From gnutls-devel at lists.gnutls.org Sat Jan 1 22:40:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Jan 2022 21:40:47 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: add --mark-always-authenticate option (!1504) References: Message-ID: Alon Bar-Lev created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 Project:Branches: alonbl/gnutls:p11tool-always-auth to gnutls/gnutls:master Author: Alon Bar-Lev ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 2 08:47:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 02 Jan 2022 07:47:00 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: add --mark-always-authenticate option (!1504) In-Reply-To: References: Message-ID: Merge request !1504 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 Project:Branches: alonbl/gnutls:p11tool-always-auth to gnutls/gnutls:master Author: Alon Bar-Lev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 2 08:48:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 02 Jan 2022 07:48:23 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: add --mark-always-authenticate option (!1504) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you; looks good to me. The CI failure should be fixed if we add a similar fix to [this](f62a768a4f8e96560b6288d6cb75fbe007f5ee3c). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504#note_799294105 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 2 18:33:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 02 Jan 2022 17:33:13 +0000 Subject: [gnutls-devel] GnuTLS | doc: updated copyrights for 2022 (!1505) References: Message-ID: Alon Bar-Lev created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1505 Project:Branches: alonbl/gnutls:copyright to gnutls/gnutls:master Author: Alon Bar-Lev Happy new year. ``` doc/gnutls.texi maint.mk: out of date copyright in doc/gnutls.texi; update it make: *** [maint.mk:1283: sc_copyright_check] Error 1 make: *** Waiting for unfinished jobs.... ``` ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1505 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 2 18:34:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 02 Jan 2022 17:34:09 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: add --mark-always-authenticate option (!1504) In-Reply-To: References: Message-ID: Alon Bar-Lev commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504#note_799389603 Unrelated to this patch, fixed in !1505 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504#note_799389603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 3 07:37:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Jan 2022 06:37:57 +0000 Subject: [gnutls-devel] GnuTLS | doc: updated copyrights for 2022 (!1505) In-Reply-To: References: Message-ID: Merge request !1505 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1505 Project:Branches: alonbl/gnutls:copyright to gnutls/gnutls:master Author: Alon Bar-Lev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1505 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 3 07:38:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Jan 2022 06:38:06 +0000 Subject: [gnutls-devel] GnuTLS | doc: updated copyrights for 2022 (!1505) In-Reply-To: References: Message-ID: Merge request !1505 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1505 Project:Branches: alonbl/gnutls:copyright to gnutls/gnutls:master Author: Alon Bar-Lev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1505 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 3 07:53:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Jan 2022 06:53:36 +0000 Subject: [gnutls-devel] GnuTLS | doc: updated copyrights for 2022 (!1505) In-Reply-To: References: Message-ID: Merge request !1505 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1505 Project:Branches: alonbl/gnutls:copyright to gnutls/gnutls:master Author: Alon Bar-Lev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1505 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 3 11:08:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Jan 2022 10:08:03 +0000 Subject: [gnutls-devel] GnuTLS | Draft: remove autogen and libopts dependency (!1506) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 Project:Branches: dueno/gnutls:wip/dueno/remove-autogen to gnutls/gnutls:master Author: Daiki Ueno This series removes dependency on GNU AutoGen for handling options and configuration files. The initial one-off conversion from AutoGen definitions to JSON is done with [parse-autogen](https://gitlab.com/dueno/parse-autogen) program. * [x] replace command line option handling with getopt (#775) * [x] replace template file parsing with minimal parser (#774) * [ ] texinfo generation * [ ] man pages generation ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 3 18:20:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Jan 2022 17:20:01 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: add --mark-always-authenticate option (!1504) In-Reply-To: References: Message-ID: All discussions on merge request !1504 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 3 18:20:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Jan 2022 17:20:05 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: add --mark-always-authenticate option (!1504) In-Reply-To: References: Message-ID: Merge request !1504 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 Project:Branches: alonbl/gnutls:p11tool-always-auth to gnutls/gnutls:master Author: Alon Bar-Lev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 3 20:21:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Jan 2022 19:21:44 +0000 Subject: [gnutls-devel] GnuTLS | Fatal error: An unexpected TLS packet was received. (#1310) References: Message-ID: Rafal Kowalski created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1310 ## Description of problem: While trying to use `gnutls-cli` from Emacs to send emails using smtp protocol, I got the following issue (here reproduced from the command line): ```gnutls-cli --x509cafile /etc/ssl/cert.pem -p 587 smtp.mail.me.com Processed 77 CA certificate(s). Resolving 'smtp.mail.me.com:587'... Connecting to '17.57.154.19:587'... |<1>| Received record packet of unknown type 50 *** Fatal error: An unexpected TLS packet was received. ``` ## Version of gnutls used: 3.7.2 running on a MacOS Mojave 10.14.6 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Build from the tar source file. ## How reproducible: Steps to Reproduce: * `gnutls-cli --x509cafile /etc/ssl/cert.pem -p 587 smtp.mail.me.com` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1310 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 4 14:00:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Jan 2022 13:00:44 +0000 Subject: [gnutls-devel] GnuTLS | Fatal error: An unexpected TLS packet was received. (#1310) In-Reply-To: References: Message-ID: Daiki Ueno commented: Are you sure that the port 587 is accepting TLS connection (not STARTTLS)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_800816700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 4 16:10:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Jan 2022 15:10:15 +0000 Subject: [gnutls-devel] GnuTLS | Fatal error: An unexpected TLS packet was received. (#1310) In-Reply-To: References: Message-ID: Rafal Kowalski commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_800992426 Well, the Apple documentation https://support.apple.com/en-us/HT202304 says: > SSL Required: Yes If you see an error message when using SSL, try using TLS or STARTTLS instead. > Port: 587 so I assume it should handle both TLS and STARTTLS on the same port. They don't provide an option to use 465 as far as I can tell. The crazy thing is that all this setup worked until about two years ago, when it stopped. I couldn't resolve it since. Not sure what happened then though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_800992426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 4 18:04:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Jan 2022 17:04:52 +0000 Subject: [gnutls-devel] GnuTLS | Fatal error: An unexpected TLS packet was received. (#1310) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_801118708 Do as the docs say "try using TLS or STARTTLS instead." ```gnutls-cli --starttls-proto smtp``` works. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_801118708 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 4 18:30:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Jan 2022 17:30:41 +0000 Subject: [gnutls-devel] GnuTLS | Fatal error: An unexpected TLS packet was received. (#1310) In-Reply-To: References: Message-ID: Rafal Kowalski commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_801141617 Indeed, it works from the command line. I know it's not directly GnuTLS related but do you know how to set those arguments `--starttls-proto smtp` for Emacs to pick it up while establishing the STARTTLS? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_801141617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 4 18:54:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Jan 2022 17:54:45 +0000 Subject: [gnutls-devel] GnuTLS | Fatal error: An unexpected TLS packet was received. (#1310) In-Reply-To: References: Message-ID: Rafal Kowalski commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_801158874 @dueno I see that you are also the author of the `startles.el` lisp code for Emacs. Could you help me with the lisp code needed to configure Emacs to use the `--starttls-proto smtp` instead of the default `--starttls`? It would be great to solve this issue finally. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_801158874 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 4 19:22:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Jan 2022 18:22:23 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: add --mark-always-authenticate option (!1504) In-Reply-To: References: Message-ID: Alon Bar-Lev commented: @dueno you should probably add a background entropy injection to the windows slave machines... :smile: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504#note_801177871 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 4 19:33:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Jan 2022 18:33:55 +0000 Subject: [gnutls-devel] GnuTLS | Fatal error: An unexpected TLS packet was received. (#1310) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_801185324 I think that module is obsolete and STARTTLS support is directly integrated into Emacs. The only configuration I have is: ```lisp (setq smtpmail-starttls-credentials '(("host" 587 nil nil)) auth-sources '("something")) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1310#note_801185324 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 5 08:11:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Jan 2022 07:11:23 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno changed the draft status of merge request !1506 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 5 08:26:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Jan 2022 07:26:03 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: add --mark-always-authenticate option (!1504) In-Reply-To: References: Message-ID: Merge request !1504 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 Project:Branches: alonbl/gnutls:p11tool-always-auth to gnutls/gnutls:master Author: Alon Bar-Lev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 6 07:48:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Jan 2022 06:48:13 +0000 Subject: [gnutls-devel] GnuTLS | Fix gtk-doc build, Debian bug #1003075 (!1507) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1507 Project:Branches: ametzler/gnutls:tmp-2022-gtkdoc to gnutls/gnutls:master Author: Andreas Metzler Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code Hello, gtk-doc has been failing silently since for quite some time, any release tarball since 3.6.7 included empty reference deocumentation: ~~~ gnutls-3.6.6/doc/reference/html/: api-index-full.html gnutls-pkcs11.html left.png gnutls-abstract.html gnutls-pkcs12.html right-insensitive.png gnutls-crypto.html gnutls-tpm.html right.png gnutls.devhelp2 gnutls-x509.html style.css gnutls-dtls.html home.png up-insensitive.png gnutls-gnutls.html index.html up.png gnutls-ocsp.html intro.html gnutls-openpgp.html left-insensitive.png gnutls-3.6.7/doc/reference/html/: api-index-full.html intro.html right.png gnutls.devhelp2 left-insensitive.png style.css home.png left.png up-insensitive.png index.html right-insensitive.png up.png ~~~ This was found, diagnosed and fixed by Dennis Filder, I have just tested it, split the patch and generated the merge-request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1507 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 6 13:35:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Jan 2022 12:35:33 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Andreas Metzler commented: Thanks for tackling this, I have looked a little bit and found some minor issues in the generated documentation. e.g. for certtool EXAMPLES and FILES do not end up in the generated manpage p11tool.1 listed many option conflicts, all but the first one seem to have been lost in conversion: ~~~diff --export Export the object specified by the URL - - prohibits these options: - export-stapled - export-chain - export-pubkey + - prohibits the option 'export-pubkey' ~~~ Deprecation warnings have been removed, e.g in certtool.1: ~~~diff - --rsa Generate RSA key. + --rsa + + Generate RSA key. When combined with --generate-privkey generates an RSA private key. - NOTE: THIS OPTION IS DEPRECATED ~~~ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_803113413 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 6 14:01:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Jan 2022 13:01:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix gtk-doc build, Debian bug #1003075 (!1507) In-Reply-To: References: Message-ID: Merge request !1507 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1507 Project:Branches: ametzler/gnutls:tmp-2022-gtkdoc to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1507 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 6 14:01:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Jan 2022 13:01:50 +0000 Subject: [gnutls-devel] GnuTLS | Fix gtk-doc build, Debian bug #1003075 (!1507) In-Reply-To: References: Message-ID: Merge request !1507 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1507 Project:Branches: ametzler/gnutls:tmp-2022-gtkdoc to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1507 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 6 14:01:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Jan 2022 13:01:42 +0000 Subject: [gnutls-devel] GnuTLS | Fix gtk-doc build, Debian bug #1003075 (!1507) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks; that was a good finding. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1507#note_803136375 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 6 14:14:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Jan 2022 13:14:20 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_803152362 Thank you for looking at it. I think I have fixed the latter, though the former needs a bit more modification (the current scripts assume there is only one conflicting option). By the way, the CI is failing for debian-cross* where only Python 2 is installed. I'm trying to update the docker image, but getting this error: ```console W: GPG error: http://deb.debian.org/debian testing InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 E: The repository 'http://deb.debian.org/debian testing InRelease' is not signed. ``` Do you have any clue? The full log is available at: https://gitlab.com/gnutls/build-images/-/jobs/1944935457 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_803152362 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 6 15:03:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Jan 2022 14:03:19 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_803203968 This looks fishy: ~~~ STEP 12: RUN apt-get update -qq -y W: http://deb.debian.org/debian/dists/testing/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. ~~~ It should be world-readable (The file should be 0644 and and the directories above 0755.) Manpages look much better now, certtool.1 has grown some control characters in its output, though, .sp is indented. ~~~diff .SH SYNOPSIS \f\*[B-Font]certtool\fP +.\" Mixture of short (flag) options and long options [\f\*[B-Font]\-flags\f[]] [\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]] -.sp \n(Ppu +[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]] + .sp \n(Ppu .ne 2 ~~~ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_803203968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 12:52:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 11:52:49 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: All discussions on merge request !1506 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 12:52:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 11:52:49 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_804259642 OK, so the CI failure seems to be an issue in the Docker image (debian:testing) itself; I've reverted it to debian:bullseye and it now works. I've also fixed the man-page indentation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_804259642 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 12:54:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 11:54:47 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented: @ametzler @rockdaboot I was initially thinking that this should target the next major release (3.8), but given the user-visible changes are limited it might be safe to include in the next release 3.7.3. Do you have any concerns? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_804261487 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 13:26:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 12:26:28 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Stephan Mueller commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804294999 > unsigned int flags) > { > int ret; > + bool not_approved = false; > > switch (algo) { > case GNUTLS_PK_DH: { I would concur. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804294999 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 13:28:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 12:28:33 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented: If anyone is willing to review, I'd appreciate if you could take a look at the newly added code: - the config file parser code (used by certtool --template) [cfg.c](https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/remove-autogen/src/cfg.c) - getopt wrapper generator [gen-getopt.py](https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/remove-autogen/src/gen-getopt.py) and the generated C code (`src/*-options.c`) - texinfo generator [gen-cmd-texi.py](https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/remove-autogen/doc/scripts/gen-cmd-texi.py) - man generator [gen-cmd-texi.py](https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/remove-autogen/doc/scripts/gen-cmd-man.py) - the python library used by the above scripts [jsonopts.py](https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/remove-autogen/python/jsonopts.py) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_804297257 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 13:33:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 12:33:52 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Stephan Mueller commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804302977 > > break; > } > case GNUTLS_PK_RSA: Any use of keys <= 2048 is non-approved. Thus, whether you mark it as non-approved or fail it is your choice. An encryption/decryption with OAEP using SHA-1, SHA-2 and SHA-3 is fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804302977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 13:56:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 12:56:51 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Merge request !1465 was approved by Stephan Mueller Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 Project:Branches: dueno/gnutls:wip/dueno/fipscontext to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 13:56:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 12:56:46 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Stephan Mueller commented: Agreed. I am good with the changes -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804325661 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 15:43:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 14:43:24 +0000 Subject: [gnutls-devel] GnuTLS | FIPS140: mark HKDF and AES-GCM as approved when used in TLS (#1311) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1311 As suggested in !1465, [HKDF](https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_745619911) and [AES-GCM](https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_745612424) are approved in FIPS when used in TLS, while currently they are marked as non-approved for all uses. We could relax the check a little maybe using a temporary FIPS context, or adding internal API for HKDF and AES-GCM that leaves state change to the caller. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1311 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 15:47:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 14:47:53 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804445976 > > break; > } > case GNUTLS_PK_RSA: We don't have OAEP yet, only RSAES-PKCS1-v1_5. Should it be marked as non-approved? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804445976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 15:52:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 14:52:42 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Stephan Mueller commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804450911 > > break; > } > case GNUTLS_PK_RSA: Hi , > Daiki Ueno commented on a discussion on lib/nettle/pk.c: > https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804445976 > > break; > > > > } > > > > case GNUTLS_PK_RSA: > We don't have OAEP yet, only RSAES-PKCS1-v1_5. Should it be marked as > non-approved? Yes, that is non-approved. Ciao Stephan -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804450911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 17:01:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 16:01:17 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804531805 > > break; > } > case GNUTLS_PK_RSA: Thank you for the confirmation; I've changed pk_encrypt, pk_decrypt, and pk_decrypt2 to mark it non-approved. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804531805 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 17:02:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 16:02:08 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: All discussions on merge request !1465 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 17:03:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 16:03:17 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Daiki Ueno commented: @smuellerDD thank you for the review. For the TLS-only cases, I've opened #1311 to track further changes (cc @pmgdeb). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804534590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 17:27:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 16:27:09 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Merge request !1465 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 Project:Branches: dueno/gnutls:wip/dueno/fipscontext to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 19:25:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 18:25:01 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Stephan Mueller commented: Daiki, there is one more non-approved scenario that I would like to check with you: hmac is disallowed with a key size < 112 bits. Do we have that check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804645742 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 7 19:35:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Jan 2022 18:35:05 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804652599 Good catch, we don't: I'll add a check for that (the CI fortunately failed before merge :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_804652599 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 8 11:04:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 08 Jan 2022 10:04:30 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: All discussions on merge request !1465 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 8 11:04:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 08 Jan 2022 10:04:42 +0000 Subject: [gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465) In-Reply-To: References: Message-ID: Merge request !1465 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 Project:Branches: dueno/gnutls:wip/dueno/fipscontext to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 10 20:30:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 10 Jan 2022 19:30:44 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 Project:Branches: dueno/gnutls:wip/dueno/fips-module-version to gnutls/gnutls:master Author: Daiki Ueno This adds a new configure option --with-fips-module-name, which allows packagers to embed unique module identifier. The embedded module name can be printed if the tester invokes the library as a command: ``` $ ./configure --with-fips-module-name=... $ make $ lib/.libs/libgnutls.so GnuTLS 3.7.2 Copyright (C) 2000-2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. FIPS140 module name: ... libnettle: libnettle.so.8 libhogweed: libhogweed.so.6 libgmp: libgmp.so.10 Please send bug reports to: bugs at gnutls.org ``` ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 07:59:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 06:59:11 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Daiki Ueno changed the draft status of merge request !1508 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 08:02:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 07:02:13 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Daiki Ueno commented: @smuellerDD do you have any thoughts? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_806522008 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 09:47:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 08:47:16 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_806618385 @fweimer-rh do you see any shortcomings in this approach? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_806618385 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 10:59:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 09:59:20 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 was reviewed by Florian Weimer -- Florian Weimer started a new discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_806726712 > + mpz_t n; > + mpz_init(n);])], > + [interp=`$READELF -l conftest$EXEEXT | sed -n "$extract_interp"`]) ```suggestion:-0+0 [interp=`$READELF -lW conftest$EXEEXT | sed -n "$extract_interp"`]) ``` `-W` produces stable output suitable for scripting. Not sure why you need to link against GMP for this check, though. -- Florian Weimer started a new discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_806726718 > + } > + > + fwrite(banner_footer, 1, sizeof(banner_footer)-1, stdout); It would be slightly safer to use `write` (the system call) in this context. This is not a properly linked program, and there are likely issues around stdio initialization. And the code only works if `stdout` is line-buffered (a terminal). If the output is redirected, it won't be printed before the `_exit` system call. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 11:00:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 10:00:15 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Florian Weimer commented: Is the `PT_INTERP` hack really necessary? It tends to trigger awkward corner cases. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_806727761 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 15:05:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 14:05:09 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 Project:Branches: dueno/gnutls:wip/dueno/gnulib to gnutls/gnutls:master Author: Daiki Ueno This may fix issues in the CI. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 16:06:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 15:06:45 +0000 Subject: [gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/pkcs12.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499#note_807137164 > **/ > int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass) > { > return gnutls_pkcs12_generate_mac2(pkcs12, GNUTLS_MAC_SHA1, pass); Good catch, updated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499#note_807137164 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 16:19:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 15:19:55 +0000 Subject: [gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499) In-Reply-To: References: Message-ID: Merge request !1499 was approved by Hubert Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499 Project:Branches: dueno/gnutls:wip/dueno/pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 16:20:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 15:20:02 +0000 Subject: [gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499#note_807155766 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 16:35:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 15:35:36 +0000 Subject: [gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499) In-Reply-To: References: Message-ID: All discussions on merge request !1499 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1499 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 16:35:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 15:35:44 +0000 Subject: [gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499#note_807178086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 16:37:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 15:37:18 +0000 Subject: [gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499) In-Reply-To: References: Message-ID: Merge request !1499 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499 Project:Branches: dueno/gnutls:wip/dueno/pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 16:54:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 15:54:10 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_807206895 > + RUNTIME_LINKER; > + > +_GL_NORETURN_FUNC extern void __libgnutls_main (void); > +void > +__libgnutls_main (void) > +{ > + const gnutls_library_config_st *p; > + > + fwrite(banner_header, 1, sizeof(banner_header)-1, stdout); > + > + fprintf(stdout, "Library configuration:\n"); > + for (p = _gnutls_library_config; p->name; p++) { > + fprintf(stdout, " %s: %s\n", p->name, p->value); > + } > + > + fwrite(banner_footer, 1, sizeof(banner_footer)-1, stdout); Thank you for the suggestion; rewritten using `write`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_807206895 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 16:57:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 15:57:36 +0000 Subject: [gnutls-devel] GnuTLS | global: define entry point of libgnutls when called as executable (4e8b9a35) In-Reply-To: References: Message-ID: Florian Weimer started a new discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/commit/4e8b9a35efaa45859f399d4cebb1950b4e47ea4a#note_807211124 > +static const char banner_footer[] = > + "\nPlease send bug reports to: " PACKAGE_BUGREPORT "\n"; > + > +const char interpreter[] __attribute__ ((section (".interp"))) = > + RUNTIME_LINKER; > + > +_GL_NORETURN_FUNC extern void __libgnutls_main (void); > +void > +__libgnutls_main (void) > +{ > + const gnutls_library_config_st *p; > + > + write(STDOUT_FILENO, banner_header, sizeof(banner_header)-1); > + > +#define MSG "Library configuration:\n" > + write(STDOUT_FILENO, MSG, sizeof(MSG)-1); You could introduce a helper function that combines `write` and `strlen`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/4e8b9a35efaa45859f399d4cebb1950b4e47ea4a#note_807211124 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 11 17:57:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Jan 2022 16:57:36 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: fix CPU feature detection for Intel CPUs (!1487) In-Reply-To: References: Message-ID: All discussions on merge request !1487 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1487 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1487 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 07:37:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 06:37:50 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request [3.6.x] (!1510) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1510 Branches: cherry-pick-c93fab21 to gnutls_3_6_x Author: Daiki Ueno This cherry-picks !1053 to the gnutls_3_6_x branch. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1510 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 07:54:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 06:54:11 +0000 Subject: [gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499) In-Reply-To: References: Message-ID: Merge request !1499 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499 Project:Branches: dueno/gnutls:wip/dueno/pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 08:19:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 07:19:43 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes before the 3.7.3 release (!1511) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1511 Project:Branches: dueno/gnutls:wip/dueno/build-fixes2 to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1511 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 08:20:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 07:20:29 +0000 Subject: [gnutls-devel] GnuTLS | Extend system-override-curves-allowlist test with key generation (!1500) In-Reply-To: References: Message-ID: Merge request !1500 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1500 Project:Branches: asosedkin/gnutls:curve-keygen-allowlist-test to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1500 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 08:38:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 07:38:44 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: fix CPU feature detection for Intel CPUs (!1487) In-Reply-To: References: Message-ID: Merge request !1487 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1487 Project:Branches: dueno/gnutls:wip/dueno/cpuid to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1487 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 08:39:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 07:39:33 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1282: https://gitlab.com/gnutls/gnutls/-/issues/1282 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 08:39:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 07:39:32 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Daiki Ueno commented: Should be fixed in !1487. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_807906142 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 08:43:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 07:43:17 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.3 release ( https://gitlab.com/gnutls/gnutls/-/milestones/32 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 09:08:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 08:08:31 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes before the 3.7.3 release (!1511) In-Reply-To: References: Message-ID: Merge request !1511 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1511 Project:Branches: dueno/gnutls:wip/dueno/build-fixes2 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1511 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 11:22:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 10:22:23 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes before the 3.7.3 release (!1511) In-Reply-To: References: Message-ID: Merge request !1511 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1511 Project:Branches: dueno/gnutls:wip/dueno/build-fixes2 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1511 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 14:52:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 13:52:52 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_808365307 > +[ > + { > + "meta": { > + "desc": "", > + "prog-name": "certtool", > + "prog-title": "GnuTLS certificate tool", > + "prog-desc": "Manipulate certificates and private keys.", > + "detail": "Tool to parse and generate X.509 certificates, requests and private keys.\nIt can be used interactively or non interactively by\nspecifying the template command line option.\n\nThe tool accepts files or supported URIs via the --infile option. In case PIN\nis required for URI access you can provide it using the environment variables GNUTLS_PIN \nand GNUTLS_SO_PIN.\n", > + "short-usage": "certtool [options]\ncerttool --help for usage instructions.\n", > + "explain": "" > + }, > + "options": [ > + { > + "long-option": "debug", > + "short-option": "d", > + "arg-min": "0 ", Would it be hard to make numbers numbers, as in `0` and `9999` instead of `"0 "` and `" 9999"`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_808365307 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 15:22:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 14:22:57 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Add a description of the new feature/bug fix. Reference any relevant bugs.. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 16:13:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 15:13:02 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_808476833 > +[ > + { > + "meta": { > + "desc": "", > + "prog-name": "certtool", > + "prog-title": "GnuTLS certificate tool", > + "prog-desc": "Manipulate certificates and private keys.", > + "detail": "Tool to parse and generate X.509 certificates, requests and private keys.\nIt can be used interactively or non interactively by\nspecifying the template command line option.\n\nThe tool accepts files or supported URIs via the --infile option. In case PIN\nis required for URI access you can provide it using the environment variables GNUTLS_PIN \nand GNUTLS_SO_PIN.\n", > + "short-usage": "certtool [options]\ncerttool --help for usage instructions.\n", > + "explain": "" > + }, > + "options": [ > + { > + "long-option": "debug", > + "short-option": "d", > + "arg-min": "0 ", I thought I had fixed it, but actually [didn't](https://gitlab.com/dueno/parse-autogen/-/commit/f4a481733bb3b29d712ac626bbd816ecba55cbd4); stupid me ;-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_808476833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 17:32:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 16:32:59 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_808588733 > +[ > + { > + "meta": { > + "desc": "", > + "prog-name": "certtool", > + "prog-title": "GnuTLS certificate tool", > + "prog-desc": "Manipulate certificates and private keys.", > + "detail": "Tool to parse and generate X.509 certificates, requests and private keys.\nIt can be used interactively or non interactively by\nspecifying the template command line option.\n\nThe tool accepts files or supported URIs via the --infile option. In case PIN\nis required for URI access you can provide it using the environment variables GNUTLS_PIN \nand GNUTLS_SO_PIN.\n", > + "short-usage": "certtool [options]\ncerttool --help for usage instructions.\n", > + "explain": "" > + }, > + "options": [ > + { > + "long-option": "debug", > + "short-option": "d", > + "arg-min": "0 ", that'd be `"0 "` -> `"0"`, but not `0`? `0` and no casting to string and back to int feels slightly cleaner, but not sure if worth the effort -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_808588733 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 17:41:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 16:41:21 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_808599409 On a scale from slightly to very, how deterred should we be? =) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_808599409 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 17:52:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 16:52:23 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Florian Weimer commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_808613262 On the extreme side, @codonell-rh wants to remove the `PT_INTERP` hack from `libc.so.6` because it has proven unreliable. Some of it is due to `libc.so.6` peculiarities. One thing that can break is a preloaded object (via `LD_PRELOAD`) that in turn depends on GnuTLS and has ELF constructors that depends on GnuTLS ELF constructors having run. The last part does not actually happen, I think. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_808613262 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 18:06:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 17:06:36 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Can't spot obvious mistakes. I find the idea neat, but Florian's concerns sound heavy =/ Pity, cause version reporting with just the `.so` file would've been a robust measure against unclear certification requirements. I'd like to know more precisely what version reporting requirements are we satisfying. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_808628196 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 12 19:00:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Jan 2022 18:00:46 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Carlos O'Donell (Red Hat) commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_808684805 @fweimer-rh Right, such a scenario is much more common with everything linked to libc.so.6, which is why I want to remove the PT_INTERP hack from libc.so.6, and instead rely on the ld.so options. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_808684805 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 09:03:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 08:03:01 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_cipher_suite_get_name2: new function which works with TLS 1.3 (!1513) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1513 Project:Branches: dueno/gnutls:wip/dueno/iana-cs to gnutls/gnutls:master Author: Daiki Ueno This adds a couple of functions to retrieve ciphersuite names in TLS 1.3. `gnutls_cipher_suite_get_name2` is similar to `gnutls_cipher_suite_get_name` but takes a PRF hash algorithm which can be checked with `gnutls_prf_hash_get`. The returned name is GnuTLS specific: to convert it to IANA registered name, use `gnutls_cipher_suite_name_to_iana`. We can't consolidate those into a single function, as we still support legacy ciphersuites not registered in IANA. Fixes: #1291 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 09:28:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 08:28:40 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_809166329 Indeed, I guess we need input from @smuellerDD. As for the implementation, I can think of a couple of alternatives: - add a new option, say `--fips-info`, to the existing commands (e.g., gnutls-cli) - add a new command, installed in a less prominent directory (pkglibexec?) - include the information in the debug log The last one seems to be less intrusive among others. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_809166329 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 09:47:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 08:47:56 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: use the correct MAC algorithm for GOST key generation (!1514) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1514 Project:Branches: dueno/gnutls:wip/dueno/gost-pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1225 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1514 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 11:13:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 10:13:30 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Florian Weimer commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_809313886 If you have a compelling use case, the `PT_INTERP` hack could still be the way to go. I see you use an ELF constructor. I haven't checked how essential it is for the library operation (and that of its reverse dependencies). I recall that explicit initialization was once needed to get the base64 converts to work ? With the `write` change, the glibc side should be *fairly* solid, the only remaining issue is the lack of ELF constructor execution. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_809313886 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 14:33:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 13:33:50 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on python/jsonopts.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809584211 > + out.write('\t\t\t\t- enabled by default\n') > + max_count = option.get('max') > + if max_count and (max_count == 'NOLIMIT' or int(max_count) > 1): Maybe allow only 'NOLIMIT' until it's actually enforced. -- Alexander Sosedkin started a new discussion on src/gen-getopt.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809584216 > + if arg_type == 'number': > + switch_cases.write( > + f'{INDENT*4}opts->value.{lower_opt} = atoi(optarg);\n' `atoi` is really lax and barebones, may I suggest `strtoi`? -- Alexander Sosedkin started a new discussion on src/gen-getopt.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809584222 > + f'taken by {short_opts[short_opt]}'), > + file=sys.stderr) > + short_opt = None Abort harder, maybe, so that we don't miss these cases? -- Alexander Sosedkin started a new discussion on python/jsonopts.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809584232 > + }, { > + 'long-option': 'more-help', > + 'short-option': '!', `-!` doesn't seem to work in my testing -- Alexander Sosedkin started a new discussion on src/cfg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809584236 > + } > + > + return buffer.length == 0 ? strdup("") : buffer.data; Why? -- Alexander Sosedkin started a new discussion on README.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809584237 > * [Autoconf](https://www.gnu.org/software/autoconf/) > -* [Autogen](https://www.gnu.org/software/autogen/) (use 5.16 or later) > +* [Python](https://www.python.org/) (use 3.7 or later) Why 3.7 and not 3.6? -- Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809584238 > - cache/cppcheck > script: > + - MYPYPATH=$PWD/python mypy python/*.py doc/scripts/*.py src/*.py what installs mypy? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 14:40:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 13:40:53 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Great work, hope you've enjoyed doing it. Can't say my review was very thorough, but I did what I could within the time I had at hand. In addition to the comments above, here are two commits I've jotted down while reviewing, feel free to incorporate or ignore them in full or in part, no attribution needed: https://gitlab.com/asosedkin/gnutls/-/commit/d3e6f0f3d763acf439ffc4a983b33d41a662c993 https://gitlab.com/asosedkin/gnutls/-/commit/99afb2284f9fd8e37b3aa746a4e3e2544d336e20 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809593403 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 15:38:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 14:38:23 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809688802 > +[ > + { > + "meta": { > + "desc": "", > + "prog-name": "certtool", > + "prog-title": "GnuTLS certificate tool", > + "prog-desc": "Manipulate certificates and private keys.", > + "detail": "Tool to parse and generate X.509 certificates, requests and private keys.\nIt can be used interactively or non interactively by\nspecifying the template command line option.\n\nThe tool accepts files or supported URIs via the --infile option. In case PIN\nis required for URI access you can provide it using the environment variables GNUTLS_PIN \nand GNUTLS_SO_PIN.\n", > + "short-usage": "certtool [options]\ncerttool --help for usage instructions.\n", > + "explain": "" > + }, > + "options": [ > + { > + "long-option": "debug", > + "short-option": "d", > + "arg-min": "0 ", That would require rewriting parse-autogen to generate JSON for options in a type-safe manner; currently it's simply a string-to-string dictionary, but options could be a struct with stricter schema. That is something I would like to do in the future. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809688802 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 18:37:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 17:37:16 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on src/gen-getopt.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809935719 > + f'taken by {short_opts[short_opt]}'), > + file=sys.stderr) > + short_opt = None We can't simply abort as srptool has this conflict already (`-v` is used as a short option of `--passwd-conf`. -- Daiki Ueno commented on a discussion on python/jsonopts.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809935734 > + }, { > + 'long-option': 'more-help', > + 'short-option': '!', Maybe it needs to be escaped like `-\!'? It works on my environment. -- Daiki Ueno commented on a discussion on src/cfg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809935741 > + } > + > + return buffer.length == 0 ? strdup("") : buffer.data; We use NULL as the indication of error in those functions; so need a way to represent an empty value. I've added comments to the functions. -- Daiki Ueno commented on a discussion on README.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809935751 > * [Autoconf](https://www.gnu.org/software/autoconf/) > -* [Autogen](https://www.gnu.org/software/autogen/) (use 5.16 or later) > +* [Python](https://www.python.org/) (use 3.7 or later) Fixed. -- Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809935762 > - cache/cppcheck > script: > + - MYPYPATH=$PWD/python mypy python/*.py doc/scripts/*.py src/*.py It is manually pulled in while building the docker image: https://gitlab.com/gnutls/build-images/-/blob/master/docker-fedora34/Dockerfile#L13 -- Daiki Ueno commented on a discussion on src/gen-getopt.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809935775 > + if arg_type == 'number': > + switch_cases.write( > + f'{INDENT*4}opts->value.{lower_opt} = atoi(optarg);\n' Yeah, switched to using `strtol`, and also added support for octal and hexadecimal values as in AutoGen. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 18:39:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 17:39:09 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809939058 Thanks; incorporated both changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809939058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 19:05:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 18:05:43 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on python/jsonopts.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809993346 > + 'arg-type': 'keyword', > + 'arg-optional': '', > + 'desc': 'output version information and exit', > + 'detail': """\ > +Output version of program and exit. The default mode is `v', a simple > +version. The `c' mode will print copyright information and `n' will > +print the full copyright notice.\ > +""" > + }, { > + 'long-option': 'help', > + 'short-option': 'h', > + 'desc': 'display extended usage information and exit', > + 'detail': 'Display usage information and exit.' > + }, { > + 'long-option': 'more-help', > + 'short-option': '!', oh, right, that's one of the times running an exotic shell bites me =/. sorry for the noise. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809993346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 19:09:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 18:09:03 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809997835 > +[ > + { > + "meta": { > + "desc": "", > + "prog-name": "certtool", > + "prog-title": "GnuTLS certificate tool", > + "prog-desc": "Manipulate certificates and private keys.", > + "detail": "Tool to parse and generate X.509 certificates, requests and private keys.\nIt can be used interactively or non interactively by\nspecifying the template command line option.\n\nThe tool accepts files or supported URIs via the --infile option. In case PIN\nis required for URI access you can provide it using the environment variables GNUTLS_PIN \nand GNUTLS_SO_PIN.\n", > + "short-usage": "certtool [options]\ncerttool --help for usage instructions.\n", > + "explain": "" > + }, > + "options": [ > + { > + "long-option": "debug", > + "short-option": "d", > + "arg-min": "0 ", Ack, sure it's an improvement that can be done later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_809997835 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 19:13:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 18:13:33 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on python/jsonopts.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810004201 > + out.write(f'''\ > +\t\t\t\t- requires these options: > +{require_opts_concatenated} > +''') > + file_exists = option.get('file-exists', 'no') > + if file_exists == 'yes': > + out.write('\t\t\t\t- file must pre-exist\n') > + disable_prefix = option.get('disable-prefix') > + if disable_prefix: > + out.write( > + f"\t\t\t\t- disabled as '--{disable_prefix}{long_opt}'\n" > + ) > + if 'enabled' in option: > + out.write('\t\t\t\t- enabled by default\n') > + max_count = option.get('max') > + if max_count and (max_count == 'NOLIMIT' or int(max_count) > 1): Sorry, the place where I've put this comment was rather arbitrary - the one where it came to my mind while reading. I meant that I could find neither an option that uses a number instead of "NOLIMIT" nor the code to handle a numerical value, thus I have a slight preference towards not supporting that yet and just aborting hard on a encountering a number. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810004201 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 19:37:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 18:37:20 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on src/gen-getopt.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810032768 > +{INDENT*6}{{ > +{INDENT*7}error (EXIT_FAILURE, 0, "unable to allocate memory for %s", > +{INDENT*7} "{long_opt}"); > +{INDENT*6}}} > +{INDENT*5}opts->list.{lower_opt}.args = tmp; > +{INDENT*5}opts->list.{lower_opt}.args[opts->list.{lower_opt}.count] = optarg; > +{INDENT*5}opts->list.{lower_opt}.count = new_count; > +{INDENT*4}}} > +''') > + else: > + switch_cases.write( > + f'{INDENT*4}opts->arg.{lower_opt} = optarg;\n' > + ) > + if arg_type == 'number': > + switch_cases.write( > + f'{INDENT*4}opts->value.{lower_opt} = atoi(optarg);\n' Not that I think somebody would've missed octals, but thumbs up for `strtol` and not falling back to zero at the first chance. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810032768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 13 20:45:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Jan 2022 19:45:49 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on src/cfg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810133183 > + if (c == EOF) { > + break; > + } > + if (c == '\n') { > + buffer_append(&buffer, ' '); > + } else if (c == quote_char) { > + buffer_append(&buffer, c); > + } > + } else if (c == quote_char) { > + break; > + } else { > + buffer_append(&buffer, c); > + } > + } > + > + return buffer.length == 0 ? strdup("") : buffer.data; OK. I don't see a problem with that, though I have a feeling that initializing with a `""` and not NULL could've been easier to follow. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810133183 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 14 08:16:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Jan 2022 07:16:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_cipher_suite_get_name2: new function which works with TLS 1.3 (!1513) In-Reply-To: References: Message-ID: Daiki Ueno commented: @TheRealMichaelCatanzaro could you check if this is sufficient? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1513#note_810469371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 14 08:52:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Jan 2022 07:52:55 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on python/jsonopts.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810491472 > + out.write(f'''\ > +\t\t\t\t- requires these options: > +{require_opts_concatenated} > +''') > + file_exists = option.get('file-exists', 'no') > + if file_exists == 'yes': > + out.write('\t\t\t\t- file must pre-exist\n') > + disable_prefix = option.get('disable-prefix') > + if disable_prefix: > + out.write( > + f"\t\t\t\t- disabled as '--{disable_prefix}{long_opt}'\n" > + ) > + if 'enabled' in option: > + out.write('\t\t\t\t- enabled by default\n') > + max_count = option.get('max') > + if max_count and (max_count == 'NOLIMIT' or int(max_count) > 1): OK, I've added an assert. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810491472 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 14 08:54:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Jan 2022 07:54:34 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/cfg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810492620 > + if (c == EOF) { > + break; > + } > + if (c == '\n') { > + buffer_append(&buffer, ' '); > + } else if (c == quote_char) { > + buffer_append(&buffer, c); > + } > + } else if (c == quote_char) { > + break; > + } else { > + buffer_append(&buffer, c); > + } > + } > + > + return buffer.length == 0 ? strdup("") : buffer.data; Yeah, I understand; looking at the code, implicit NUL termination in the callee seems to be complicating the things - I've moved the NUL termination to the caller, and also added tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_810492620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 14 11:08:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Jan 2022 10:08:46 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: use the correct MAC algorithm for GOST key generation (!1514) In-Reply-To: References: Message-ID: Daiki Ueno commented: The change is tiny; I'm merging this without formal approval. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1514#note_810645550 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 14 11:08:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Jan 2022 10:08:49 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: use the correct MAC algorithm for GOST key generation (!1514) In-Reply-To: References: Message-ID: Merge request !1514 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1514 Project:Branches: dueno/gnutls:wip/dueno/gost-pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1514 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 14 17:16:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Jan 2022 16:16:20 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Merge request !1506 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 Project:Branches: dueno/gnutls:wip/dueno/remove-autogen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 05:03:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 04:03:08 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: replace valgrind checks with ASan (!1467) In-Reply-To: References: Message-ID: GnuTLS bot commented: @dueno This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467#note_811531183 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 05:03:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 04:03:10 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: replace valgrind checks with ASan (!1467) In-Reply-To: References: Message-ID: Merge request !1467 was closed by GnuTLS bot Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467 Project:Branches: dueno/gnutls:wip/dueno/ci-remove-valgrind to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 08:03:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 07:03:19 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_811550747 One thing found during our smoke testing is that libopts accepts long options in a case insensitive manner: `--rsa`, `--RSA`, and `--RsA` are all valid option for certtool. It cannot be properly implemented with getopt_long and I worry that it may stop some existing scripts working, though it's not a documented feature. What do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_811550747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 08:41:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 07:41:29 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_811555596 I think breaking this undocumented feature would be fine. Regarding the original question ("safe to include in the next release 3.7.3"): I would say it depends on the confidence in the quality of the new code. I would appreciate it if you were setup to do quick a 3.7.3.1 or 3.7.3.2 folowup release to fix any issues and perhaps advertise 3.7.3 with "might break scripts, although we tried to avoid it." OTOH I do not think this should linger in GIT for longer than absolutely necessary, especially since the commandline tools are used extensively in the testsuite. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_811555596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 10:58:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 09:58:59 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: All discussions on merge request !1506 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 10:59:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 09:59:05 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Merge request !1506 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 Project:Branches: dueno/gnutls:wip/dueno/remove-autogen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 10:58:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 09:58:58 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_811574734 OK, let's get it merged then; thanks for the suggestions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506#note_811574734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 15:33:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 14:33:54 +0000 Subject: [gnutls-devel] GnuTLS | certtool should not use libopts to parse template files (#774) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit 6000b2d93b6cb9acd45adc9b4d8f7bf2f1cb49b2 Issue #774: https://gitlab.com/gnutls/gnutls/-/issues/774 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/774 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 15:33:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 14:33:56 +0000 Subject: [gnutls-devel] GnuTLS | remove autogen dependency (!1506) In-Reply-To: References: Message-ID: Merge request !1506 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 Project:Branches: dueno/gnutls:wip/dueno/remove-autogen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 15:33:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 14:33:54 +0000 Subject: [gnutls-devel] GnuTLS | tools in src/ should not use libopts for parsing cmd line options (#775) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit 6000b2d93b6cb9acd45adc9b4d8f7bf2f1cb49b2 Issue #775: https://gitlab.com/gnutls/gnutls/-/issues/775 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/775 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 15:33:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 14:33:55 +0000 Subject: [gnutls-devel] GnuTLS | gnutls does not depend on autogen for the generation of manpages/texinfo documentation (#773) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit 6000b2d93b6cb9acd45adc9b4d8f7bf2f1cb49b2 Issue #773: https://gitlab.com/gnutls/gnutls/-/issues/773 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/773 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 20:35:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 19:35:50 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_cipher_suite_get_name2: new function which works with TLS 1.3 (!1513) In-Reply-To: References: Message-ID: Michael Catanzaro commented: > could you check if this is sufficient? Yes, it seems to work fine. Proposed https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/202 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1513#note_811728317 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 15 20:38:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Jan 2022 19:38:16 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_cipher_suite_get_name2: new function which works with TLS 1.3 (!1513) In-Reply-To: References: Message-ID: Michael Catanzaro started a new discussion on lib/algorithms/ciphersuites.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1513#note_811728512 > +/** > + * gnutls_cipher_suite_get_name2: > + * @kx_algorithm: is a Key exchange algorithm > + * @cipher_algorithm: is a cipher algorithm > + * @mac_algorithm: is a MAC algorithm > + * @prf_hash_algorithm: is a hash algorithm used in PRF > + * > + * This function returns the ciphersuite name when provided with individual > + * algorithms. The full cipher suite name must be prepended by TLS or SSL > + * depending of the protocol in use. > + * > + * To get a description of the current ciphersuite across versions, it > + * is recommended to use gnutls_session_get_desc(). > + * > + * In TLS 1.3, key exchange algorithm is not part of ciphersuite and thus > + * @kx_algorithm should always be %GNUTLS_KX_UNKNOWN. Isn't this also true of the MAC algorithm as well? I thought ciphersuite name was just cipher name plus PRF name? Is that wrong? ?? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1513#note_811728512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 16 12:36:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 16 Jan 2022 11:36:36 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls_aead_cipher_encryptv2 work with SIV ciphers (#1312) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1312 For some reason those SIV ciphers are implemented to prepend (not append) the tag value to the ciphertext, which the scatter-gather based functions are currently not able to cope with. We probably should add a flag in the cipher definition (say `.tag_prepended`). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1312 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 16 17:43:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 16 Jan 2022 16:43:35 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: support SIV ciphers with encryptv2 functions (!1515) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1515 Project:Branches: dueno/gnutls:wip/dueno/siv-iov to gnutls/gnutls:master Author: Daiki Ueno The AES-SIV ciphers have a peculiarity that it prepends authentication tag to the generated ciphertext rather than appending. The gnutls_aead_cipher_encryptv2 previously was not able to cope with that and returned wrong authentication tag. This patch adds a new cipher flag GNUTLS_CIPHER_FLAG_TAG_PREFIXED to indicate it. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 16 17:45:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 16 Jan 2022 16:45:25 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes for 3.7.3 release (part 2) (!1516) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1516 Project:Branches: dueno/gnutls:wip/dueno/build-fixes3 to gnutls/gnutls:master Author: Daiki Ueno .. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1516 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 16 17:48:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 16 Jan 2022 16:48:15 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes for 3.7.3 release (part 2) (!1516) In-Reply-To: References: Message-ID: Merge request !1516 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1516 Project:Branches: dueno/gnutls:wip/dueno/build-fixes3 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1516 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 08:08:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 07:08:45 +0000 Subject: [gnutls-devel] GnuTLS | psk_ke_modes_recv_params() wrongly sets HSK_PSK_KE_MODE_INVALID (#1303) In-Reply-To: References: Message-ID: Daiki Ueno commented: Hello Tim, thank you for the analysis and patch; the logic seems to be correct, though I wonder if it could be simpler if we use `-1` as the indication of "unset", instead of `MAX_POS`, as in ext/supported_groups.c. Anyway would it be possible to file an MR or send me a patch with `git format-patch` and proper `Signed-off-by:` line? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1303#note_812151980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 14:14:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 13:14:52 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Daiki Ueno commented: I've added `--list-config` option to gnutls-cli and moved the PT_INTERP hack to a separate branch `wip/dueno/fips-module-version-pt-interp`, so we can consider later after the release. Thanks for the feedback everyone. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_812575439 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 14:15:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 13:15:34 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: All discussions on merge request !1508 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 14:15:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 13:15:37 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Merge request !1508 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 Project:Branches: dueno/gnutls:wip/dueno/fips-module-version to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 16:53:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 15:53:33 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Pedro Monreal started a new discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_812787124 > } > > static const struct gnutls_library_config_st _gnutls_library_config[] = { > +#ifdef FIPS_MODULE_NAME > + { "fips-module-name", FIPS_MODULE_NAME }, > +#endif > +#ifdef FIPS_MODULE_VERSION > + { "fips-module-version", FIPS_MODULE_NAME }, Hi, Daiki. Maybe FIPS_MODULE_VERSION here instead of FIPS_MODULE_NAME? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_812787124 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 16:57:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 15:57:49 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_812792095 > } > > static const struct gnutls_library_config_st _gnutls_library_config[] = { > +#ifdef FIPS_MODULE_NAME > + { "fips-module-name", FIPS_MODULE_NAME }, > +#endif > +#ifdef FIPS_MODULE_VERSION > + { "fips-module-version", FIPS_MODULE_NAME }, Really a good catch :-) Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508#note_812792095 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 16:59:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 15:59:03 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: All discussions on merge request !1508 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 16:59:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 15:59:08 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Merge request !1508 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 Project:Branches: dueno/gnutls:wip/dueno/fips-module-version to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 18:53:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 17:53:34 +0000 Subject: [gnutls-devel] GnuTLS | fips: add mechanism to embed FIPS module name in the library (!1508) In-Reply-To: References: Message-ID: Merge request !1508 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 Project:Branches: dueno/gnutls:wip/dueno/fips-module-version to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 17 19:13:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Jan 2022 18:13:33 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.3 (!1517) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1517 Project:Branches: dueno/gnutls:wip/dueno/release-3.7.3 to gnutls/gnutls:master Author: Daiki Ueno .. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1517 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 18 09:14:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Jan 2022 08:14:12 +0000 Subject: [gnutls-devel] GnuTLS | API function to get ciphersuite name (#1291) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 18 09:14:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Jan 2022 08:14:57 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to globally enable/disable KTLS (#1298) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1298 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 18 09:15:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Jan 2022 08:15:10 +0000 Subject: [gnutls-devel] GnuTLS | Git access issues due to long CA bundle filename (#1280) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1280 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 20 11:49:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Jan 2022 10:49:41 +0000 Subject: [gnutls-devel] GnuTLS | TPM support not enabled unless --without-tpm2 is given (#1313) References: Message-ID: Jan Palus created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1313 ## Description of problem: After adding TPM2 support, TPM support is not enabled unless `--without-tpm2` is passed explicitly. That's because TPM requires `with_tpm2` to be `no`, but nothing sets `with_tpm2` from `auto` to `no` if TPM2 is not available. ## Version of gnutls used: 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) PLD And just to confirm -- the intention here is that TPM and TPM2 are mutually exclusive and cannot be enabled at the same time, correct? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 20 12:46:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Jan 2022 11:46:02 +0000 Subject: [gnutls-devel] GnuTLS | Malformed message in taskwarrior with gnutls 3.7.3 and KTLS (#1314) References: Message-ID: Jan Palus created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1314 ## Description of problem: `task sync` reports `Malformed message` after upgrade of gnutls with `ktls` support. Works fine after unloading `tls` module. The other side is `taskd` with gnutls 3.7.2. Debug output suggests EAGAIN might not be handled somewhere? ``` $ task sync gnutls[2]: Enabled GnuTLS 3.7.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Aarch64 SHA1 was detected gnutls[2]: Aarch64 SHA2 was detected gnutls[2]: Aarch64 AES was detected gnutls[2]: Aarch64 PMULL was detected gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2 c: INFO Server certificate will be verified. c: 2 added 6 protocols, 29 ciphersuites, 19 sig algos and 10 groups into priority list c: 2 Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384) c: 2 Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256) c: 2 Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256) c: 2 Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256) c: 2 Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) c: 2 Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) c: 2 Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) c: 2 Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) c: 2 Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) c: 2 Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) c: 2 Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) c: 2 Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) c: 2 Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) c: 2 Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) c: 2 Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) c: 2 Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) c: 2 Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) c: 2 Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) c: 2 Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) c: 2 Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) c: 2 Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) c: 2 Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) c: 2 Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) c: 2 Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) c: 2 Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) c: 2 Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) c: 2 Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) c: 2 Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) c: 2 Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) c: 2 Advertizing version 3.4 c: 2 Advertizing version 3.3 c: 2 Advertizing version 3.2 c: 2 Advertizing version 3.1 c: 2 HSK[0x10463750]: sent server name: 'xxxxxxxxxxxx' c: 2 EXT[0x10463750]: client generated SECP256R1 shared key c: INFO Handshake was completed: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) c: INFO Sending 'XXXXclient: task 2.6.1 key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx org: xxx protocol: v1 type: sync user: xxxxxxxxx xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ' (4294967268 bytes) c: INFO expecting 0 bytes. c: WARNING Resource temporarily unavailable, try again. c: INFO Receiving 'XXXX' (-56 bytes) Syncing with xxxxxxxxxxxx:xxxxx Malformed message Sync failed. Could not connect to the Taskserver. ``` ## Version of gnutls used: 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) PLD -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1314 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 20 14:33:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Jan 2022 13:33:13 +0000 Subject: [gnutls-devel] GnuTLS | TPM support not enabled unless --without-tpm2 is given (#1313) In-Reply-To: References: Message-ID: Daiki Ueno commented: Yeah, I agree that `with_tpm2 = no` check in the TPM case should be removed, as they are orthogonal. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1313#note_816579058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 20 14:53:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Jan 2022 13:53:59 +0000 Subject: [gnutls-devel] GnuTLS | Malformed message in taskwarrior with gnutls 3.7.3 and KTLS (#1314) In-Reply-To: References: Message-ID: Daiki Ueno commented: I suspect the transport functions are returning EAGAIN for post-handshake messages in TLS 1.3; does it work if you restrict the protocol to TLS 1.2? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1314#note_816609319 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 20 18:26:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Jan 2022 17:26:15 +0000 Subject: [gnutls-devel] GnuTLS | Malformed message in taskwarrior with gnutls 3.7.3 and KTLS (#1314) In-Reply-To: References: Message-ID: Jan Palus commented: @dueno still same issue (also fixed by unloading `tls` module): ``` c: INFO Handshake was completed: (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) ... c: INFO expecting 0 bytes. c: WARNING Resource temporarily unavailable, try again. c: INFO Receiving 'XXXX' (-56 bytes) ... Malformed message ``` `bytes` count seems very much different between ktls and non-ktls: | direction | ktls | no ktls | | --- | --- | --- | | sending | 4294967268 | 154 | | receiving| -56 | 91 | Not sure if it's of any significance though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1314#note_816946592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 22 07:15:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 22 Jan 2022 06:15:25 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1518) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1518 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-bashism to gnutls/gnutls:master Author: Andreas Metzler Two new tests in 3.7.3 use &> redirection which only works with bash. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1518 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 22 10:09:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 22 Jan 2022 09:09:46 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1518) In-Reply-To: References: Message-ID: Merge request !1518 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1518 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-bashism to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1518 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 22 13:40:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 22 Jan 2022 12:40:05 +0000 Subject: [gnutls-devel] GnuTLS | Avoid &> redirection bashism in testsuite (!1518) In-Reply-To: References: Message-ID: Merge request !1518 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1518 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-bashism to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1518 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 23 08:49:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 23 Jan 2022 07:49:00 +0000 Subject: [gnutls-devel] GnuTLS | tests suite portfinding endless loop (#1315) References: Message-ID: Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1315 Hello, I have just managed to trigger an endless loop in the testsuite: ~~~ Checking with non-approved DH params: rfc5054-3072 unreserved port 50626 unreserved port 50626 unreserved port 50626 [...] ~~~ Looking at (tests/scripts/common.sh#L87) there seems to be a logic error: ~~~sh GETPORT=' rc=0 unset myrandom while test $rc = 0; do if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi if test -z "$myrandom"; then myrandom=0; fi PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" check_if_port_in_use $PORT;rc=$? done ' ~~~ IF $RANDOM is not available myrandom never changes in the loop. Moving ```unset myrandom``` inside the loop should work. - Will post a merge request later. cu Andreas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1315 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 23 13:39:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 23 Jan 2022 12:39:04 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix missed instances of &> redirection (!1519) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-more-bashism to gnutls/gnutls:master Author: Andreas Metzler I had missed two instances of &> ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 23 13:54:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 23 Jan 2022 12:54:01 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix endless loop on /bin/sh without $RANDOM (!1520) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1520 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-infinite-loop to gnutls/gnutls:master Author: Andreas Metzler Fix endleess testsuite loop with shell<>bash - see gnutls#1315 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1520 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 07:22:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 06:22:47 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix missed instances of &> redirection (!1519) In-Reply-To: References: Message-ID: Merge request !1519 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-more-bashism to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 07:25:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 06:25:58 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix missed instances of &> redirection (!1519) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you. I suppose that these issues are revealed as we added `SH_LOG_COMPILER = $(SHELL)` in the latest release, so forcibly setting the variable to bash might also be an option. On the other hand I *think* tests written in shell script shouldn't be so complex to require bash features; so if it's not too much burden to fix all bashism, let's go that way :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519#note_819032382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 07:30:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 06:30:38 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix endless loop on /bin/sh without $RANDOM (!1520) In-Reply-To: References: Message-ID: Merge request !1520 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1520 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-infinite-loop to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1520 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 17:48:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 16:48:11 +0000 Subject: [gnutls-devel] GnuTLS | Draft: AES-GCM buffer size checks, accelerated implementations and ASAN (!1521) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 Project:Branches: asosedkin/gnutls:aes-gcm-sizes to gnutls/gnutls:master Author: Alexander Sosedkin A run with ASAN on and hardware acceleration off has caught a write past the buffer boundary in `test-ciphers-api`. The issue was twofold: 1. The accelerated implementations in `lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c` have ignored the destination plaintext buffer lengths. 2. The test that intended to trigger an error by passing a zero-length plaintext buffer was also passing the wrong ciphertext length, caught a different kind of error in return, but didn't check the exact error value. This MR intends to: 1. Add missing output buffer length checks. 2. Fix the test to trigger and check for the error it was intended to catch. 3. Ideally enable hardware acceleration in CI ASAN jobs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 18:11:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 17:11:40 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix missed instances of &> redirection (!1519) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519#note_819879908 I found these because we are using the shell script parts of the gnutls testsuite for Debian CI, running them against /usr/bin/gnutls-cli et al. as shipped in the Debian gnutls-bin package. I agree that bash scripts have their place but if bashisms are not necessary it is good idea to avoid them, dash startup is still much quicker. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519#note_819879908 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 18:11:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 17:11:50 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix missed instances of &> redirection (!1519) In-Reply-To: References: Message-ID: All discussions on merge request !1519 were resolved by Andreas Metzler https://gitlab.com/gnutls/gnutls/-/merge_requests/1519 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 18:12:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 17:12:51 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix endless loop on /bin/sh without $RANDOM (!1520) In-Reply-To: References: Message-ID: Merge request !1520 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1520 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-infinite-loop to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1520 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 18:12:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 17:12:51 +0000 Subject: [gnutls-devel] GnuTLS | tests suite portfinding endless loop (#1315) In-Reply-To: References: Message-ID: Issue was closed by Andreas Metzler via commit 6dc655e01ac68065ab648817c04cc950bc3f81b1 Issue #1315: https://gitlab.com/gnutls/gnutls/-/issues/1315 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1315 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 24 18:13:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Jan 2022 17:13:42 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: Fix missed instances of &> redirection (!1519) In-Reply-To: References: Message-ID: Merge request !1519 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519 Project:Branches: ametzler/gnutls:tmp-2022-testsuite-more-bashism to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 25 15:29:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Jan 2022 14:29:52 +0000 Subject: [gnutls-devel] GnuTLS | Draft: AES-GCM buffer size checks, accelerated implementations and ASAN (!1521) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/accelerated/afalg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_821053031 > return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED); > } > > + if (unlikely(dst_size < src_size)) > + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); > + > iov.iov_base = (void *)dst; > - iov.iov_len = (src_size > dst_size) ? dst_size : src_size; > + iov.iov_len = src_size; Here's a place (+ analogous one in ` decrypt`) that I really don't understand, so I'd like to flag it for reviewer's attention with this comment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_821053031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 25 17:03:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Jan 2022 16:03:08 +0000 Subject: [gnutls-devel] GnuTLS | Draft: AES-GCM buffer size checks, accelerated implementations and ASAN (!1521) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: I don't like how the tests have passed even though I had a mismatched `}` in one of the files: https://gitlab.com/asosedkin/gnutls/-/pipelines/455906080 Guess there should be some extra testing activities for this one. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_821217252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 25 18:10:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Jan 2022 17:10:32 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Alexander Sosedkin changed the draft status of merge request !1521 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 25 19:33:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Jan 2022 18:33:47 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request [3.6.x] (!1510) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: !1346, not !1053 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1510#note_821395066 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 26 08:03:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Jan 2022 07:03:31 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/accelerated/x86/aes-gcm-aead.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_821771006 > /* proper AEAD cipher */ > - if (encr_size < plain_size + tag_size) > + if (unlikely(encr_size < plain_size + tag_size)) Maybe good to use the same condition used elsewhere (`plain_size < encr_size - tag_size`)? That would avoid integer overflow as [suggested](https://www.enyo.de/fw/notes/style-guide-conditions.html). -- Daiki Ueno commented on a discussion on lib/accelerated/afalg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_821771019 > iov.iov_base = (void *)dst; > - iov.iov_len = (src_size > dst_size) ? dst_size : src_size; > + iov.iov_len = src_size; There was a discussion on this in the original [MR](https://gitlab.com/gnutls/gnutls/-/merge_requests/1404), but I am not really sure. @FrantisekKrenzelok or @smuellerDD might remember the reason. If `gnutls-cli --benchmark-ciphers` works with AF_ALG with this change, I guess that's ok. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 26 08:15:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Jan 2022 07:15:06 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Stephan Mueller commented on a discussion on lib/accelerated/afalg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_821779558 > return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED); > } > > + if (unlikely(dst_size < src_size)) > + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); > + > iov.iov_base = (void *)dst; > - iov.iov_len = (src_size > dst_size) ? dst_size : src_size; > + iov.iov_len = src_size; That check was simply a safety-valve guarding against programming errors. So, the change would be equally fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_821779558 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 26 16:29:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Jan 2022 15:29:02 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/accelerated/x86/aes-gcm-aead.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_822392877 > void *encr, size_t encr_size) > { > /* proper AEAD cipher */ > - if (encr_size < plain_size + tag_size) > + if (unlikely(encr_size < plain_size + tag_size)) Interesting point with the overflow, standardized on `<` and subtraction in 11ef3b9a69. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_822392877 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 26 16:29:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Jan 2022 15:29:39 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/accelerated/afalg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_822393542 > return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED); > } > > + if (unlikely(dst_size < src_size)) > + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); > + > iov.iov_base = (void *)dst; > - iov.iov_len = (src_size > dst_size) ? dst_size : src_size; > + iov.iov_len = src_size; Thanks for taking a look. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_822393542 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 26 16:39:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Jan 2022 15:39:46 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: > If gnutls-cli --benchmark-ciphers works with AF_ALG with this change, I guess that's ok. If you insist on that specific check, I might need more help testing that. Fedora 35, I see aead ciphers in `/proc/crypto`, I have `AF_ALG support: yes`. `gnutls-cli --benchmark-ciphers` execution reaches `afalg_cipher_*crypt`, but not `afalg_aead_*crypt`, so it doesn't exercise the two more interesting checks in there. I'd appreciate a hint on what I'm missing here. `slow/test-ciphers.sh` / `slow/test-ciphers-api.sh` do reach them though and pass. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_822406185 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 07:58:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 06:58:01 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: All discussions on merge request !1521 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 07:58:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 06:58:08 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Merge request !1521 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 Project:Branches: asosedkin/gnutls:aes-gcm-sizes to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 07:58:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 06:58:17 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521#note_822993596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 13:58:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 12:58:39 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 13:58:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 12:58:41 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) References: Message-ID: Franti?ek Kren?elok created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 Project:Branches: FrantisekKrenzelok/gnutls:ktls_fix to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 13:58:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 12:58:39 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Reassigned merge request 1522 https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 Assignee changed to Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 15:41:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 14:41:43 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Merge request !1522 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 Project:Branches: FrantisekKrenzelok/gnutls:ktls_fix to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 15:41:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 14:41:53 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522#note_823643018 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 18:25:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 17:25:46 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-keygen to gnutls/gnutls:master Author: Daiki Ueno While _rsa_generate_fips186_4_keypair was modified to accept modulus sizes other than 2048 and 3076, rsa_generate_fips186_4_keypair, which calls that function, was not updated to accept such modulus sizes. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 27 18:26:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Jan 2022 17:26:34 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm not adding tests, because generating >= 4096-bit RSA keys takes some time... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523#note_823877364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 07:57:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 06:57:30 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Daiki Ueno commented: @FrantisekKrenzelok @jpalus is this supposed to fix #1314? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522#note_824433109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 08:50:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 07:50:36 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes after 3.7.3 (mainly documentation) (!1524) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1524 Project:Branches: dueno/gnutls:wip/dueno/doc-fixes2 to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1313 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1524 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 09:42:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 08:42:39 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Jan Palus commented: @dueno unfortunately not, still same symptoms. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522#note_824549400 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 11:12:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 10:12:24 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) References: Message-ID: Jan Palus created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 Project:Branches: jpalus/gnutls:ktls-record-send-fix to gnutls/gnutls:master Author: Jan Palus always returned 0 on success while contract mandates to return number of bytes sent Fixes #1314 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 11:14:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 10:14:13 +0000 Subject: [gnutls-devel] GnuTLS | Malformed message in taskwarrior with gnutls 3.7.3 and KTLS (#1314) In-Reply-To: References: Message-ID: Jan Palus commented: Created !1525 which fixes the issue on gnutls side. taskwarrior error handling is utterly broken so needs a fix as well. After both fixes everything works as expected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1314#note_824674654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 11:46:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 10:46:55 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522#note_824718027 I was just looking for what my cause the aforementioned issue and found those bugs along the way. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522#note_824718027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 12:05:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 11:05:57 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Jan Palus commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522#note_824741399 @FrantisekKrenzelok !1525 is for the issue I'm experiencing. taskwarrior PR will follow. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522#note_824741399 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 12:41:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 11:41:31 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) In-Reply-To: References: Message-ID: Merge request !1525 was approved by Franti?ek Kren?elok Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 Project:Branches: jpalus/gnutls:ktls-record-send-fix to gnutls/gnutls:master Author: Jan Palus Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 12:42:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 11:42:02 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525#note_824780813 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 12:43:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 11:43:04 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: All discussions on merge request !1522 were resolved by Franti?ek Kren?elok https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 12:49:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 11:49:34 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1522) In-Reply-To: References: Message-ID: Merge request !1522 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 Project:Branches: FrantisekKrenzelok/gnutls:ktls_fix to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 12:57:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 11:57:03 +0000 Subject: [gnutls-devel] GnuTLS | Make --with-tpm2 not conflict with --with-tpm (!1526) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1526 Project:Branches: dueno/gnutls:wip/dueno/tpmtool to gnutls/gnutls:master Author: Daiki Ueno This also revealed that the generated getopt wrapper for tpmtool was using a C keyword `register` as a struct member name, which is now escaped. Fixes: #1313 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1526 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 14:46:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 13:46:11 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) In-Reply-To: References: Message-ID: Daiki Ueno commented: @jpalus could you prolong the CI [timeout](https://docs.gitlab.com/ee/ci/pipelines/settings.html#set-a-limit-for-how-long-jobs-can-run) a bit longer? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525#note_824935136 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 16:17:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 15:17:52 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes after 3.7.3 (mainly documentation) (!1524) In-Reply-To: References: Message-ID: Daiki Ueno commented: Merging without approval, as those changes are trivial. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1524#note_825060468 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 16:17:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 15:17:56 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes after 3.7.3 (mainly documentation) (!1524) In-Reply-To: References: Message-ID: Merge request !1524 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1524 Project:Branches: dueno/gnutls:wip/dueno/doc-fixes2 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1524 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 16:18:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 15:18:17 +0000 Subject: [gnutls-devel] GnuTLS | buffer size checks in accelerated cipher implementations (!1521) In-Reply-To: References: Message-ID: Merge request !1521 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 Project:Branches: asosedkin/gnutls:aes-gcm-sizes to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 17:12:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 16:12:03 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) In-Reply-To: References: Message-ID: Merge request !1525 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 Project:Branches: jpalus/gnutls:ktls-record-send-fix to gnutls/gnutls:master Author: Jan Palus Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 17:24:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 16:24:11 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) In-Reply-To: References: Message-ID: Jan Palus commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525#note_825139015 @dueno timeout increased to 2h but latest pipeline run already has some failed jobs (different than before). Perhaps rerunning pipeline will eventually result in successful run. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525#note_825139015 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 17:37:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 16:37:14 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525#note_825152584 Yeah, I think those are known flakiness; let me retry hard to merge it :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525#note_825152584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 20:21:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 19:21:51 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) In-Reply-To: References: Message-ID: All discussions on merge request !1525 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 20:21:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 19:21:52 +0000 Subject: [gnutls-devel] GnuTLS | Malformed message in taskwarrior with gnutls 3.7.3 and KTLS (#1314) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit 4828e3923486de2725dc73bf6e6a2db57f94945f Issue #1314: https://gitlab.com/gnutls/gnutls/-/issues/1314 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1314 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 28 20:21:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Jan 2022 19:21:53 +0000 Subject: [gnutls-devel] GnuTLS | ktls: fix _gnutls_ktls_send_control_msg return value (!1525) In-Reply-To: References: Message-ID: Merge request !1525 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 Project:Branches: jpalus/gnutls:ktls-record-send-fix to gnutls/gnutls:master Author: Jan Palus Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1525 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 29 13:23:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 29 Jan 2022 12:23:56 +0000 Subject: [gnutls-devel] GnuTLS | Make --with-tpm2 not conflict with --with-tpm (!1526) In-Reply-To: References: Message-ID: Daiki Ueno commented: This is also trivial, so I'm merging without approval. I suspect we would need to make a new bug-fix release, because it is not possible to build the tpmtool executable with 3.7.3. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1526#note_825596799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 29 13:24:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 29 Jan 2022 12:24:03 +0000 Subject: [gnutls-devel] GnuTLS | Make --with-tpm2 not conflict with --with-tpm (!1526) In-Reply-To: References: Message-ID: Merge request !1526 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1526 Project:Branches: dueno/gnutls:wip/dueno/tpmtool to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1526 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 29 13:24:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 29 Jan 2022 12:24:06 +0000 Subject: [gnutls-devel] GnuTLS | TPM support not enabled unless --without-tpm2 is given (#1313) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1526 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1526) Issue #1313: https://gitlab.com/gnutls/gnutls/-/issues/1313 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 29 20:35:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 29 Jan 2022 19:35:55 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: lib/accelerated/aarch64/Makefile has hardcoded flag not supported by Clang (#1317) References: Message-ID: Brad Smith created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1317 ## Description of problem: lib/accelerated/aarch64/Makefile has hardcoded flag not supported by Clang ## Version of gnutls used: 3.7.2 although it has been in the Makefile for many years now ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Not relevant. ## How reproducible: Build with Clang on aarch64. ## Actual results: Build fails due to unsupported flag. error: the clang compiler does not support '-march=all' ## Expected results: The flag is tested for and if not supported not used. The build succeeds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1317 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 30 14:50:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 30 Jan 2022 13:50:39 +0000 Subject: [gnutls-devel] GnuTLS | ABI break due to adding const qualifiers to some libgnutlsxx.so methods (#1318) References: Message-ID: Seppo Yli-Olli created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1318 ## Description of problem: Apparently through https://gitlab.com/gnutls/gnutls/-/commit/67cab96c1d59fec2e2b85ee054ec0015195cc35c methods db_check_entry and set_credentials gained const qualifiers to parameters. While this is safe in C API, it apparently is not in C++ API (there is some notes for this in https://community.kde.org/Policies/Binary_Compatibility_Issues_With_C%2B%2B, C++ ABI compat is a *lot* more complex). However, soname was kept. It looks like soname should probably have been bumped with this const qualifier change since it broke ABI compatibility. ## Version of gnutls used: 3.7.2 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) freedesktop-sdk ## How reproducible: Steps to Reproduce: Run ABI checker on project from 3.6.16 to 3.7.2 ## Actual results: Const parameter changes in C++ ABI ## Expected results: No const parameter changes in C++ ABI -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1318 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 31 09:16:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 31 Jan 2022 08:16:42 +0000 Subject: [gnutls-devel] GnuTLS | ABI break due to adding const qualifiers to some libgnutlsxx.so methods (#1318) In-Reply-To: References: Message-ID: Daiki Ueno commented: Good point; thanks for the report. Would you like to open an MR to bump the [version](https://gitlab.com/gnutls/gnutls/-/blob/master/m4/hooks.m4#L59)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1318#note_826253077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 31 11:38:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 31 Jan 2022 10:38:48 +0000 Subject: [gnutls-devel] GnuTLS | mbuffer_st.type is not preserved when linearized (#1319) References: Message-ID: Tatsuhiro Tsujikawa created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1319 ## Description of problem: When received data is too short to contain a message header, they are temporarily buffered in somewhere and when the next segment is arrived, they are gathered into one buffer (linearized). I'm specifically looking at this code: https://gitlab.com/gnutls/gnutls/-/blob/7f3ea9acc2a2da1d697d423514dfa9c3b56acb15/lib/buffers.c#L1259 The problem is, when the buffers are linearized, mbuffer_st type is cleared. Next time we hit https://gitlab.com/gnutls/gnutls/-/blob/7f3ea9acc2a2da1d697d423514dfa9c3b56acb15/lib/buffers.c#L1217, the check fails, and the endpoint sends fatal alert with unexpected message. ## Version of gnutls used: 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) ## How reproducible: Steps to Reproduce: I think feeding data ends in the middle of a message header to gnutls_session_t via gnutls_handshake_write would trigger this bug. For myself, I discovered it when testing client certificate authentication as QUIC client. ## Actual results: ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1319 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 31 13:15:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 31 Jan 2022 12:15:24 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: update Fedora images to Fedora 35 (!1527) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 Project:Branches: dueno/gnutls:wip/dueno/fedora35 to gnutls/gnutls:master Author: Daiki Ueno .. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 31 17:35:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 31 Jan 2022 16:35:03 +0000 Subject: [gnutls-devel] GnuTLS | Bump libgnutlsxx soname due to ABI break (!1528) References: Message-ID: Seppo Yli-Olli created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 Project:Branches: nanonyme/gnutls:bump-soname to gnutls/gnutls:master Author: Seppo Yli-Olli Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 31 17:35:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 31 Jan 2022 16:35:45 +0000 Subject: [gnutls-devel] GnuTLS | ABI break due to adding const qualifiers to some libgnutlsxx.so methods (#1318) In-Reply-To: References: Message-ID: Seppo Yli-Olli commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1318#note_826905878 Created MR, not sure if I did it right though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1318#note_826905878 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: