From gnutls-devel at lists.gnutls.org Thu Dec 1 18:15:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Dec 2022 17:15:02 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Make packaging with gnulib easier (#9) References: Message-ID: Jonathan Brielmaier created an issue: https://gitlab.com/gnutls/guile/-/issues/9 Hi, since 3.7.10 guile-gnutls seems to require the source tree of gnulib present while building. This makes packaging a bit harder. I see at least two ways to make it more simple again: * provide "bootstrapped" tarballs (those who are attached to the release) on a nice link, e.g. somewhere here https://www.gnupg.org/ftp/gcrypt/gnutls/ * allow the usage of the gnulib shipped by the distro. Don't know if thats possible. But the `--gnulib-srcdir` needs to be adapted, as those files are distributed over the file system (/usr/bin, /usr/share etc...) ~Jonathan -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 1 22:59:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Dec 2022 21:59:15 +0000 Subject: [gnutls-devel] GnuTLS | Why OpenConnectGUI fails to connect, when CLI does not? (#1436) References: Message-ID: juxeii created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1436 Hi all, today this OpenConenct GUI patch stopped working after months without issues. Interestingly, the command line still works. Attached is the log for the GUI version([gui_failed.txt](/uploads/92395d1193d0acae77c6df03db8e70b5/gui_failed.txt)) Attached is also the log of the CLI, the first line is the call command([cli_passed.txt](/uploads/13a9a5ea50e8ed75e3e7907f61bc539f/cli_passed.txt)) What could possibly the reason? Some timing issues? Any help appreciated :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1436 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 07:26:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 06:26:37 +0000 Subject: [gnutls-devel] GnuTLS | Why OpenConnectGUI fails to connect, when CLI does not? (#1436) In-Reply-To: References: Message-ID: Daiki Ueno commented: I don't see any indication of GnuTLS being the cause, from the attached logs. Shouldn't this be reported to [OpenConnect GUI issue tracker](https://gitlab.com/openconnect/openconnect-gui/-/issues) instead of GnuTLS? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1436#note_1193814084 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 10:18:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 09:18:21 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me; I added some minor comments but they are not a blocker. Could you rebase this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1193979931 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 10:18:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 09:18:21 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1671 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1193979865 > - "disabling KTLS: couldn't update keys\n");\ > - }\ > +static void set_ktls_keys(gnutls_session_t session, This code looks trivial enough to define as `static inline`? -- Daiki Ueno started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1193979889 > cache: {} > script: > # we want $ALPINE_BASE_BUILD without git, so we are adding it here Not sure about the reason behind this, but maybe we could pull in some of the programs in [Dockerfile](https://gitlab.com/gnutls/build-images/-/blob/0369ad541d553197d18ea5ccdb67119889399739/docker-alpine-base/Dockerfile#L7) instead of here? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 10:18:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 09:18:21 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Merge request !1671 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671 Project:Branches: jas/gnutls:jas/indent to gnutls/gnutls:master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 13:20:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 12:20:29 +0000 Subject: [gnutls-devel] GnuTLS | fipshmac: use soname instead of file name as section (!1675) In-Reply-To: References: Message-ID: Reassigned merge request 1675 https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 13:20:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 12:20:30 +0000 Subject: [gnutls-devel] GnuTLS | fipshmac: use soname instead of file name as section (!1675) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Using fipshmac program with an argument, for example: `fipshmac /usr/lib64/libgnutls.so.30.28.1` would create a section `[libgnutls.so.30.28.1]` and the internal comparison with soname would fail. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 13:20:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 12:20:49 +0000 Subject: [gnutls-devel] GnuTLS | fipshmac: use soname instead of file name as section (!1675) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 18:14:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 17:14:40 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Make packaging with gnulib easier (#9) In-Reply-To: References: Message-ID: Andreas Metzler commented: Hello, the release tarballs on https://gitlab.com/gnutls/guile/-/releases (the ones with accompanying .sig file) build without external gnulib. cu Andreas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/9#note_1194746598 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 18:28:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 17:28:26 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: additional ciphersuites (!1676) In-Reply-To: References: Message-ID: Reassigned merge request 1676 https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 Assignee changed to Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 2 18:28:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 02 Dec 2022 17:28:28 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: additional ciphersuites (!1676) References: Message-ID: Franti?ek Kren?elok created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 Branches: ktls_ciphersuites to master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Add support for additional ciphersuites #1434 Support added for the following as they are supported by GnuTLS the rest might be added in future * TLS_AES_128_CCM_SHA256 * TLS_CHACHA20_POLY1305_SHA256 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 01:14:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 00:14:49 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Merge request !1675 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 01:14:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 00:14:49 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/fipshmac.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1195015662 > - > - return EXIT_SUCCESS; > + return dl_iterate_phdr(callback, argc == 2 ? argv[1] : NULL); I have a slight portability concern on using `dl_iterate_phdr`, though the manual page says it is available on BSD and Solaris. Perhaps we could add a configure check and fallback to `GNUTLS_LIBRARY_SONAME`? That may complicate the logic here though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 01:17:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 00:17:15 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: additional ciphersuites (!1676) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676#note_1195016482 > } > + > + Are those newlines introduced by accident? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 01:17:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 00:17:15 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: additional ciphersuites (!1676) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676#note_1195016483 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 01:17:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 00:17:15 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: additional ciphersuites (!1676) In-Reply-To: References: Message-ID: Merge request !1676 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 Branches: ktls_ciphersuites to master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 07:29:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 06:29:52 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Make packaging with gnulib easier (#9) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/guile/-/issues/9#note_1195080737 Andreas Metzler @ametzler wrote > However with 3.7.10 autoreconf fails at aclocal stage with `sh: 1: build-aux/git-version-gen: not found` Which can be fixed with [0001-Fix-autoreconf-of-distributed-tarballs.patch](/uploads/0653be34266c03dafd8e473ae8932692/0001-Fix-autoreconf-of-distributed-tarballs.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/9#note_1195080737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 19:10:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 18:10:38 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: additional ciphersuites (!1676) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented on a discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676#note_1195335777 > + TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); > + memcpy(crypto_info.key, cipher_key.data, > + TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE); > + > + if (setsockopt (sockin, SOL_TLS, TLS_RX, > + &crypto_info, sizeof (crypto_info))) { > + session->internals.ktls_enabled &= ~GNUTLS_KTLS_RECV; > + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); > + } > + } > + break; > default: > assert(0); > } > + > + indeed, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676#note_1195335777 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 19:10:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 18:10:38 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: additional ciphersuites (!1676) In-Reply-To: References: Message-ID: All discussions on merge request !1676 were resolved by Franti?ek Kren?elok https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 19:10:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 18:10:57 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: additional ciphersuites (!1676) In-Reply-To: References: Message-ID: Merge request !1676 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 Branches: ktls_ciphersuites to master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 19:17:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 18:17:41 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: Support was added for the aformentioned ciphersuites in !1676: * TLS_AES_128_CCM_SHA256 * TLS_CHACHA20_POLY1305_SHA256 Support for the rest is not planned in near future as they are not curently supported by GnuTLS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434#note_1195337663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 19:52:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 18:52:44 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: Can confirm that this fixes the NBD issue and I now see: ``` libnbd: debug: nbd1: nbd_connect_uri: connection is using TLS: cipher CHACHA20-POLY1305 (256 bits) key exchange ECDHE-PSK mac AEAD (0 bits) kTLS enabled ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434#note_1195341699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 19:54:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 18:54:56 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: BTW please consider adding this to Fedora to get wider test (see also https://bugzilla.redhat.com/show_bug.cgi?id=2148442) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434#note_1195341920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 23:50:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 22:50:24 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: Invalidate session on ktls error (!1664) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1664 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1664#note_1195384220 > - }\ > + _gnutls_audit_log(session,\ > + "invalidating session: No ktls fallback mechanism\n");\ Can we consolidate this `_gnutls_audit_log` with the above one? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 3 23:50:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Dec 2022 22:50:25 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: Invalidate session on ktls error (!1664) In-Reply-To: References: Message-ID: Merge request !1664 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1664 Project:Branches: FrantisekKrenzelok/gnutls:fix/ktls_fallback to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 09:17:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 08:17:32 +0000 Subject: [gnutls-devel] GnuTLS | kTLS with TLS-PSK fails with an internal error (#1384) In-Reply-To: References: Message-ID: Daiki Ueno commented: I suppose we can close this as the cause was identified to be unsupported ciphersuites (see #1434) and that has been fixed in !1676. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1384#note_1195484855 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 09:20:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 08:20:53 +0000 Subject: [gnutls-devel] GnuTLS | tries to include on MinGW (#1382) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Nov 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 09:21:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 08:21:10 +0000 Subject: [gnutls-devel] GnuTLS | Preserve backward compatibility of FIPS .hmac file location (#1435) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Nov 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1435 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 12:59:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 11:59:49 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on devel/indent-gnutls: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1195519913 > +#!/bin/sh > + > +# Copyright (c) 2022 Simon Josefsson > +# License: GPLv3+ > + > +if ! indent --version 2> /dev/null | grep 'GNU indent' > /dev/null; then > + echo 1>&2 '$0: GNU indent is missing' > + exit 77 > +fi > + > +INDENT="indent -ppi1 -linux"; export INDENT > + > +git ls-files -z | grep -z '\.[ch]\(.in\)\?$' | grep -z -v '^./devel/' | xargs -0 -n1 `dirname $0`/indent-maybe `$0` may contain spaces, better quote. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1195519913 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 13:00:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 12:00:41 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on devel/indent-maybe: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1195520023 > +# indent-maybe lib/kx.h > +# INDENT="indent -ppi1 -linux" indent-maybe lib/kx.h > +# > +# COPYRIGHT > +# Copyright (c) 2022 Simon Josefsson > +# License: GPLv3+ > + > +INDENT=${INDENT:-indent} > +ME=$0 > + > +if ! $INDENT --version 2> /dev/null | grep 'GNU indent' > /dev/null; then > + echo 1>&2 "$ME: GNU indent is missing, consider INDENT=..." > + exit 77 > +fi > + > +for f in "$@"; do `$INDENT` and `$f` may contain spaces, better use quotes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1195520023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 13:14:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 12:14:24 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Tim R?hsen commented: I wonder if we can use a larger line size than just 80 ? Even on small screens (e.g. laptops), there is enough space for having more columns, while the vertical size is often a limiter. So we could use 100 or 120 to avoid many "weird" line breaks like ``` /* requests but does not check a client certificate */ gnutls_certificate_server_set_request(s->session, GNUTLS_CERT_REQUEST); ``` or ``` ret = gnutls_record_recv(s->session, addr, (size_t)len); ``` And/or, should we think about a tab size of 4 (`-ts4`) ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1195522093 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 13:53:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 12:53:44 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: Invalidate session on ktls error (!1664) In-Reply-To: References: Message-ID: All discussions on merge request !1664 were resolved by Franti?ek Kren?elok https://gitlab.com/gnutls/gnutls/-/merge_requests/1664 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 20:58:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 19:58:13 +0000 Subject: [gnutls-devel] GnuTLS | Why OpenConnectGUI fails to connect, when CLI does not? (#1436) In-Reply-To: References: Message-ID: juxeii commented: Issue resolved by deleting the profile in the GUI and creating a new one. Perhaps the CA has changed and an old one was used. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1436#note_1195625600 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 4 20:58:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Dec 2022 19:58:13 +0000 Subject: [gnutls-devel] GnuTLS | Why OpenConnectGUI fails to connect, when CLI does not? (#1436) In-Reply-To: References: Message-ID: Issue was closed by juxeii Issue #1436: https://gitlab.com/gnutls/gnutls/-/issues/1436 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1436 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 5 04:23:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Dec 2022 03:23:57 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/fipshmac.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1195772919 > - return EXIT_FAILURE; > - > - ret = print_lib_dl(NETTLE_LIBRARY_SONAME, "nettle_aes_set_encrypt_key"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - ret = print_lib_dl(HOGWEED_LIBRARY_SONAME, "nettle_mpz_sizeinbase_256_u"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - ret = print_lib_dl(GMP_LIBRARY_SONAME, "__gmpz_init"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - return EXIT_SUCCESS; > + return dl_iterate_phdr(callback, argc == 2 ? argv[1] : NULL); Or perhaps we could simply fail at run-time if `dl_iterate_phdr` is not found and library integrity check is mandatory (e.g., the system is in FIPS enforcing mode and `GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS` is not set). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1195772919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 5 04:26:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Dec 2022 03:26:20 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/fipshmac.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1195773632 > - return EXIT_FAILURE; > - > - ret = print_lib_dl(NETTLE_LIBRARY_SONAME, "nettle_aes_set_encrypt_key"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - ret = print_lib_dl(HOGWEED_LIBRARY_SONAME, "nettle_mpz_sizeinbase_256_u"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - ret = print_lib_dl(GMP_LIBRARY_SONAME, "__gmpz_init"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - return EXIT_SUCCESS; > + return dl_iterate_phdr(callback, argc == 2 ? argv[1] : NULL); By the way, it's also tempting to simplify `lib/fips.c` using `dl_iterate_phdr`; then we could omit the `dlopen`/`dlsym`/`dladdr` dance and soname check in configure altogether. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1195773632 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 5 22:06:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Dec 2022 21:06:18 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Make packaging with gnulib easier (#9) In-Reply-To: References: Message-ID: Jonathan Brielmaier commented on a discussion: https://gitlab.com/gnutls/guile/-/issues/9#note_1197180241 Thats what the first bullet point was about. I know that they provide those tarballs but the link to them changes with every release, which is a bit annoying: ``` https://gitlab.com/gnutls/guile/uploads/2cd9acdf9944191c55048a3b0116f5cf/guile-gnutls-3.7.10.tar.gz https://gitlab.com/gnutls/guile/uploads/b4d5cb4e4394ef8eaa56bfb0edad3c08/guile-gnutls-3.7.9.tar.gz ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/9#note_1197180241 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 6 10:58:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Dec 2022 09:58:56 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Reviewer changed from Daiki Ueno to Daiki Ueno and Stephan Mueller -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 6 14:24:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Dec 2022 13:24:43 +0000 Subject: [gnutls-devel] GnuTLS | log print mac key size error in constate.c (#1437) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1437 in file constate.c?line122, as follows,key_size shoube be client_write->mac_key_size _gnutls_hard_log("INT: CLIENT MAC KEY [%d]: %s\n", key_size, _gnutls_bin2hex(client_write->mac_key, hash_size, buf, sizeof(buf), NULL)); in file constate.c?line128, as follows,key_size shoube be server_write->mac_key_size _gnutls_hard_log("INT: SERVER MAC KEY [%d]: %s\n", key_size, _gnutls_bin2hex(server_write->mac_key, hash_size, buf, sizeof(buf), NULL)); -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1437 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 6 14:32:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Dec 2022 13:32:23 +0000 Subject: [gnutls-devel] GnuTLS | log print server write mac key size error (#1438) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1438 in file constate.c?line128, as follows,key_size shoube be server_write->mac_key_size _gnutls_hard_log("INT: SERVER MAC KEY [%d]: %s\n", key_size, _gnutls_bin2hex(server_write->mac_key, hash_size, buf, sizeof(buf), NULL)); -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1438 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 6 15:26:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Dec 2022 14:26:18 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: Invalidate session on ktls error (!1664) In-Reply-To: References: Message-ID: Merge request !1664 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1664 Project:Branches: FrantisekKrenzelok/gnutls:fix/ktls_fallback to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 6 16:09:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Dec 2022 15:09:04 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/fipshmac.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1198311762 > - return EXIT_FAILURE; > - > - ret = print_lib_dl(NETTLE_LIBRARY_SONAME, "nettle_aes_set_encrypt_key"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - ret = print_lib_dl(HOGWEED_LIBRARY_SONAME, "nettle_mpz_sizeinbase_256_u"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - ret = print_lib_dl(GMP_LIBRARY_SONAME, "__gmpz_init"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - return EXIT_SUCCESS; > + return dl_iterate_phdr(callback, argc == 2 ? argv[1] : NULL); How do we want to change the fipshmac behaviour when the function dl_iterate_phdr is not defined? Do we want to output some error message and let the program end with 0? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1198311762 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 6 16:11:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Dec 2022 15:11:24 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/fipshmac.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1198318174 > - return EXIT_FAILURE; > - > - ret = print_lib_dl(NETTLE_LIBRARY_SONAME, "nettle_aes_set_encrypt_key"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - ret = print_lib_dl(HOGWEED_LIBRARY_SONAME, "nettle_mpz_sizeinbase_256_u"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - ret = print_lib_dl(GMP_LIBRARY_SONAME, "__gmpz_init"); > - if (ret < 0) > - return EXIT_FAILURE; > - > - return EXIT_SUCCESS; > + return dl_iterate_phdr(callback, argc == 2 ? argv[1] : NULL); I changed lib/fips.c to use dl_iterate_phdr but I dont think it simplified the file too much. Also I am not sure if I have removed everything for dlopen/dlsym/dladdr from configure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1198318174 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 08:03:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 07:03:18 +0000 Subject: [gnutls-devel] GnuTLS | No security validation in ChangeCipherSpec payload (#1439) References: Message-ID: SmallTown123 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1439 When testing multiple versions of GnuTLS?3.6.12,3.6.4,3.5.18,but this seems to be common across all versions of GnuTLS?, we found that the GnuTLS server did not detect the payload of the **ChangeCipherSpec** protocol during the third handshake test of TLS1.2. Its normal payload value should be 1 (according to RFC5246). The GnuTLS server still had a normal response and did not response any Alert messages while we sent other random payload bytes. At present, this issue does not cause a direct security issue, but it is easy to cause parsing ambiguity in the communication process, and it is unknown whether it will be exploited in the future. I think the code snippet that caused the issue is located at `static int recv_handshake_final(gnutls_session_t session, int init)` function in ./lib/handshake.c. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1439 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 09:15:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 08:15:35 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leaks in tools and tests (!1672) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1672 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 09:24:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 08:24:16 +0000 Subject: [gnutls-devel] GnuTLS | kTLS with TLS-PSK fails with an internal error (#1384) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1384: https://gitlab.com/gnutls/gnutls/-/issues/1384 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 10:14:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 09:14:24 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leaks in tools and tests (!1672) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1672#note_1199336082 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 10:14:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 09:14:26 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leaks in tools and tests (!1672) In-Reply-To: References: Message-ID: Merge request !1672 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1672 Project:Branches: dueno/gnutls:wip/dueno/memleak-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1672 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 11:13:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 10:13:54 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in cli.c, screenshot shows details (#1430) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1672 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1672) Issue #1430: https://gitlab.com/gnutls/gnutls/-/issues/1430 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 11:13:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 10:13:54 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leaks in tools and tests (!1672) In-Reply-To: References: Message-ID: Merge request !1672 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1672 Project:Branches: dueno/gnutls:wip/dueno/memleak-fixes to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1672 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 11:13:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 10:13:54 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in tests/resume-with-previous-stek.c (#1433) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1672 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1672) Issue #1433: https://gitlab.com/gnutls/gnutls/-/issues/1433 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1433 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 11:40:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 10:40:31 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: All discussions on merge request !1675 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 11:57:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 10:57:55 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) In-Reply-To: References: Message-ID: Daiki Ueno commented: @xuraoqing looks like the CI started but is stuck at the bootstrap phase, with "This job is stuck because of one of the following problems. There are no active runners online, no runners for the protected branch , or no runners that match all of the job's tags: shared linux Go to project CI settings". Could you check the CI settings? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1199498675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 12:12:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 11:12:04 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: @smuellerDD could you check this change and how it influences FIPS certification? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1199523232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 17:48:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 16:48:00 +0000 Subject: [gnutls-devel] GnuTLS | certificate compression: unsolicited CompressedCertificate is accepted (#1440) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1440 I've discovered two related cases of non-compliance with RFC8879, specifically with this requirement: > The algorithm MUST be one of the algorithms listed in the peer's compress_certificate extension. Both have been discovered with my yet currently WIP [tlslite](https://github.com/tlsfuzzer/tlslite-ng/pull/484)/[tlsfuzzer](https://github.com/tlsfuzzer/tlsfuzzer/pull/802) merge requests. Case 1: Consider a GnuTLS server compiled with certificate compression, but **without any certificate compression** enabled in runtime. Receiving a CompressedCertificate in reply to CertificateRequest **despite not sending a compress_certificate extension** beforehand leads to decompressing and validating the certificate. An appropriate alert for this case would be unexpected_message. Case 2: Consider a GnuTLS server compiled with a certificate compression, with **some, but not all certificate compression algorithms** enabled in runtime. Receiving a CompressedCertificate in reply to CertificateRequest **using a not-enabled compression algorithm** leads to decompressing and validating the certificate. An appropriate alert for this case would be illegal_parameter. Both should be addressed by adding the following checks as the peer's CompressedCertificate is about to be decompressed: 1. compress_certificate extension has indeed been received 2. the specific algorithm selected by the peer has been negotiated beforehand I anticipate that symmetric issues might also be in place for clients decompressing unsolicited server certificates. CC @ZoltanFridrich, @dueno. Invocation I've used for 1: ``` $ gnutls-serv --x509certfile ~/.certs/server/cert.pem --x509keyfile ~/.certs/server/key.pem --x509cafile ~/.certs/ca/cert.pem --port 4433 -d9 --verify-client-cert & $ scripts/test-tls13-certificate-nocompression-verify.py -c ~/.certs/client/cert.pem -k ~/.certs/client/key.pem -E "signature_algorithms status_request 47" --algorithms zstd,zlib,brotli' ... brotli-compressed certificate aborts ... Error encountered while processing node ExpectAlert(level=2, description=10) (child: None) with last message being: None ``` Invocation I've used for 2: ``` $ gnutls-serv --x509certfile ~/.certs/server/cert.pem --x509keyfile ~/.certs/server/key.pem --x509cafile ~/.certs/ca/cert.pem --port 4433 -d9 --compress-cert zstd --compress-cert zlib --verify-client-cert & scripts/ $ test-tls13-certificate-compression-verify.py -c ~/.certs/client/cert.pem -k ~/.certs/client/key.pem -E "signature_algorithms status_request 47" --algorithms zstd,zlib --disabled brotli ... brotli client cert rejected ... Error encountered while processing node ExpectAlert(level=2, description=47) (child: None) with last message being: None ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1440 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 21:06:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 20:06:31 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Make packaging with gnulib easier (#9) In-Reply-To: References: Message-ID: Simon Josefsson commented: The git-version-gen problem is fixed now. @jonsger, was there any other problem that you ran into? What do you think about using https://ftp.gnu.org/gnu/gnutls/ for guile-gnutls tarballs in the future? Regarding using distro-gnulib, that is not safe in general since guile-gnutls is only tested against specific versions of gnulib, but if you really want to I believe ./bootstrap --gnulib-srcdir=/foo/bar should work if the distribution distributes gnulib's as it is intended (i.e. a copy of the git repo) but supporting gnulib files spread out over the file system is not a supported method. Btw, what do you hope to achieve by running autoreconf in a tarball? Running autoreconf is not a documented way to re-bootstrap this (or any other) project from source, and running it is likely to lead to other unwanted problems, depending on what you hope to achieve. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/9#note_1200378181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 21:07:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 20:07:48 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Make packaging with gnulib easier (#9) In-Reply-To: References: Message-ID: Issue was closed by Simon Josefsson via commit afbdaaa6c7f95cf04ee9768b00206b3660490596 Issue #9: https://gitlab.com/gnutls/guile/-/issues/9 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 22:29:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 21:29:46 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Make packaging with gnulib easier (#9) In-Reply-To: References: Message-ID: Jonathan Brielmaier commented: I think having those "pre-built" tarballs on the ftp server should be sufficient :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/9#note_1200520697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 7 22:33:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Dec 2022 21:33:15 +0000 Subject: [gnutls-devel] Guile-GnuTLS | New release: Guile-GnuTLS 3.7.11 - v3.7.11 Message-ID: A new Release v3.7.11 for Guile-GnuTLS was published. Visit the Releases page to read more about it: https://gitlab.com/gnutls/guile/-/releases Assets: - Download zip: https://gitlab.com/gnutls/guile/-/archive/v3.7.11/guile-v3.7.11.zip - Download tar.gz: https://gitlab.com/gnutls/guile/-/archive/v3.7.11/guile-v3.7.11.tar.gz - Download tar.bz2: https://gitlab.com/gnutls/guile/-/archive/v3.7.11/guile-v3.7.11.tar.bz2 - Download tar: https://gitlab.com/gnutls/guile/-/archive/v3.7.11/guile-v3.7.11.tar Release notes: https://gitlab.com/gnutls/guile/-/blob/v3.7.11/NEWS [guile-gnutls-3.7.11.tar.gz](/uploads/56e18069ab63ca67d61aecb6b2697ec1/guile-gnutls-3.7.11.tar.gz) [guile-gnutls-3.7.11.tar.gz.sig](/uploads/efc7571bf9519d583036509bec06c668/guile-gnutls-3.7.11.tar.gz.sig) -- View it on GitLab: https://gitlab.com/gnutls/guile/-/releases You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 03:58:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 02:58:00 +0000 Subject: [gnutls-devel] GnuTLS | record: enable check on CCS content also in TLS 1.2 (!1677) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677 Project:Branches: dueno/gnutls:wip/dueno/ccs-value to gnutls/gnutls:master Author: Daiki Ueno Previously, the content of Change Cipher Spec message was only checked when TLS 1.3 is negotiated, while it should also be checked in earlier TLS versions. Fixes: #1439 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 03:59:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 02:59:02 +0000 Subject: [gnutls-devel] GnuTLS | No security validation in ChangeCipherSpec payload (#1439) In-Reply-To: References: Message-ID: Daiki Ueno commented: Yes, we have added a check for this in TLS 1.3, but not for the earlier versions. !1677 should fix it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1439#note_1200692170 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 08:05:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 07:05:12 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Make packaging with gnulib easier (#9) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/guile/-/issues/9#note_1200834502 Yes, that is great. I failed to build a debian watchfile for the signed tarballs on gitlab since they are hidden behind a wall of javascript. Thanks for fixing this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/9#note_1200834502 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 09:19:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 08:19:36 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) In-Reply-To: References: Message-ID: xuraoqing commented: i setup and have Available specific runners(docker and shell),but always occur errors. Cleaning up project directory and file based variables ERROR: Job failed (system failure): Error response from daemon: OCI runtime create failed: container_linux.go:318: starting container process caused "chdir to cwd (\"/builds/common\") set in config.json failed: no such file or directory": unknown (exec.go:78:1s) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1200964702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 12:03:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 11:03:39 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Reassigned merge request 1678 https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 12:03:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 11:03:40 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #1440 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 12:43:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 11:43:50 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Reviewer changed to Alexander Sosedkin and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 12:44:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 11:44:09 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Reviewer changed from Alexander Sosedkin and Zolt?n Fridrich to Daiki Ueno and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 12:52:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 11:52:27 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1201521997 i create docker use apline image ,now it display like this. is it successed? ![image](/uploads/e060c9afcb11e697e09b57eded965239/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1201521997 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:04:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:04:27 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201537141 > } > } > > +/* Returns 1 if the method is set as supported compression method for the session, > + * returns 0 otherwise > + */ > +int > +_gnutls_compress_certificate_is_method_enabled(gnutls_session_t session, > + gnutls_compression_method_t method) > +{ > + int ret; > + unsigned i; > + compress_certificate_ext_st *priv; > + gnutls_ext_priv_data_t epriv; > + > + ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE, &epriv); Shouldn't server check CertificateRequest? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201537141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:09:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:09:27 +0000 Subject: [gnutls-devel] GnuTLS | Forbid unsolicited CompressedCertificate message (c48645a3) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Alert is decode_error for some reason, not unexpected_message. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/c48645a39766472826cbce67440fde83a8781a68#note_1201544125 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:10:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:10:57 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201546032 > return gnutls_assert_val(ret); > comp_method = _gnutls_compress_certificate_num2method(method_num); > > + if (!_gnutls_compress_certificate_is_method_enabled(session, comp_method)) > + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); leads to outer function sending bad_certificate -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201546032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:12:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:12:06 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201548697 > } > } > > +/* Returns 1 if the method is set as supported compression method for the session, > + * returns 0 otherwise > + */ > +int > +_gnutls_compress_certificate_is_method_enabled(gnutls_session_t session, > + gnutls_compression_method_t method) > +{ > + int ret; > + unsigned i; > + compress_certificate_ext_st *priv; > + gnutls_ext_priv_data_t epriv; > + > + ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE, &epriv); I don't get why you are asking this question. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201548697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:22:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:22:04 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201568880 > } > } > > +/* Returns 1 if the method is set as supported compression method for the session, > + * returns 0 otherwise > + */ > +int > +_gnutls_compress_certificate_is_method_enabled(gnutls_session_t session, > + gnutls_compression_method_t method) > +{ > + int ret; > + unsigned i; > + compress_certificate_ext_st *priv; > + gnutls_ext_priv_data_t epriv; > + > + ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE, &epriv); `_hello_` in function name led me to think it inspects ClientHello/ServerHello. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201568880 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:22:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:22:13 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201569159 > return gnutls_assert_val(ret); > comp_method = _gnutls_compress_certificate_num2method(method_num); > > + if (!_gnutls_compress_certificate_is_method_enabled(session, comp_method)) > + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); fixed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201569159 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:22:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:22:47 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: All discussions on merge request !1678 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:26:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:26:23 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201577849 > return gnutls_assert_val(ret); > comp_method = _gnutls_compress_certificate_num2method(method_num); > > + if (!_gnutls_compress_certificate_is_method_enabled(session, comp_method)) > + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); now other cases like uncompressed_length mismatch are sending decompression_failure -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201577849 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:27:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:27:53 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: e2443b0a, no compression, unsolicited CompressedCertificate sent to server results in decode_error instead of unexpected_message -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201580993 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 13:34:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 12:34:39 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201592308 > return gnutls_assert_val(ret); > comp_method = _gnutls_compress_certificate_num2method(method_num); > > + if (!_gnutls_compress_certificate_is_method_enabled(session, comp_method)) > + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); On uncompressed_length mismatch the bad_certificate alert is sent. I fail to see the problem here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201592308 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 8 14:37:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Dec 2022 13:37:28 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201675087 > return gnutls_assert_val(ret); > comp_method = _gnutls_compress_certificate_num2method(method_num); > > + if (!_gnutls_compress_certificate_is_method_enabled(session, comp_method)) > + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); e2443b0a96, uncompressed_length mismatch, I get decompression_failure now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1201675087 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 9 02:07:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 09 Dec 2022 01:07:10 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1202533881 IIUC, before the change: 1. the libraries with known SONAMEs are `dlopen`'ed 2. the existence of some specific symbols in the library is checked with `dlsym` 3. HMACs are checked for the files pointed by `dli_fname` after `dladdr` After the change: 1. the loaded libraries are enumerated with `dl_iterate_phdr` 2. for each library, check the last component of `dlpi_name` matches known any of known SONAMEs 3. if matches, HMAC is checked for the file pointed by `dlpi_name` Afaik the first steps are equivalent (i.e., `dlopen` doesn't try to load libs if they are already loaded). The questions are: - Can we safely omit checking of the existence of function symbols? - Can we assume `dlpi_name` is always constructed so it points to the actual file path, ending with the SONAME? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1202533881 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 9 08:49:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 09 Dec 2022 07:49:33 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1202791471 > + * returns 0 otherwise > + */ > +int Let's use `bool` for internal functions. -- Daiki Ueno started a new discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1202791481 > if (ret < 0) { > gnutls_assert(); > gnutls_alert_send(session, GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE); I think you can simply return `ret` instead of manually sending a specific alert. Then the error is mapped with `gnutls_error_to_alert` and an alert will be sent accordingly. -- Daiki Ueno started a new discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1202791485 > > + /* Indicates whether certificate compression has been requested */ > + bool compress_certificate_req_sent; I would use `session->internals.hsk_flags` instead of introducing a new field (so we don't need to care about its cleanup). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 10 00:46:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 09 Dec 2022 23:46:26 +0000 Subject: [gnutls-devel] GnuTLS | log print client write mac key size error (#1437) In-Reply-To: References: Message-ID: Daiki Ueno commented: That makes sense; thanks for reporting it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1437#note_1203921690 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 12 06:25:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Dec 2022 05:25:50 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Daiki Ueno commented: @jas can we expect this to be completed soon? I think this is blocking the 3.8 release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1204604643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 12 06:29:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Dec 2022 05:29:44 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1204610762 I'm a bit worried that using a custom tab-stop-list might confuse some code renderers, in particular on the Web. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1204610762 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 12 06:32:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Dec 2022 05:32:23 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) In-Reply-To: References: Message-ID: Daiki Ueno commented: That looks strange; maybe we could ask on the GitLab [Forum](https://forum.gitlab.com/) to get help with that. Meanwhile, I can cherry pick your commit and create an MR; is it ok for you? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1204615944 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 12 09:22:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Dec 2022 08:22:19 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1204786041 Ok,Thank you! * 2a794aa7 - fix get credential type with key exchange algorithm fail issue #1428 * 5c0c073e - fix log print client write mac key size error issue #1437 * 0c38767b - fix log print server write mac key size error issue #1438 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1204786041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 12 11:43:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Dec 2022 10:43:37 +0000 Subject: [gnutls-devel] GnuTLS | stack buffer overflow in tests/slow/cipher-api-test.c (#1432) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1432#note_1205199519 in test_aead_cipher3 expand ptext length to 128 + 32, stack overflow disappeared?Does that make sense? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1432#note_1205199519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 12 16:48:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Dec 2022 15:48:18 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) In-Reply-To: References: Message-ID: Simon Josefsson commented: Hi. This week is really busy for me -- will only have time from next monday. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671#note_1205868611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 13 19:26:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 13 Dec 2022 18:26:50 +0000 Subject: [gnutls-devel] GnuTLS | Missing DLLs in windows binaries (#1441) References: Message-ID: Roukanken created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1441 ## Description of problem: `certtool.exe` in latest distribution of Windows binaries is unable to start due to missing dlls. ## Version of gnutls used: 3.7.8, 3.7.5 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) w64 binaries from gnupg.org ## How reproducible: Launch `certtool.exe` ## Actual results: Two pop-ups report missing dlls `libbrotlienc.dll` and `libbrotlidec.dll` ## Expected results: Prints short help and exits successfully Version 3.6.0 seems to work at first glance -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1441 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 14 05:52:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Dec 2022 04:52:32 +0000 Subject: [gnutls-devel] GnuTLS | Missing DLLs in windows binaries (#1441) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the report. I guess we should update [.mingw/archive](https://gitlab.com/gnutls/gnutls/-/blob/2b6b6f69c24b49131201925d86845f78c490aac5/.gitlab-ci.yml#L817) in .gitlab-ci.yml to also copy those DLLs. Meanwhile, you could download them from https://koji.fedoraproject.org/koji/buildinfo?buildID=1889052 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1441#note_1208490228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 14 10:03:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Dec 2022 09:03:20 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Stephan Mueller commented: With FIPS hat on: no comments, changes are in line with requirements With developer hat on: I would replace strcmp with strncmp. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1208686783 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 14 11:10:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Dec 2022 10:10:14 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: All discussions on merge request !1675 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 14 11:10:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Dec 2022 10:10:54 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1208823060 Thank you for your review. I think in this case strcmp is perfectly fine to use as macros like GNUTLS_LIBRARY_SONAME are always NULL terminated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1208823060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 14 12:29:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Dec 2022 11:29:55 +0000 Subject: [gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675) In-Reply-To: References: Message-ID: Merge request !1675 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: Daiki Ueno and Stephan Mueller -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 14 16:55:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 14 Dec 2022 15:55:32 +0000 Subject: [gnutls-devel] GnuTLS | srp: provide stubs of public functions even if SRP is disabled (!1679) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 Project:Branches: dueno/gnutls:wip/dueno/stubs to gnutls/gnutls:master Author: Daiki Ueno This adds stub definitions of public SRP functions even if SRP is disabled with `--disable-srp-authentication`, so not preserve the ABI. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 15 02:06:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Dec 2022 01:06:27 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1209987380 @createyourpersonalaccount I think you could rebase on !1679, once it gets merged. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1209987380 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 15 02:06:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Dec 2022 01:06:47 +0000 Subject: [gnutls-devel] GnuTLS | srp: provide stubs of public functions even if SRP is disabled (!1679) In-Reply-To: References: Message-ID: Reassigned merge request 1679 https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 15 02:07:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Dec 2022 01:07:06 +0000 Subject: [gnutls-devel] GnuTLS | srp: provide stubs of public functions even if SRP is disabled (!1679) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 15 02:29:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Dec 2022 01:29:19 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: xuraoqing commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1209997496 hello,I'm going to devote more energy to contributing to the community. Check whether this method is feasible for subsequent merge. I don't have a credit card and don't know how to deal with the account problem. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1209997496 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 15 08:45:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Dec 2022 07:45:22 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1210243215 Looking at the error: > This job is stuck because of one of the following problems. There are no active runners online, **no runners for the protected branch**, or no runners that match all of the job's tags: shared linux and from the fact that this MR is filed on top of the `master` branch of your fork (that is usually protected), perhaps you could try creating a separate branch and file a new MR from there? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1210243215 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 15 10:18:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Dec 2022 09:18:33 +0000 Subject: [gnutls-devel] GnuTLS | fix memory leak when process client ecdh key exchange (#1442) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1442 memory leak when return from exception in lib/auth/ecdhe.c:_gnutls_proc_ecdh_common_client_kx -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1442 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 15 20:13:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Dec 2022 19:13:33 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1211258078 @dueno Okay, I will start working on the rebase when it gets merged. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1211258078 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 16 09:40:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Dec 2022 08:40:49 +0000 Subject: [gnutls-devel] GnuTLS | srp: provide stubs of public functions even if SRP is disabled (!1679) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Havent found anything wrong with the MR. LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679#note_1211955104 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 16 09:40:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Dec 2022 08:40:55 +0000 Subject: [gnutls-devel] GnuTLS | srp: provide stubs of public functions even if SRP is disabled (!1679) In-Reply-To: References: Message-ID: Merge request !1679 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 Project:Branches: dueno/gnutls:wip/dueno/stubs to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 16 10:06:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Dec 2022 09:06:48 +0000 Subject: [gnutls-devel] GnuTLS | srp: provide stubs of public functions even if SRP is disabled (!1679) In-Reply-To: References: Message-ID: Merge request !1679 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 Project:Branches: dueno/gnutls:wip/dueno/stubs to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 16 18:46:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Dec 2022 17:46:33 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Added new interoperability tests (!1680) References: Message-ID: Peter Leitmann created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code Note: @ep69, please review this MR -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 17 07:47:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 17 Dec 2022 06:47:51 +0000 Subject: [gnutls-devel] GnuTLS | build: disable SRP authentication by default (!1681) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 Project:Branches: dueno/gnutls:wip/dueno/disable-srp to gnutls/gnutls:master Author: Daiki Ueno SRP authentication in TLS is not up to date with the latest TLS standards and its ciphersuites are based on the CBC mode and SHA-1. This makes the feature disabled by default at compile time, though the users are still be able to enable it with --enable-srp-authentication configure option. Fixes: #943 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 17 07:57:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 17 Dec 2022 06:57:21 +0000 Subject: [gnutls-devel] GnuTLS | build: disable TLS heartbeat extension by default (!1682) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 Project:Branches: dueno/gnutls:wip/dueno/disable-heartbeat to gnutls/gnutls:master Author: Daiki Ueno The heartbeat extension in TLS (RFC 6520) is not widely used given other implementations dropped support for it. This makes it disabled by default, though the users are able to enable it back with the --enable-heartbeat-support configure option. Fixes: #743 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 17 07:58:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 17 Dec 2022 06:58:52 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213253411 It has been merged now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213253411 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 17 08:08:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 17 Dec 2022 07:08:18 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/auth/ecdhe.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1213254707 > + goto cleanup_all; > + } > > /* generate pre-shared key */ > ret = calc_ecdh_key(session, psk_key, ecurve); > if (ret < 0) { > gnutls_assert(); > - goto cleanup; > + goto cleanup_all; > } > - > + cleanup_all: > + _gnutls_mpi_release(&session->key.proto.tls12.ecdh.x); > + _gnutls_mpi_release(&session->key.proto.tls12.ecdh.y); > + _gnutls_free_datum(&session->key.proto.tls12.ecdh.raw); > cleanup: I wouldn't introduce the additional label (`cleanup_all`), as both `_gnutls_mpi_release` and `_gnutls_free_datum` safely handle NULL (like `free`), though we would be sure these fields (`ecdh.x`, `ecdh.y`, and `ecdh.raw`) are NULL initialized at the beginning of this function. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1213254707 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 17 08:08:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 17 Dec 2022 07:08:25 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: Merge request !1670 was unapproved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 17 08:58:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 17 Dec 2022 07:58:25 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213261187 @dueno Thanks, I will work on it tomorrow. Shouldn't take too long. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213261187 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 17 23:54:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 17 Dec 2022 22:54:28 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213648453 @dueno Does C++ GnuTLS move to header-only or do you still want a way to produce a static C++ library as an option? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213648453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 18 00:29:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 17 Dec 2022 23:29:43 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes (!1683) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683 Project:Branches: dueno/gnutls:wip/dueno/c99 to gnutls/gnutls:master Author: Daiki Ueno This fixes a couple of issues when building with GCC 12: one is to suppress strict-prototypes warnings with `int main()` in tests, the other is to avoid a GCC analyzer warning on a function call that takes both pointer and element count. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 18 01:36:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Dec 2022 00:36:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213672163 I would say it still makes sense to produce a (shared) C++ library for backward ABI (not API) compatibility, though we would expect newly compile applications to use the header-only version and do not link to the C++ library. Currently we have `#ifdef GNUTLS_GNUTLSXX_HEADERONLY`, but maybe we could turn it into `#ifndef GNUTLS_GNUTLSXX_NO_HEADERONLY`, so by default the header-only version will be used (there might be other ways to do so, e.g., through a dedicated namespace, but I'm not an C++ expert :-). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213672163 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 18 04:31:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Dec 2022 03:31:01 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213696028 @dueno Then what is `ENABLE_CXX` for? Does it make sense to have it anymore? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213696028 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 18 10:38:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Dec 2022 09:38:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213737761 I think it makes sense to keep it for now; `ENABLE_CXX` is an Automake [conditional](https://www.gnu.org/software/automake/manual/html_node/Usage-of-Conditionals.html), which controls how GnuTLS is built (reflecting `--disable-cxx` or `--enable-cxx` configure option), while `GNUTLS_GNUTLSXX_HEADERONLY` (or `GNUTLS_GNUTLSXX_NO_HEADERONLY`) is a user-facing C processor macro. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213737761 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 00:53:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Dec 2022 23:53:27 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213909368 @dueno Okay thanks for clarifying. I force-pushed a single commit, see the commit message for details. In my previous commits 4 months ago I included some clean-up related to openpgp and to rsa deprecated functions, but now I decided to make new PRs for these clean-ups. When is 3.8.0 planned for? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213909368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 02:18:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 01:18:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213927790 Thank you; I just tried (with and without `--disable-cxx`) and it works nicely. I guess you could also omit linking to `libgnutlsxx.la` in a couple of places (`tests/Makefile.am` and `doc/examples/Makefile.am`). > When is 3.8.0 planned for? It was originally planned for mid-November, but I guess it will be unlikely to happen until mid-January, as people are on holidays. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1213927790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 06:40:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 05:40:34 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1214020737 @dueno I removed the linking of `libgnutlsxx.la` in those places. I also made a mistake: the compiler won't produce a shared library from a header file. I included a dummy `libgnutlsxx.cpp` that merely includes the header, for the purpose of producing the library. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1214020737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 07:24:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 06:24:01 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: xuraoqing commented on a discussion on lib/auth/ecdhe.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1214041850 > + goto cleanup_all; > + } > > /* generate pre-shared key */ > ret = calc_ecdh_key(session, psk_key, ecurve); > if (ret < 0) { > gnutls_assert(); > - goto cleanup; > + goto cleanup_all; > } > - > + cleanup_all: > + _gnutls_mpi_release(&session->key.proto.tls12.ecdh.x); > + _gnutls_mpi_release(&session->key.proto.tls12.ecdh.y); > + _gnutls_free_datum(&session->key.proto.tls12.ecdh.raw); > cleanup: yeah,you are right. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1214041850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 08:18:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 07:18:38 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes (!1683) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 09:03:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 08:03:10 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes (!1683) In-Reply-To: References: Message-ID: Merge request !1683 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683 Project:Branches: dueno/gnutls:wip/dueno/c99 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 09:03:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 08:03:21 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes (!1683) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Not much to review here. Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683#note_1214115348 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 09:24:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 08:24:34 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes (!1683) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683#note_1214145730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 09:24:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 08:24:40 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes (!1683) In-Reply-To: References: Message-ID: Merge request !1683 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683 Project:Branches: dueno/gnutls:wip/dueno/c99 to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 09:25:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 08:25:52 +0000 Subject: [gnutls-devel] GnuTLS | build: disable TLS heartbeat extension by default (!1682) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 09:41:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 08:41:08 +0000 Subject: [gnutls-devel] GnuTLS | build: disable TLS heartbeat extension by default (!1682) In-Reply-To: References: Message-ID: Merge request !1682 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 Project:Branches: dueno/gnutls:wip/dueno/disable-heartbeat to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 09:41:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 08:41:23 +0000 Subject: [gnutls-devel] GnuTLS | build: disable TLS heartbeat extension by default (!1682) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682#note_1214168209 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 09:42:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 08:42:02 +0000 Subject: [gnutls-devel] GnuTLS | build: disable TLS heartbeat extension by default (!1682) In-Reply-To: References: Message-ID: Merge request !1682 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 Project:Branches: dueno/gnutls:wip/dueno/disable-heartbeat to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 13:12:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 12:12:49 +0000 Subject: [gnutls-devel] GnuTLS | build: disable SRP authentication by default (!1681) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 13:13:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 12:13:34 +0000 Subject: [gnutls-devel] GnuTLS | build: disable SRP authentication by default (!1681) In-Reply-To: References: Message-ID: Daiki Ueno commented: This needs to be rebased on top of master once !1682 is merged, to avoid merge conflicts. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681#note_1214498352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 14:39:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 13:39:13 +0000 Subject: [gnutls-devel] GnuTLS | build: disable TLS heartbeat extension by default (!1682) In-Reply-To: References: Message-ID: Merge request !1682 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 Project:Branches: dueno/gnutls:wip/dueno/disable-heartbeat to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 19 16:32:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 15:32:17 +0000 Subject: [gnutls-devel] GnuTLS | Added new interoperability tests (!1680) In-Reply-To: References: Message-ID: Peter Leitmann marked merge request !1680 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 00:40:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 23:40:02 +0000 Subject: [gnutls-devel] GnuTLS | Added new interoperability tests (!1680) In-Reply-To: References: Message-ID: Merge request !1680 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 00:41:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Dec 2022 23:41:39 +0000 Subject: [gnutls-devel] GnuTLS | Added new interoperability tests (!1680) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me, but let's get a second opinion from @ep69 before merging it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680#note_1215411463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 03:52:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 02:52:12 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: xuraoqing commented on a discussion on lib/auth/ecdhe.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1215490661 > + goto cleanup_all; > + } > > /* generate pre-shared key */ > ret = calc_ecdh_key(session, psk_key, ecurve); > if (ret < 0) { > gnutls_assert(); > - goto cleanup; > + goto cleanup_all; > } > - > + cleanup_all: > + _gnutls_mpi_release(&session->key.proto.tls12.ecdh.x); > + _gnutls_mpi_release(&session->key.proto.tls12.ecdh.y); > + _gnutls_free_datum(&session->key.proto.tls12.ecdh.raw); > cleanup: now all tests passed?anything else I need to do? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1215490661 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 04:17:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 03:17:25 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: Merge request !1670 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 04:17:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 03:17:35 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1215504787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 04:18:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 03:18:02 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: All discussions on merge request !1670 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 04:18:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 03:18:14 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_fix_obtain_credential_type_b?= =?utf-8?q?ased_on_the_key_exchange_type_fail=EF=BC=9Bfix_log_print_key_ma?= =?utf-8?q?c_size_error_=28!1670=29?= In-Reply-To: References: Message-ID: Merge request !1670 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 06:40:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 05:40:45 +0000 Subject: [gnutls-devel] GnuTLS | Added new interoperability tests (!1680) In-Reply-To: References: Message-ID: Stanislav ?idek commented: @dueno Thanks for review, Daiki, I was helping Peter with this MR ;). Meaning, r+ from me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680#note_1215614561 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 06:41:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 05:41:04 +0000 Subject: [gnutls-devel] GnuTLS | Added new interoperability tests (!1680) In-Reply-To: References: Message-ID: Merge request !1680 was approved by Stanislav ?idek Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:15:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:15:47 +0000 Subject: [gnutls-devel] GnuTLS | Added new interoperability tests (!1680) In-Reply-To: References: Message-ID: Merge request !1680 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1680 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:26:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:26:39 +0000 Subject: [gnutls-devel] GnuTLS | Preserve backward compatibility of FIPS .hmac file location (#1435) In-Reply-To: References: Message-ID: Reassigned Issue 1435 https://gitlab.com/gnutls/gnutls/-/issues/1435 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1435 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:26:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:26:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.7.8 tarball has almost empty AUTHORS file (#1409) In-Reply-To: References: Message-ID: Reassigned Issue 1409 https://gitlab.com/gnutls/gnutls/-/issues/1409 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1409 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:27:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:27:15 +0000 Subject: [gnutls-devel] GnuTLS | tries to include on MinGW (#1382) In-Reply-To: References: Message-ID: Reassigned Issue 1382 https://gitlab.com/gnutls/gnutls/-/issues/1382 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:27:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:27:44 +0000 Subject: [gnutls-devel] GnuTLS | get credential type with key exchange algotithm, no break when get it (#1428) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1428 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:27:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:27:54 +0000 Subject: [gnutls-devel] GnuTLS | get credential type with key exchange algotithm, no break when get it (#1428) In-Reply-To: References: Message-ID: Reassigned Issue 1428 https://gitlab.com/gnutls/gnutls/-/issues/1428 Assignee changed to xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1428 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:28:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:28:32 +0000 Subject: [gnutls-devel] GnuTLS | get credential type with key exchange algotithm, no break when get it (#1428) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1428: https://gitlab.com/gnutls/gnutls/-/issues/1428 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1428 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:28:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:28:32 +0000 Subject: [gnutls-devel] GnuTLS | get credential type with key exchange algotithm, no break when get it (#1428) In-Reply-To: References: Message-ID: Daiki Ueno commented: Should be fixed with !1670. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1428#note_1215638693 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:28:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:28:49 +0000 Subject: [gnutls-devel] GnuTLS | log print client write mac key size error (#1437) In-Reply-To: References: Message-ID: Reassigned Issue 1437 https://gitlab.com/gnutls/gnutls/-/issues/1437 Assignee changed to xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1437 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:28:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:28:53 +0000 Subject: [gnutls-devel] GnuTLS | log print client write mac key size error (#1437) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1437 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:29:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:29:05 +0000 Subject: [gnutls-devel] GnuTLS | log print client write mac key size error (#1437) In-Reply-To: References: Message-ID: Daiki Ueno commented: Should be fixed with !1670. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1437#note_1215639057 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:29:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:29:06 +0000 Subject: [gnutls-devel] GnuTLS | log print client write mac key size error (#1437) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1437: https://gitlab.com/gnutls/gnutls/-/issues/1437 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1437 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:29:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:29:42 +0000 Subject: [gnutls-devel] GnuTLS | log print server write mac key size error (#1438) In-Reply-To: References: Message-ID: Reassigned Issue 1438 https://gitlab.com/gnutls/gnutls/-/issues/1438 Assignee changed to xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1438 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:29:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:29:44 +0000 Subject: [gnutls-devel] GnuTLS | log print server write mac key size error (#1438) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1438 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:29:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:29:56 +0000 Subject: [gnutls-devel] GnuTLS | log print server write mac key size error (#1438) In-Reply-To: References: Message-ID: Daiki Ueno commented: Should be fixed with !1670. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1438#note_1215639542 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:29:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:29:56 +0000 Subject: [gnutls-devel] GnuTLS | log print server write mac key size error (#1438) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1438: https://gitlab.com/gnutls/gnutls/-/issues/1438 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1438 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:30:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:30:18 +0000 Subject: [gnutls-devel] GnuTLS | memory leak when process client ecdh key exchange (#1442) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1442 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:30:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:30:13 +0000 Subject: [gnutls-devel] GnuTLS | memory leak when process client ecdh key exchange (#1442) In-Reply-To: References: Message-ID: Reassigned Issue 1442 https://gitlab.com/gnutls/gnutls/-/issues/1442 Assignee changed to xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1442 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:30:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:30:38 +0000 Subject: [gnutls-devel] GnuTLS | memory leak when process client ecdh key exchange (#1442) In-Reply-To: References: Message-ID: Daiki Ueno commented: Should be fixed with !1670. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1442#note_1215639941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:31:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:31:02 +0000 Subject: [gnutls-devel] GnuTLS | memory leak when process client ecdh key exchange (#1442) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1442: https://gitlab.com/gnutls/gnutls/-/issues/1442 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1442 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 07:33:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 06:33:32 +0000 Subject: [gnutls-devel] GnuTLS | Add basic tlsv1-2 test into .gitlab-ci and update tls-interoperability submodule commit (!1656) In-Reply-To: References: Message-ID: Daiki Ueno commented: @not4pedro can this be closed in favor of !1680? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1656#note_1215641744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 09:16:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 08:16:28 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Add basic tlsv1-2 test into .gitlab-ci and update tls-interoperability submodule commit (!1656) In-Reply-To: References: Message-ID: Peter Leitmann marked merge request !1656 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1656 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 09:17:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 08:17:31 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Add basic tlsv1-2 test into .gitlab-ci and update tls-interoperability submodule commit (!1656) In-Reply-To: References: Message-ID: Peter Leitmann commented: Hi @dueno, I definitely have to look at this one. This cannot be merged right now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1656#note_1215744373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 09:20:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 08:20:18 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Add basic tlsv1-2 test into .gitlab-ci and update tls-interoperability submodule commit (!1656) In-Reply-To: References: Message-ID: Merge request !1656 was closed by Peter Leitmann Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1656 Project:Branches: not4pedro/gnutls:tlsv1-2-tags to gnutls/gnutls:master Author: Peter Leitmann Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1656 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 09:20:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 08:20:18 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Add basic tlsv1-2 test into .gitlab-ci and update tls-interoperability submodule commit (!1656) In-Reply-To: References: Message-ID: Peter Leitmann commented: I'm closing this merge in favor of !1680 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1656#note_1215747328 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 12:02:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 11:02:53 +0000 Subject: [gnutls-devel] GnuTLS | build: disable SRP authentication by default (!1681) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: I dont see any problem with the changes. Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681#note_1216029683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 12:02:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 11:02:56 +0000 Subject: [gnutls-devel] GnuTLS | build: disable SRP authentication by default (!1681) In-Reply-To: References: Message-ID: Merge request !1681 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 Project:Branches: dueno/gnutls:wip/dueno/disable-srp to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 12:13:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 11:13:50 +0000 Subject: [gnutls-devel] GnuTLS | build: disable SRP authentication by default (!1681) In-Reply-To: References: Message-ID: Merge request !1681 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 Project:Branches: dueno/gnutls:wip/dueno/disable-srp to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 15:07:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 14:07:39 +0000 Subject: [gnutls-devel] GnuTLS | Remove SRP support (#943) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1681 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1681) Issue #943: https://gitlab.com/gnutls/gnutls/-/issues/943 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 15:07:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 14:07:38 +0000 Subject: [gnutls-devel] GnuTLS | build: disable SRP authentication by default (!1681) In-Reply-To: References: Message-ID: Merge request !1681 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 Project:Branches: dueno/gnutls:wip/dueno/disable-srp to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 21:00:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 20:00:00 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1216742379 > return gnutls_assert_val(ret); > comp_method = _gnutls_compress_certificate_num2method(method_num); > > + if (!_gnutls_compress_certificate_is_method_enabled(session, comp_method)) > + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); Looks resolved by d78beb5d -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1216742379 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 20 21:09:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Dec 2022 20:09:56 +0000 Subject: [gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: as of d78beb5d it looks much better. Unsolicited compressed certs result in alerts, and I think now it's just the alerts that might need tweaking: * No compression algorithms enabled, sending compressed certificates results in "decode error", I've expected "unexpected_message" (based on my interpretation of the generic rule of https://datatracker.ietf.org/doc/html/rfc8446#section-4). * Some compression algorithms enabled, sending certificates compressed with an unsupported algorithm results in "illegal_parameter", I've expected "bad_certificate" (not super confident about that one. I've based my understanding on https://datatracker.ietf.org/doc/html/rfc8879#section-4-7, will happily stand corrected if there's some other rule applicable here). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1216750210 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 01:06:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 00:06:00 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 01:06:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 00:06:58 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1434: https://gitlab.com/gnutls/gnutls/-/issues/1434 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 01:06:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 00:06:57 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) In-Reply-To: References: Message-ID: Daiki Ueno commented: I guess we can close this for now, and reopen it once those other ciphersuites are supported in userspace. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434#note_1216893365 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 11:45:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 10:45:19 +0000 Subject: [gnutls-devel] GnuTLS | No security validation in ChangeCipherSpec payload (#1439) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1439 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 11:45:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 10:45:33 +0000 Subject: [gnutls-devel] GnuTLS | certificate compression: unsolicited CompressedCertificate is accepted (#1440) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1440 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 11:46:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 10:46:56 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 11:47:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 10:47:11 +0000 Subject: [gnutls-devel] GnuTLS | Missing DLLs in windows binaries (#1441) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1441 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 11:54:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 10:54:12 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: decryption failure with ChaCha20-Poly1305 in TLS 1.2 (#1443) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1443 When tls.ko is loaded with the kernel 6.0.13, `tests/ktls.sh` fails with the following: ```console /proc/modules:tls 126976 1 - Live 0x0000000000000000 running ktls test with NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM client: Peer has closed the TLS connection running ktls test with NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM client: Peer has closed the TLS connection running ktls test with NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CCM client: Peer has closed the TLS connection running ktls test with NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305 client:103: client: Error: Decryption has failed. _check_wait_status:167: Child died with status 1 FAIL ktls.sh (exit status: 1) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1443 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 13:07:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 12:07:11 +0000 Subject: [gnutls-devel] GnuTLS | record: enable check on CCS content also in TLS 1.2 (!1677) In-Reply-To: References: Message-ID: Reviewer changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 13:18:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 12:18:31 +0000 Subject: [gnutls-devel] GnuTLS | record: enable check on CCS content also in TLS 1.2 (!1677) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Code LGTM, limited manual testing found no problems -> approving. * TLS 1.2, sending a CCS with 0x02 for a value triggers the newly added assert: ``` |<5>| REC[0x213b560]: Expected Packet ChangeCipherSpec(20) |<5>| REC[0x213b560]: Received Packet ChangeCipherSpec(20) with length: 1 |<5>| REC[0x213b560]: Decrypted Packet[2] ChangeCipherSpec(20) with length: 1 |<3>| ASSERT: ../../lib/record.c[record_add_to_buffers]:863 |<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1606 |<3>| ASSERT: ../../lib/record.c[_gnutls_recv_int]:1804 |<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3438 |<3>| ASSERT: ../../lib/handshake.c[handshake_server]:3641 Error in handshake: An unexpected TLS packet was received. ``` * TLS 1.2, sending a CCS with 0x0101 for a value triggers the newly added assert: ``` |<5>| REC[0xf8d060]: Expected Packet ChangeCipherSpec(20) |<5>| REC[0xf8d060]: Received Packet ChangeCipherSpec(20) with length: 2 |<5>| REC[0xf8d060]: Decrypted Packet[2] ChangeCipherSpec(20) with length: 2 |<3>| ASSERT: ../../lib/record.c[record_add_to_buffers]:863 |<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1606 |<3>| ASSERT: ../../lib/record.c[_gnutls_recv_int]:1804 |<3>| ASSERT: ../../lib/handshake.c[recv_handshake_final]:3438 |<3>| ASSERT: ../../lib/handshake.c[handshake_server]:3641 Error in handshake: An unexpected TLS packet was received. |<5>| REC: Sending Alert[2|10] - Unexpected message ``` * TLS 1.3, sending a CCS after Finished still results in unexpected_message: ``` |<5>| REC[0xf8d060]: Expected Packet Application Data(23) |<5>| REC[0xf8d060]: Received Packet ChangeCipherSpec(20) with length: 1 |<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1378 |<3>| ASSERT: ../../lib/record.c[_gnutls_recv_int]:1804 Error while receiving data |<5>| REC: Sending Alert[2|10] - Unexpected message |<5>| REC[0xf8d060]: Preparing Packet Alert(21) with length: 2 and min pad: 0 |<9>| ENC[0xf8d060]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 2 |<5>| REC[0xf8d060]: Sent Packet[3] Alert(21) in epoch 2 and length: 24 Error: An unexpected TLS packet was received ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677#note_1217485847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 13:19:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 12:19:08 +0000 Subject: [gnutls-devel] GnuTLS | record: enable check on CCS content also in TLS 1.2 (!1677) In-Reply-To: References: Message-ID: Merge request !1677 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677 Project:Branches: dueno/gnutls:wip/dueno/ccs-value to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 18:43:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 17:43:25 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add the HMAC functions functions (!5) References: Message-ID: Vivien Kraus created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/5 Project:Branches: vivien_/guile:hmac-functions to gnutls/guile:master Author: Vivien Kraus Hello, I would like to replace all my uses of guile-gcrypt with gnutls. I?m starting small, so first, here are the HMAC functions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 23:53:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 22:53:54 +0000 Subject: [gnutls-devel] GnuTLS | record: enable check on CCS content also in TLS 1.2 (!1677) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review and checking. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677#note_1218224178 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 23:54:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 22:54:01 +0000 Subject: [gnutls-devel] GnuTLS | No security validation in ChangeCipherSpec payload (#1439) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1677 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1677) Issue #1439: https://gitlab.com/gnutls/gnutls/-/issues/1439 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1439 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 21 23:54:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 22:54:01 +0000 Subject: [gnutls-devel] GnuTLS | record: enable check on CCS content also in TLS 1.2 (!1677) In-Reply-To: References: Message-ID: Merge request !1677 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677 Project:Branches: dueno/gnutls:wip/dueno/ccs-value to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1677 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 00:49:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 23:49:18 +0000 Subject: [gnutls-devel] GnuTLS | certificate compression: unsolicited CompressedCertificate is accepted (#1440) In-Reply-To: References: Message-ID: Reassigned Issue 1440 https://gitlab.com/gnutls/gnutls/-/issues/1440 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1440 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 00:49:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 23:49:32 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Reassigned Issue 1419 https://gitlab.com/gnutls/gnutls/-/issues/1419 Assignee changed to Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 00:50:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 23:50:57 +0000 Subject: [gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429) In-Reply-To: References: Message-ID: Reassigned Issue 1429 https://gitlab.com/gnutls/gnutls/-/issues/1429 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 00:51:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 23:51:00 +0000 Subject: [gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 00:51:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 23:51:42 +0000 Subject: [gnutls-devel] GnuTLS | No security validation in ChangeCipherSpec payload (#1439) In-Reply-To: References: Message-ID: Reassigned Issue 1439 https://gitlab.com/gnutls/gnutls/-/issues/1439 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1439 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 00:53:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 23:53:54 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit-trust: investigate whether CKA_NSS_{SERVER, EMAIL}_DISTRUST_AFTER can be used (#912) In-Reply-To: References: Message-ID: Daiki Ueno commented: This is becoming important (for TrustCor CAs). Targeting 3.8.0. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/912#note_1218252314 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 00:53:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Dec 2022 23:53:58 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit-trust: investigate whether CKA_NSS_{SERVER, EMAIL}_DISTRUST_AFTER can be used (#912) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/912 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 01:31:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Dec 2022 00:31:01 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Simon Josefsson commented: Thank you - looks good to me, but could you make CI/CD pass, update the manual and add NEWS entries too? @civodul, any comments? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1218265181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 17:31:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Dec 2022 16:31:34 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: How should I proceed when debian oldstable does not have the function I?want to bind? Should I make it conditional? Should I?just abandon it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219176357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 18:21:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Dec 2022 17:21:15 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: If we had a newer GnuTLS target, we could have hmac-copy. This is a useful function, because it lets you partially hash things (see the third manual example at ea333091) with prompts. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219284508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 22:32:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Dec 2022 21:32:52 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219475767 I don?t understand why the Ubuntu22.04-release failed. It always worked fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219475767 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 23:25:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Dec 2022 22:25:41 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Simon Josefsson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219501808 Maybe you could try adding --force to the 'git checkout'? Just an idea, I don't really understand from the build log what is really happening there. Don't worry if that is the only check that fails though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219501808 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 22 23:28:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Dec 2022 22:28:54 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Simon Josefsson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219503037 Maybe this could be enabled only when newer GnuTLS is used? Just because we should work with old GnuTLS doesn't mean we can't utilize features from newer GnuTLS when those are available. It just has to be done a bit more carefully/complicated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219503037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 02:59:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 01:59:24 +0000 Subject: [gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1219572941 I wrote: > Anyway I think I was able to reproduce it partially with gnutls-serv/gnutls-cli: Actually this only happens with KTLS enabled on the system. > export GNUTLS_NEXT_CLI=gnutls-cli It looks like GNUTLS_NEXT_SERV also needs to be set (otherwise the complete test case is skipped). With this, I cannot reproduce the issues: the server responds with Server Hello in the second handshake without HRR, and thus there is no chance that the client sends Client Hello twice. I'm attaching the logs ([o-cli-1.log](/uploads/5f5d1bcdb1b3072b92b89e774a380192/o-cli-1.log) and [o-srv-1.log](/uploads/c602c589e548cb19c171417b069598ba/o-srv-1.log)) and [hrr.pcapng](/uploads/9a201c808cbdd0c282a3593fe7a19655/hrr.pcapng). Could you take a look? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1219572941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 05:25:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 04:25:11 +0000 Subject: [gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429) In-Reply-To: References: Message-ID: Hao Yu commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1219627534 >It looks like GNUTLS_NEXT_SERV also needs to be set (otherwise the complete test case is skipped). Yes.sorry for that. > Actually this only happens with KTLS enabled on the system. How to check if KTLS enabled ? below is my mod list. There is no `ktls` mod. ``` Module Size Used by btrfs 1536000 0 blake2b_generic 20480 0 xor 24576 1 btrfs zstd_compress 225280 1 btrfs raid6_pq 122880 1 btrfs ufs 106496 0 qnx4 16384 0 hfsplus 114688 0 hfs 65536 0 minix 49152 0 ntfs 122880 0 msdos 20480 0 jfs 233472 0 xfs 1753088 0 cpuid 16384 0 cmac 16384 0 nls_utf8 16384 10 cifs 1200128 0 cifs_arc4 16384 1 cifs cifs_md4 16384 1 cifs nfsv3 49152 1 nfs_acl 16384 1 nfsv3 rpcsec_gss_krb5 32768 0 auth_rpcgss 139264 1 rpcsec_gss_krb5 nfsv4 831488 0 nfs 393216 3 nfsv4,nfsv3 lockd 110592 2 nfsv3,nfs grace 16384 1 lockd tls 114688 0 nft_counter 16384 66 nft_chain_nat 16384 18 xt_nat 16384 4 xt_tcpudp 20480 4 nft_compat 20480 26 nf_tables 249856 175 nft_compat,nft_counter,nft_chain_nat veth 32768 0 ceph 466944 1 libceph 450560 1 ceph fscache 389120 3 ceph,cifs,nfs netfs 45056 2 ceph,fscache xt_conntrack 16384 5 xt_MASQUERADE 20480 7 nf_conntrack_netlink 49152 0 nfnetlink 20480 8 nft_compat,nf_conntrack_netlink,nf_tables xfrm_user 40960 5 xfrm_algo 16384 1 xfrm_user xt_addrtype 16384 10 iptable_filter 16384 1 iptable_nat 16384 1 nf_nat 49152 4 xt_nat,nft_chain_nat,iptable_nat,xt_MASQUERADE nf_conntrack 172032 5 xt_conntrack,nf_nat,xt_nat,nf_conntrack_netlink,xt_MASQUERADE nf_defrag_ipv6 24576 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack libcrc32c 16384 6 nf_conntrack,nf_nat,btrfs,nf_tables,xfs,libceph bpfilter 16384 0 br_netfilter 28672 0 bridge 307200 1 br_netfilter stp 16384 1 bridge llc 16384 2 bridge,stp aufs 270336 0 overlay 151552 27 binfmt_misc 24576 1 nls_iso8859_1 16384 1 intel_rapl_msr 20480 0 intel_rapl_common 40960 1 intel_rapl_msr i10nm_edac 20480 0 ipmi_ssif 40960 0 nfit 77824 1 i10nm_edac x86_pkg_temp_thermal 20480 0 intel_powerclamp 20480 0 coretemp 24576 0 kvm_intel 376832 67 kvm 1011712 1 kvm_intel crct10dif_pclmul 16384 1 ghash_clmulni_intel 16384 0 aesni_intel 376832 8 mgag200 40960 1 crypto_simd 16384 1 aesni_intel cryptd 24576 2 crypto_simd,ghash_clmulni_intel drm_kms_helper 307200 3 mgag200 dell_smbios 28672 0 cdc_ether 24576 0 usbnet 53248 1 cdc_ether rapl 20480 0 dcdbas 20480 1 dell_smbios mii 20480 1 usbnet wmi_bmof 16384 0 acpi_ipmi 20480 0 cec 61440 1 drm_kms_helper dell_wmi_descriptor 20480 1 dell_smbios intel_cstate 20480 0 rc_core 61440 1 cec i2c_algo_bit 16384 1 mgag200 ipmi_si 73728 1 fb_sys_fops 16384 1 drm_kms_helper mei_me 40960 0 syscopyarea 16384 1 drm_kms_helper ipmi_devintf 20480 0 isst_if_mbox_pci 16384 0 isst_if_mmio 16384 0 sysfillrect 20480 1 drm_kms_helper intel_pch_thermal 20480 0 ipmi_msghandler 122880 4 ipmi_devintf,ipmi_si,acpi_ipmi,ipmi_ssif efi_pstore 16384 0 sysimgblt 16384 1 drm_kms_helper isst_if_common 24576 2 isst_if_mmio,isst_if_mbox_pci mei 135168 1 mei_me acpi_power_meter 20480 0 mac_hid 16384 0 sch_fq_codel 24576 9 msr 16384 0 parport_pc 53248 0 ppdev 24576 0 lp 28672 0 parport 69632 3 parport_pc,lp,ppdev drm 618496 4 drm_kms_helper,mgag200 sunrpc 581632 12 nfsv4,auth_rpcgss,lockd,nfsv3,rpcsec_gss_krb5,nfs_acl,nfs ip_tables 32768 2 iptable_filter,iptable_nat x_tables 53248 9 xt_conntrack,iptable_filter,nft_compat,xt_tcpudp,xt_addrtype,xt_nat,ip_tables,iptable_nat,xt_MASQUERADE autofs4 49152 5 ahci 45056 0 i2c_i801 36864 0 xhci_pci 24576 0 crc32_pclmul 16384 0 megaraid_sas 192512 3 tg3 192512 0 i2c_smbus 20480 1 i2c_i801 libahci 45056 1 ahci xhci_pci_renesas 20480 1 xhci_pci intel_pmt 16384 0 ``` >With this, I cannot reproduce the issues: the server responds with Server Hello in the second handshake without HRR, and thus there is no chance of Client Hello being sent twice. I just compare your log with my log. HRR is received by `gnutls-cli`. I do not get the reason from the logs. In my test logs [o-cli-1.log](/uploads/5ee680dafbf2d15a5e739ff58aef31b1/o-cli-1.log) and [o-srv-1.log](/uploads/e094356e7270413db7d3dabd05b27056/o-srv-1.log), `gnutls-cli` can receive HRR message. And my environment is gnutls-3.7.3 and ubuntu-22.04 And I have update the branch to enable more logs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1219627534 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 07:27:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 06:27:56 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Reassigned merge request 1493 https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 08:44:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 07:44:39 +0000 Subject: [gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1219727430 > How to check if KTLS enabled ? below is my mod list. There is no `ktls` mod. I see there is the `tls` module listed, though I'm not sure if the Ubuntu gnutls package actually enables it. > And I have update the branch to enable more logs. I've just checked with the clean build after `git clean -xdff` and `git pull --rebase`, but the result is the same. Perhaps we might have added some changes affecting this between 3.7.3 and 3.7.8. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1219727430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:10:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:10:11 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: civodul started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219862532 > #undef FUNC_NAME > > > +/* Hmac */ > + > +SCM_DEFINE (scm_gnutls_hmac_fast, "hmac-fast", 3, 0, 0, > + (SCM algorithm, SCM key, SCM ptext), > + "Hash @var{ptext} with @var{algorithm}, and " > + "the secret @var{key}. It will not work if " > + "@var{algorithm} requires a nonce, such as " > + "UMAC or GMAC. Both @var{key} and @var{ptext} " > + "must be bytevectors.") > +#define FUNC_NAME s_scm_gnutls_hmac_fast I'm not sure `hmac-fast` is a descriptive name. Maybe `compute-hmac` would be more appropriate, even if it differs from the name GnuTLS uses? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219862532 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:12:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:12:41 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: civodul started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219865011 > + > +SCM_DEFINE (scm_gnutls_hmac_copy, "hmac-copy", 1, 0, 0, > + (SCM hmac), > + "Return a copy of the current @var{hmac} state, " > + "or @code{#f} if this is not supported.") > +#define FUNC_NAME s_scm_gnutls_hmac_copy > +{ > + scm_gnutls_hmac_and_algorithm_t c_hmac = > + scm_to_gnutls_hmac (hmac, 1, FUNC_NAME); > + gnutls_hmac_hd_t c_ret = NULL; > + c_ret = gnutls_hmac_copy (c_hmac->handle); > + if (c_ret == NULL) > + { > + return SCM_BOOL_F; > + } > + scm_gnutls_hmac_and_algorithm_t c_combined = Should it just call `scm_gnutls_error` when it gets NULL? That would make it more convenient to use (no need to check for `#f`). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219865011 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:14:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:14:09 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: civodul started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219866366 > + (SCM hmac), > + "Return the algorithm that @var{hmac} has been built for.") > +#define FUNC_NAME s_scm_gnutls_hmac_algorithm > +{ > + scm_gnutls_hmac_and_algorithm_t c_hmac = > + scm_to_gnutls_hmac (hmac, 1, FUNC_NAME); > + return scm_from_gnutls_mac (c_hmac->algorithm); > +} > + > +#undef FUNC_NAME > + > +SCM_DEFINE (scm_gnutls_hmac_len, "hmac-len", 1, 0, 0, > + (SCM algorithm), > + "Return the length of the @var{algorithm} " > + "HMAC output, or 0 if unavailable.") > +#define FUNC_NAME s_scm_gnutls_hmac_len Nitpick: `hmac-length`, for consistency with the overall naming scheme. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219866366 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:15:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:15:21 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: civodul started a new discussion on guile/tests/hmac.scm: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219867653 > + (char<=? digit #\f)) > + (+ (- (char->integer digit) (char->integer #\a)) > + 10)) > + ((and (char>=? digit #\A) > + (char<=? digit #\F)) > + (+ (- (char->integer digit) (char->integer #\A)) > + 10)))) > + digits)) > + (digit-pairs > + (let get ((digits digits-as-numbers)) > + (if (null? digits) > + '() > + (cons > + (+ (* (car digits) 16) (cadr digits)) > + (get (cddr digits))))))) > + (u8-list->bytevector digit-pairs))) Please use `(ice-9 match)`; we don't want to count the number of `d`s in `cddddr`. :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219867653 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:20:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:20:15 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: civodul started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219872476 > > weak_refs = scm_make_weak_key_hash_table (scm_from_int (42)); > weak_refs = scm_permanent_object (weak_refs); > +#ifdef HAVE_GNUTLS_HMAC_GET_KEY_SIZE > + scm_add_feature ("gnutls-hmac-key-size"); > +#endif /* HAVE_GNUTLS_HMAC_GET_KEY_SIZE */ > } Instead of using `scm_add_feature` and `NOT_PROVIDED`, how about placing the whole `scm_gnutls_hmac_key_size` definition in `#ifdef HAVE_GNUTLS_HMAC_GET_KEY_SIZE`? That way user code could check `(defined? 'hmac-key-size)` and it would immediately fail, and possibly get an unbound-variable warning at build time, if it uses the missing procedure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219872476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:21:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:21:01 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219873228 > #undef FUNC_NAME > > > +/* Hmac */ > + > +SCM_DEFINE (scm_gnutls_hmac_fast, "hmac-fast", 3, 0, 0, > + (SCM algorithm, SCM key, SCM ptext), > + "Hash @var{ptext} with @var{algorithm}, and " > + "the secret @var{key}. It will not work if " > + "@var{algorithm} requires a nonce, such as " > + "UMAC or GMAC. Both @var{key} and @var{ptext} " > + "must be bytevectors.") > +#define FUNC_NAME s_scm_gnutls_hmac_fast The non-fast method also computes the hmac. Maybe, `hmac-direct`? `hmac-immediate`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219873228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:23:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:23:12 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: civodul started a new discussion on doc/gnutls-guile.texi: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219875435 > > This is it! > > + at node Using GnuTLS as a cryptography library > + at section Using GnuTLS as a cryptography library > + > +The library provides support for @dfn{Hash Message Authentication > +Code} (@emph{hmac}). This API provides a way to hash a message in a > +way that is only reproducible with the knowledge of a secret. > + > + at c WARNING!!! These examples are taken from the hmac.scm test. They > + at c are then re-indented. If you wish to change these, please change > + at c them also in the hmac.scm test. > + How about moving the examples in a separate file? That way, the Texinfo file could `@include` them, and the Scheme file could `(include ...)` them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219875435 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:24:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:24:57 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: civodul commented: Hullo! Nice work @vivien\_! I commented on various bits (seems to have worked) but overall I think it's a nice addition. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219877206 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:26:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:26:36 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219879037 > + > +SCM_DEFINE (scm_gnutls_hmac_copy, "hmac-copy", 1, 0, 0, > + (SCM hmac), > + "Return a copy of the current @var{hmac} state, " > + "or @code{#f} if this is not supported.") > +#define FUNC_NAME s_scm_gnutls_hmac_copy > +{ > + scm_gnutls_hmac_and_algorithm_t c_hmac = > + scm_to_gnutls_hmac (hmac, 1, FUNC_NAME); > + gnutls_hmac_hd_t c_ret = NULL; > + c_ret = gnutls_hmac_copy (c_hmac->handle); > + if (c_ret == NULL) > + { > + return SCM_BOOL_F; > + } > + scm_gnutls_hmac_and_algorithm_t c_combined = What error should it emit? `GNUTLS_E_ILLEGAL_PARAMETER`? There is `GNUTLS_E_UNKNOWN_ALGORITHM` too but it?s not what we want exactly, because the algorithm is known, we just don?t know how to copy its state. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219879037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 11:36:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 10:36:06 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219895171 > > weak_refs = scm_make_weak_key_hash_table (scm_from_int (42)); > weak_refs = scm_permanent_object (weak_refs); > +#ifdef HAVE_GNUTLS_HMAC_GET_KEY_SIZE > + scm_add_feature ("gnutls-hmac-key-size"); > +#endif /* HAVE_GNUTLS_HMAC_GET_KEY_SIZE */ > } What should I write in gnutls.in then? Should I export a non-defined function? Should I export it only if it is defined? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1219895171 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 14:30:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 13:30:47 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220064702 > > weak_refs = scm_make_weak_key_hash_table (scm_from_int (42)); > weak_refs = scm_permanent_object (weak_refs); > +#ifdef HAVE_GNUTLS_HMAC_GET_KEY_SIZE > + scm_add_feature ("gnutls-hmac-key-size"); > +#endif /* HAVE_GNUTLS_HMAC_GET_KEY_SIZE */ > } I decided to go all in with this approach. For newer mac algorithms, I fixed the C code generation function to not define the mac/thing value if the value is not available. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220064702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 15:03:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 14:03:47 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220094340 > + > +SCM_DEFINE (scm_gnutls_hmac_copy, "hmac-copy", 1, 0, 0, > + (SCM hmac), > + "Return a copy of the current @var{hmac} state, " > + "or @code{#f} if this is not supported.") > +#define FUNC_NAME s_scm_gnutls_hmac_copy > +{ > + scm_gnutls_hmac_and_algorithm_t c_hmac = > + scm_to_gnutls_hmac (hmac, 1, FUNC_NAME); > + gnutls_hmac_hd_t c_ret = NULL; > + c_ret = gnutls_hmac_copy (c_hmac->handle); > + if (c_ret == NULL) > + { > + return SCM_BOOL_F; > + } > + scm_gnutls_hmac_and_algorithm_t c_combined = Copyright law has gone too far, now copying an hmac state can be illegal too! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220094340 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 18:20:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 17:20:56 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on doc/gnutls-guile.texi: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220273544 > > This is it! > > + at node Using GnuTLS as a cryptography library > + at section Using GnuTLS as a cryptography library > + > +The library provides support for @dfn{Hash Message Authentication > +Code} (@emph{hmac}). This API provides a way to hash a message in a > +way that is only reproducible with the knowledge of a secret. > + > + at c WARNING!!! These examples are taken from the hmac.scm test. They > + at c are then re-indented. If you wish to change these, please change > + at c them also in the hmac.scm test. > + I could not get (include ?) or (include-from-path ?) to work consistently across all guile versions, but load-from-path works :shrug: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220273544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 19:09:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 18:09:08 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220302063 > #undef FUNC_NAME > > > +/* Hmac */ > + > +SCM_DEFINE (scm_gnutls_hmac_fast, "hmac-fast", 3, 0, 0, > + (SCM algorithm, SCM key, SCM ptext), > + "Hash @var{ptext} with @var{algorithm}, and " > + "the secret @var{key}. It will not work if " > + "@var{algorithm} requires a nonce, such as " > + "UMAC or GMAC. Both @var{key} and @var{ptext} " > + "must be bytevectors.") > +#define FUNC_NAME s_scm_gnutls_hmac_fast Let?s go with hmac-direct? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220302063 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 19:59:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 18:59:15 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220323517 I tried that, but it didn?t work. I don?t understand. Is it because I use my own runner? Is there a hidden CI/CD environment variable that I don?t have? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220323517 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 23:50:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 22:50:01 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220398289 Since I?can?t run that job on my "master" (https://gitlab.com/vivien_/guile/-/jobs/3520152618), then I?ll assume this is not a problem. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1220398289 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 23:50:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 22:50:10 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add the HMAC functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !5 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 23 23:52:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Dec 2022 22:52:56 +0000 Subject: [gnutls-devel] GnuTLS | MAX_RECORD_SEND_SIZE: remove macro (#815) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/815 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 24 09:19:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Dec 2022 08:19:27 +0000 Subject: [gnutls-devel] GnuTLS | build: remove MAX_RECORD_SEND_SIZE in favor of max_record_send_size (!1684) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1684 Project:Branches: dueno/gnutls:wip/dueno/max-record-send-size to gnutls/gnutls:master Author: Daiki Ueno Fixes: #815 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1684 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 24 09:20:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Dec 2022 08:20:55 +0000 Subject: [gnutls-devel] GnuTLS | Support more SRTP profiles (AEAD_AES_256_GCM...) (#1266) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 (Oct 1, 2022?Jan 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1266 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 24 09:20:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Dec 2022 08:20:58 +0000 Subject: [gnutls-devel] GnuTLS | Support more SRTP profiles (AEAD_AES_256_GCM...) (#1266) In-Reply-To: References: Message-ID: Reassigned Issue 1266 https://gitlab.com/gnutls/gnutls/-/issues/1266 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1266 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 24 09:21:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Dec 2022 08:21:12 +0000 Subject: [gnutls-devel] GnuTLS | MAX_RECORD_SEND_SIZE: remove macro (#815) In-Reply-To: References: Message-ID: Reassigned Issue 815 https://gitlab.com/gnutls/gnutls/-/issues/815 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/815 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 24 14:25:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Dec 2022 13:25:22 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220510193 > + char *p; > + int ret; > + > + memset(buffer, 0, sizeof(*buffer)); > + buffer->cap = sizeof(buffer->base); > + buffer->ptr = buffer->base; > + > + len = strlen(base); > + > + ret = pathbuf_reserve(buffer, len); > + if (ret < 0) { > + return ret; > + } > + > + p = stpcpy(buffer->ptr, base); > + *p = '\0'; stpcpy already copies the trailing \0, so this line isn't needed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220510193 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 24 14:25:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Dec 2022 13:25:42 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220510216 > + > + len = strlen(component); > + > + /* path separator */ > + if (!INT_ADD_OK(len, 1, &len)) { > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + } > + > + ret = pathbuf_reserve(buffer, len); > + if (ret < 0) { > + return ret; > + } > + > + p = stpcpy(&buffer->ptr[buffer->len], "/"); > + p = stpcpy(p, component); > + *p = '\0'; stpcpy already copies the trailing \0, so this line isn't needed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220510216 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 24 14:28:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Dec 2022 13:28:00 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220510420 > +int > +_gnutls_pathbuf_truncate(struct gnutls_pathbuf_st *buffer, size_t len) > +{ > + if (len > buffer->len) { > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + } > + buffer->len = len; > + buffer->ptr[len] = '\0'; > + return 0; > +} > + > +void > +_gnutls_pathbuf_deinit(struct gnutls_pathbuf_st *buffer) > +{ > + if (buffer->ptr != buffer->base) { > + gnutls_free(buffer->ptr); To quickly crash on a re-use after deinit, I'd reset/nullify the whole structure here. As long as this isn't done in a very hot path, it should be fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220510420 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 24 14:29:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Dec 2022 13:29:51 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220510637 > + > + /* path separator */ > + if (!INT_ADD_OK(len, 1, &len)) { > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + } > + > + ret = pathbuf_reserve(buffer, len); > + if (ret < 0) { > + return ret; > + } > + > + p = stpcpy(&buffer->ptr[buffer->len], "/"); > + p = stpcpy(p, component); > + *p = '\0'; > + > + buffer->len += len; Why not using INT_ADD_OK here (maybe do this into a tmp variable further up to bail out early) ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220510637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 02:55:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 01:55:58 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220571071 > + > + /* path separator */ > + if (!INT_ADD_OK(len, 1, &len)) { > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + } > + > + ret = pathbuf_reserve(buffer, len); > + if (ret < 0) { > + return ret; > + } > + > + p = stpcpy(&buffer->ptr[buffer->len], "/"); > + p = stpcpy(p, component); > + *p = '\0'; > + > + buffer->len += len; I think it is safe to assume no overflow can happen at this point, because the above `pathbuf_reserve` checks that. I've added a comment to be more explicit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220571071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 12:00:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 11:00:10 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: All discussions on merge request !1493 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 12:03:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 11:03:20 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Merge request !1493 was approved by Tim R?hsen Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 Project:Branches: dueno/gnutls:wip/dueno/ca-path to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 12:06:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 11:06:24 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220614559 > + len = buffer->len; > + > + if (!INT_ADD_OK(len, to_add, &len)) { > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + } > + > + /* NUL terminator. */ > + if (!INT_ADD_OK(len, 1, &len)) { > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + } > + > + if (len <= buffer->cap) { > + return 0; > + } > + > + if (!INT_MULTIPLY_OK(len, 2, &cap)) { Btw, the fedora-static-analyzer runs since 83 minutes, hanging in cppcheck. Last message is ``` 'sizeofwithnumericparameter:lib/pathbuf.c:52,warning,Suspicious usage of 'sizeof' with a numeric constant as parameter.' ``` Maybe you take a look at this, not sure what it means =) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220614559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 16:32:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 15:32:53 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220644741 > + len = buffer->len; > + > + if (!INT_ADD_OK(len, to_add, &len)) { > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + } > + > + /* NUL terminator. */ > + if (!INT_ADD_OK(len, 1, &len)) { > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + } > + > + if (len <= buffer->cap) { > + return 0; > + } > + > + if (!INT_MULTIPLY_OK(len, 2, &cap)) { Me neither; so I added it to `devel/cppcheck.suppressions` :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220644741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 16:43:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 15:43:51 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: All discussions on merge request !1493 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 16:44:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 15:44:01 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1220647153 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 16:44:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 15:44:07 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Merge request !1493 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 Project:Branches: dueno/gnutls:wip/dueno/ca-path to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 25 16:46:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 25 Dec 2022 15:46:07 +0000 Subject: [gnutls-devel] GnuTLS | srtp: support AES-GCM profiles (!1685) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1685 Project:Branches: dueno/gnutls:wip/dueno/srtp to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1266 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1685 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 26 11:01:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Dec 2022 10:01:04 +0000 Subject: [gnutls-devel] Guile-GnuTLS | I cannot run the Ubuntu22.04-release job in my gnutls-guile fork (#10) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created an issue: https://gitlab.com/gnutls/guile/-/issues/10 Hello, When I tried to run the Ubuntu22.04-release job in my fork, I get a weird error: https://gitlab.com/vivien_/guile/-/jobs/3520152618 This is a problem because it means the CI for my merge request appears to fail (https://gitlab.com/gnutls/guile/-/merge_requests/5). Is there some CI/CD environment that I have to set up? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 11:20:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 10:20:17 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1221557527 > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +#include "config.h" > + > +#include "pathbuf.h" > +#include "gnutls_int.h" > +#include > +#include "intprops.h" > + > +static int > +pathbuf_reserve(struct gnutls_pathbuf_st *buffer, size_t to_add) > +{ > + size_t cap; ``` pathbuf.c:34:16: error: unused variable 'cap' [-Werror=unused-variable] 34 | size_t cap; | ^~~ ``` :smile: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1221557527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 13:24:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 12:24:15 +0000 Subject: [gnutls-devel] GnuTLS | trust: make filesystem path construction flexible (!1493) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/pathbuf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1221744032 > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +#include "config.h" > + > +#include "pathbuf.h" > +#include "gnutls_int.h" > +#include > +#include "intprops.h" > + > +static int > +pathbuf_reserve(struct gnutls_pathbuf_st *buffer, size_t to_add) > +{ > + size_t cap; Yes, I'm aware of that; it is a left-over when I made the logic simpler by not using `INT_ADD_OK` as much as possible, though it didn't help. Apparently cppcheck does not cope well with "intprops.h" (from Gnulib): ```console $ git clone --depth=1 https://git.sv.gnu.org/git/gnulib.git $ cd gnulib $ ./gnulib-tool --create-testdir --dir t intprops $ cd t $ ./configure $ time cppcheck --force -q -Igllib -Igltests -I. --error-exitcode=1 gltests/test-intprops.c -j2 ... never stop ... ``` I'm attempting to report it to the cppcheck upstream, by sending a htpasswd hash through sourceforge messaging as [suggested](https://trac.cppcheck.net/#Reportingaproblemsuggestimprovement), but haven't received response yet. Perhaps we should make this check weekly instead of per PR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1493#note_1221744032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 15:00:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 14:00:35 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1686) References: Message-ID: Stefan Kangas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686 Project:Branches: skangas/gnutls:typos to gnutls/gnutls:master Author: Stefan Kangas This fixes several typos in comments, documentation and one test. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 15:22:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 14:22:32 +0000 Subject: [gnutls-devel] GnuTLS | Prefer HTTPS to HTTP in URLs (!1687) References: Message-ID: Stefan Kangas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687 Project:Branches: skangas/gnutls:https to gnutls/gnutls:master Author: Stefan Kangas This updates several links to use HTTPS instead of plain HTTP. All links have been manually tested and confirmed working. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 16:23:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 15:23:16 +0000 Subject: [gnutls-devel] GnuTLS | Prefer HTTPS to HTTP in URLs (!1687) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks; if it is not too much of a burden, it would be nice if we could replace the [snail mail address](https://gitlab.com/gnutls/gnutls/-/blob/d39640db956af253bc97e33981bfee3e65434b33/Makefile.am#L20) with the URL, following the latest [recommendation](https://www.gnu.org/licenses/gpl-howto.html). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687#note_1221945578 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 16:23:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 15:23:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1686) In-Reply-To: References: Message-ID: Merge request !1686 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686 Project:Branches: skangas/gnutls:typos to gnutls/gnutls:master Author: Stefan Kangas Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 16:24:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 15:24:05 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1686) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686#note_1221947184 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 16:23:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 15:23:59 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1686) In-Reply-To: References: Message-ID: Merge request !1686 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686 Project:Branches: skangas/gnutls:typos to gnutls/gnutls:master Author: Stefan Kangas Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 18:26:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 17:26:34 +0000 Subject: [gnutls-devel] GnuTLS | Prefer HTTPS to HTTP in URLs (!1687) In-Reply-To: References: Message-ID: Stefan Kangas commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687#note_1222041453 I did that in the below commits. While I was at it, I also synced the GPL/LGPL license files with the latest versions in Gnulib, which basically only amounted to some minor formatting and an updated URL. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687#note_1222041453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 18:44:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 17:44:09 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1686) In-Reply-To: References: Message-ID: Merge request !1686 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686 Project:Branches: skangas/gnutls:typos to gnutls/gnutls:master Author: Stefan Kangas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1686 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 19:26:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 18:26:33 +0000 Subject: [gnutls-devel] GnuTLS | doc: Fix several minor issues in INSTALL.md (!1688) References: Message-ID: Stefan Kangas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1688 Project:Branches: skangas/gnutls:install-md-fixes to gnutls/gnutls:master Author: Stefan Kangas This fixes some minor issues in INSTALL.md: * Fix reference to moved file. * Fix a dead link, and a typo. * Use two spaces between sentences, and no trailing whitespace. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1688 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 20:35:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 19:35:43 +0000 Subject: [gnutls-devel] GnuTLS | doc: Fix Debian package name texlive-plain-generic (!1689) References: Message-ID: Stefan Kangas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1689 Project:Branches: skangas/gnutls:debian-texlive to gnutls/gnutls:master Author: Stefan Kangas This fixes the name of a Debian package in `README.md`. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1689 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 23:58:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 22:58:44 +0000 Subject: [gnutls-devel] GnuTLS | Prefer HTTPS to HTTP in URLs (!1687) In-Reply-To: References: Message-ID: Merge request !1687 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687 Project:Branches: skangas/gnutls:https to gnutls/gnutls:master Author: Stefan Kangas Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 23:59:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 22:59:15 +0000 Subject: [gnutls-devel] GnuTLS | Prefer HTTPS to HTTP in URLs (!1687) In-Reply-To: References: Message-ID: All discussions on merge request !1687 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1687 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 27 23:59:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 22:59:26 +0000 Subject: [gnutls-devel] GnuTLS | Prefer HTTPS to HTTP in URLs (!1687) In-Reply-To: References: Message-ID: Merge request !1687 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687 Project:Branches: skangas/gnutls:https to gnutls/gnutls:master Author: Stefan Kangas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 28 00:00:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 23:00:25 +0000 Subject: [gnutls-devel] GnuTLS | doc: Fix several minor issues in INSTALL.md (!1688) In-Reply-To: References: Message-ID: Merge request !1688 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1688 Project:Branches: skangas/gnutls:install-md-fixes to gnutls/gnutls:master Author: Stefan Kangas Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1688 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 28 00:00:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 23:00:47 +0000 Subject: [gnutls-devel] GnuTLS | doc: Fix several minor issues in INSTALL.md (!1688) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1688#note_1222259498 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 28 00:00:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 23:00:48 +0000 Subject: [gnutls-devel] GnuTLS | doc: Fix several minor issues in INSTALL.md (!1688) In-Reply-To: References: Message-ID: Merge request !1688 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1688 Project:Branches: skangas/gnutls:install-md-fixes to gnutls/gnutls:master Author: Stefan Kangas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1688 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 28 00:01:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 23:01:14 +0000 Subject: [gnutls-devel] GnuTLS | doc: Fix Debian package name texlive-plain-generic (!1689) In-Reply-To: References: Message-ID: Merge request !1689 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1689 Project:Branches: skangas/gnutls:debian-texlive to gnutls/gnutls:master Author: Stefan Kangas Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1689 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 28 00:01:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 23:01:32 +0000 Subject: [gnutls-devel] GnuTLS | doc: Fix Debian package name texlive-plain-generic (!1689) In-Reply-To: References: Message-ID: Merge request !1689 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1689 Project:Branches: skangas/gnutls:debian-texlive to gnutls/gnutls:master Author: Stefan Kangas Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1689 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 28 00:15:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Dec 2022 23:15:40 +0000 Subject: [gnutls-devel] GnuTLS | doc: Fix Debian package name texlive-plain-generic (!1689) In-Reply-To: References: Message-ID: Merge request !1689 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1689 Project:Branches: skangas/gnutls:debian-texlive to gnutls/gnutls:master Author: Stefan Kangas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1689 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 28 04:46:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 28 Dec 2022 03:46:22 +0000 Subject: [gnutls-devel] GnuTLS | Support external PSK importer (#1355) In-Reply-To: References: Message-ID: Reassigned Issue 1355 https://gitlab.com/gnutls/gnutls/-/issues/1355 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 29 15:23:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 29 Dec 2022 14:23:32 +0000 Subject: [gnutls-devel] Guile-GnuTLS | I cannot run the Ubuntu22.04-release job in my gnutls-guile fork (#10) In-Reply-To: References: Message-ID: Simon Josefsson commented: No it should work, although it isn't heavily tested on branches or forks. The error message is: ``` fatal: tag 'v17.42.23' already exists ``` Did you push a v17.42.23 tag to your clone?! Perhaps the code should do 'tag tag -d v17.42.23' first, although maybe it is actually better to fail in this situation, you wouldn't want any tags 'v17.42.23' in a repository as that would indicate something strange. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/10#note_1223717446 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 30 10:39:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Dec 2022 09:39:55 +0000 Subject: [gnutls-devel] Guile-GnuTLS | I cannot run the Ubuntu22.04-release job in my gnutls-guile fork (#10) In-Reply-To: References: Message-ID: Simon Josefsson commented: I clicked 'fork' on the project, put it as 'guile-gnutls' in my personal namespace, and triggered a CI/CD build. It built fine -- https://gitlab.com/jas/guile-gnutls/-/pipelines/734814113 -- so I think the problem was that you accidentally pushed a v17.42.23 tag to your repository? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/10#note_1224219159 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 30 19:53:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Dec 2022 18:53:00 +0000 Subject: [gnutls-devel] Guile-GnuTLS | I cannot run the Ubuntu22.04-release job in my gnutls-guile fork (#10) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/issues/10#note_1224597772 If I did, gitlab is not showing it to me :( I searched for "17" in the tags page, I got a bunch of gnutls_*_*_17 tags but nothing else. I don?t have such a tag in my local repository. I clicked the "clear runners cache" button in the CI/CD pipelines page, maybe that?s it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/10#note_1224597772 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 30 20:31:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Dec 2022 19:31:49 +0000 Subject: [gnutls-devel] Guile-GnuTLS | I cannot run the Ubuntu22.04-release job in my gnutls-guile fork (#10) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/issues/10#note_1224609655 No, it still does not work :( -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/10#note_1224609655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 30 21:04:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Dec 2022 20:04:12 +0000 Subject: [gnutls-devel] Guile-GnuTLS | I cannot run the Ubuntu22.04-release job in my gnutls-guile fork (#10) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: I tried the git tag -d thing: https://gitlab.com/vivien_/guile/-/jobs/3538561684 To my surprise, there was a tag to delete. However, it still fails. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/10#note_1224617716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: