gnutls:protocol-set-fixing to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1501 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 10:29:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Aug 2022 08:29:36 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Simon Josefsson commented: Yes I think that would be better -- if someone really wants to compute the TLS-exporter channel binding DATA without the additional checks specified by RFC 9266 they can always call gnutls_prf_rfc5705() directly. So I think the gnutls_session_channel_binding() API should match RFC 9266 behaviour and refuse to return anything according to this part: ```This channel binding mechanism is defined only when the TLS handshake results in unique master secrets. This is true of TLS versions prior to 1.3 when the extended master secret extension of [RFC7627] is in use, and it is always true for TLS 1.3 (see Appendix D of [RFC8446]).``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1072080531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 11:11:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Aug 2022 09:11:35 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Rui Ribeiro commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1072151335 Hi, Bug also present in nightly release of Rawhide 38
... On Mon, 15 Aug 2022 at 08:33, Rui Ribeiro wrote: > I can confirm it is now working successfully without SIGILL. Thank you > > # wget https://www.google.com > > --2022-08-15 08:31:24-- https://www.google.com/ > > Resolving www.google.com (www.google.com)... 216.239.38.120 > > Connecting to www.google.com (www.google.com)|216.239.38.120|:443... > connected. > > HTTP request sent, awaiting response... 200 OK > > Length: unspecified [text/html] > > Saving to: ?index.html? > > > index.html [ <=> ] 14.23K --.-KB/s in > 0.001s > > > 2022-08-15 08:31:25 (24.4 MB/s) - ?index.html? saved [14569] > > On Mon, 15 Aug 2022 at 05:27, Daiki Ueno (@dueno) wrote: > >> Daiki Ueno commented on a discussion >> : >> >> OK, I cleared AVX bits, but forgot to clear AVX2. Perhaps you could try >> again with https://koji.fedoraproject.org/koji/taskinfo?taskID=90811207 ? >> >> ? >> Reply to this email directly or view it on GitLab >> . >> You're receiving this email because of your account on gitlab.com. >> Unsubscribe >> >> from this thread ? Manage all notifications >> ? Help >> >> > > > -- > Regards, > > -- > Rui Ribeiro > https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434 > -- Regards, -- Rui Ribeiro https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
-- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1072151335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 22 18:15:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Aug 2022 16:15:31 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Luke D'Alessandro commented: I don't really mind this PR becoming a place to discuss the design choices, but I'd really like it if someone could address the short-term problem that `libgnutls.so` is currently causing my application to segfault at exit :sweat_smile: . I don't really have the domain specific knowledge to implement or test the obvious fix of storing the existing handlers and then restoring them as part of `gnutls_crypto_deinit`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1072886670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 09:09:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 07:09:24 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Daiki Ueno commented: I got this on some system: ```console AESNI+PCLMUL+AVX cipher: aes-128-gcm ./test-ciphers-common.sh: line 72: 191091 Illegal instruction (core dumped) GNUTLS_CPUID_OVERRIDE=0x1A ${PROG} ``` This indicates that the code path used with GNUTLS_CPUID_OVERRIDE is not in sync with the default code path. The latest change would fix it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1073960798 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 13:40:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 11:40:59 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Tobias Heider commented: @nielsmoller switching API does look like a lot of work indeed. The zeroing was motivated by a NIST FIPS requirement in this case, but I don't generally agree that encrypted paging and process isolation provide the same protection. Zeroing process memory in userland also reduces the possible damage done by ROP style attacks or binary exploits running in the same process context. @dueno @ametzler all downsides considered, I think statically linking doesn't sound too bad. There is one more possible solution which would be using nettle's minigmp (which is always statically linked afaics). I am not sure what the runtime implications/downsides of minigmp are but it would make the packaging a whole lot easier. I will see if I can come up with a fix to unload the allocators in `gnutls_crypto_deinit` to solve Luke's problem -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1074391625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 13:51:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 11:51:44 +0000 Subject: [gnutls-devel] GnuTLS | Unload custom allocators in gnutls_crypto_deinit() (!1637) References: Message-ID: Tobias Heider created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1637 Project:Branches: tobhe/gnutls:unload to gnutls/gnutls:master Author: Tobias Heider Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 14:00:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 12:00:14 +0000 Subject: [gnutls-devel] GnuTLS | Unload custom allocators in gnutls_crypto_deinit() (!1637) In-Reply-To: References: Message-ID: Merge request !1637 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1637 Project:Branches: tobhe/gnutls:unload to gnutls/gnutls:master Author: Tobias Heider Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 16:37:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 14:37:33 +0000 Subject: [gnutls-devel] GnuTLS | Unload custom allocators in gnutls_crypto_deinit() (!1637) In-Reply-To: References: Message-ID: Merge request !1637 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1637 Project:Branches: tobhe/gnutls:unload to gnutls/gnutls:master Author: Tobias Heider Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 16:56:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 14:56:57 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Issue was closed by Tobias Heider via commit 79fe96773bbd017938bf6f8f4c715f1956c38d9e Issue #1398: https://gitlab.com/gnutls/gnutls/-/issues/1398 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 16:56:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 14:56:58 +0000 Subject: [gnutls-devel] GnuTLS | Unload custom allocators in gnutls_crypto_deinit() (!1637) In-Reply-To: References: Message-ID: Merge request !1637 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1637 Project:Branches: tobhe/gnutls:unload to gnutls/gnutls:master Author: Tobias Heider -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 18:45:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 16:45:47 +0000 Subject: [gnutls-devel] libtasn1 | How to Run the test cases manually (#39) In-Reply-To: References: Message-ID: Simon Josefsson commented: I don't understand what you mean -- can you elaborate? The test cases can be run by 'make check' or (after building them) manually by, e.g., running ./Test_simple and they exit with non-0 exit code on errors. Some tests require environment variables specifying files to read, see Makefile.am. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/39#note_1074875396 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 18:48:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 16:48:42 +0000 Subject: [gnutls-devel] libtasn1 | fail to parse certificate then build with clang (#31) In-Reply-To: References: Message-ID: Simon Josefsson commented: @rim you can you reproduce this with 4.18? I think it was closed in 4.17. Let's close this report if it is indeed not possible to reproduce any more. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/31#note_1074878376 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 23 19:36:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Aug 2022 17:36:07 +0000 Subject: [gnutls-devel] GnuTLS | nettle's gnutls_crypto_init() causes segfault in unrelated gmp code during static destructors (#1398) In-Reply-To: References: Message-ID: Niels M?ller commented: Implications of using mini-gmp are: 1. slower, 2. less protection from side channel leakage, 3. different abi for the mpz_t type, in case that is exposed via the gnutls api. That may be the right tradeoff in some cases, but generally, I don't think it's the right thing to do. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1398#note_1074919386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 13:58:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 11:58:25 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) started a new discussion on lib/accelerated/x86/x86-common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1075950318 > if (capabilities == 0) { > if (!read_cpuid_vals(_gnutls_x86_cpuid_s)) > return; > + if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) { > + _gnutls_x86_cpuid_s[1] &= ~bit_AVX; > + > + /* Clear AVX2 bits as well, according to what > + * OpenSSL does. Should we clear > + * bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, > + * and bit_AVX512CD? */ It depends on how the CRYPTOGRAMS code checks for those flags, if they check for AVX512F and one of those, then no, we don't have to; OTOH, if they look at one of those flags only, then they will need to be cleared too -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1075950318 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 13:59:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 11:59:10 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Merge request !1631 was approved by Hubert Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 Project:Branches: dueno/gnutls:wip/dueno/cpuid-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 13:59:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 11:59:05 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: with the exception of the one "if", looks good to me -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1075951142 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 15:37:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 13:37:37 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/accelerated/x86/x86-common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1076122956 > if (capabilities == 0) { > if (!read_cpuid_vals(_gnutls_x86_cpuid_s)) > return; > + if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) { > + _gnutls_x86_cpuid_s[1] &= ~bit_AVX; > + > + /* Clear AVX2 bits as well, according to what > + * OpenSSL does. Should we clear > + * bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, > + * and bit_AVX512CD? */ Yes, here is the [reference](https://github.com/openssl/openssl/blob/4d32f5332fa69ac949feec54c273fe63639ad891/crypto/x86_64cpuid.pl#L218). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1076122956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 15:37:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 13:37:49 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: All discussions on merge request !1631 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 15:37:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 13:37:59 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1631 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1631) Issue #1282: https://gitlab.com/gnutls/gnutls/-/issues/1282 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 15:37:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 13:37:57 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Merge request !1631 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 Project:Branches: dueno/gnutls:wip/dueno/cpuid-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 15:38:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 13:38:13 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: clear AVX bits if it cannot be queried through XSAVE (!1631) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1631#note_1076124304 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 24 17:27:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 15:27:37 +0000 Subject: [gnutls-devel] GnuTLS | report system config file location in gnutls-cli (#1399) References: Message-ID: Robert Elliott created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1399 ## Description of the feature: The default location of the system configuration file is a compile-time choice specified in the Makefile. There is no command reporting this information to the user, though. The gnutls_get_system_config_file() function returns the active value (which might be overridden by the GNUTLS_SYSTEM_PRIORITY_FILE environment variable), but there is no CLI command that reports that information. Suggestions: 1. add the compiled-in directory location to: ``` $ gnutls-cli --list-config libgnutls-soname: libgnutls.so.30 libnettle-soname: libnettle.so.8 libhogweed-soname: libhogweed.so.6 libgmp-soname: libgmp.so.10 hardware-features: padlock pkcs11 tls-features: ssl2-compat srtp alpn ocsp srp psk dhe ecdhe auth-anon heartbeat default-system-config-file: /path/to/gnutls.config ## Applications that this feature may be relevant to: gnutls-cli ``` That can be done by adding one line to this array: ``` static const struct gnutls_library_config_st _gnutls_library_config[] = { #ifdef FIPS_MODULE_NAME { "fips-module-name", FIPS_MODULE_NAME }, #endif #ifdef FIPS_MODULE_VERSION { "fips-module-version", FIPS_MODULE_VERSION }, #endif { "libgnutls-soname", GNUTLS_LIBRARY_SONAME }, { "libnettle-soname", NETTLE_LIBRARY_SONAME }, { "libhogweed-soname", HOGWEED_LIBRARY_SONAME }, { "libgmp-soname", GMP_LIBRARY_SONAME }, { "hardware-features", HW_FEATURES }, { "tls-features", TLS_FEATURES }, { "default-system-config", SYSTEM_PRIORITY_FILE }, { NULL, NULL } }; ``` 2. Add a command reporting the active value (i.e., the results of gnutls_get_system_config_file(), maybe: ``` $ gnutls --list-config-file GNUTLS_SYSTEM_PRIORITY_FILE: "/path/to/gnutls.config" ``` ## Is this feature implemented in other libraries (and which) A similar command in OpenSSL is ``` $ openssl version -d OPENSSLDIR: "/etc/pki/tls" ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1399 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 25 00:38:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Aug 2022 22:38:09 +0000 Subject: [gnutls-devel] GnuTLS | report system config file location in gnutls-cli (#1399) In-Reply-To: References: Message-ID: Daiki Ueno commented: Sounds like a good idea! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1399#note_1077199347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 29 04:10:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Aug 2022 02:10:12 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Daiki Ueno commented: The library now returns an error (not `GNUTLS_E_INVALID_REQUEST` but `GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE`) such occasions, and the gnutls-serv prints something like: ```console - Channel bindings - 'tls-unique': not available - 'tls-server-end-point': 80ceb554332eef9939bd95d0aed4548c2d5e097432933dd25edbb3bb1bbcbd07 - 'tls-exporter': 4b1e8996092cf884f469ab670cc680ae860333757aaa9d156e831cd13a663e7d ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1080400563 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 29 09:10:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Aug 2022 07:10:04 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Simon Josefsson commented: Looks better to me! Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1080575047 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 29 09:47:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Aug 2022 07:47:06 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: All discussions on merge request !1636 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 29 09:47:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Aug 2022 07:47:15 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Merge request !1636 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 Project:Branches: dueno/gnutls:wip/dueno/cb-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 29 09:47:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Aug 2022 07:47:15 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1636 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1636) Issue #1391: https://gitlab.com/gnutls/gnutls/-/issues/1391 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 29 09:47:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Aug 2022 07:47:46 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the suggestions! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1080622426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 30 02:22:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Aug 2022 00:22:37 +0000 Subject: [gnutls-devel] GnuTLS | cipher: Ensure correct alignment (!1633) In-Reply-To: References: Message-ID: Merge request !1633 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1633 Project:Branches: dougnazar/gnutls:fix_nettle_alignment to gnutls/gnutls:master Author: Doug Nazar -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1633 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 30 16:15:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Aug 2022 14:15:54 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636) In-Reply-To: References: Message-ID: Neustradamus commented: Thanks a lot @dueno and @jas too! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1082519101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 30 16:15:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Aug 2022 14:15:58 +0000 Subject: [gnutls-devel] GnuTLS | RFC 9266: Channel Bindings for TLS 1.3 support (#1391) In-Reply-To: References: Message-ID: Neustradamus commented: Thanks a lot @dueno and @jas too! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1391#note_1082519204 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 31 10:42:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 31 Aug 2022 08:42:48 +0000 Subject: [gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on tests/gnutls_ktls_keyupdate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1083540372 > +#ifdef HAVE_CONFIG_H Please insert license header. Also I'd remove `gnutls_` prefix as it is obvious that this is a gnutls test. -- Daiki Ueno started a new discussion on tests/gnutls_ktls_keyupdate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1083540391 > +#endif > + > +#include Don't need to include `` twice? -- Daiki Ueno started a new discussion on tests/gnutls_ktls_keyupdate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1083540396 > +#include > +#include > +#include This header is known to be non-existent on mingw platform: https://www.gnu.org/software/gnulib/manual/html_node/semaphore_002eh.html -- Daiki Ueno started a new discussion on tests/gnutls_ktls_keyupdate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1083540404 > +} > + > +sem_t mutex_client; Sorry I don't understand why this helps as this test does not create threads. To synchronize between processes, we need to use a different means, e.g., signals, pipes, etc. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: