From gnutls-devel at lists.gnutls.org Fri Jul 1 16:26:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Jul 2022 14:26:29 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: >From the first reading, I does look like it achieves the goal of hard-blocking encryption of plaintext longer than 2^39-256 bit: 1. if we hard-block, then we need the change documented 2. 5.2.2 says > The values for len(C), len (A), and len(IV) that an implementation supports for the authenticated decryption function shall be the same as the values for len(P), len (A), and len(IV) that the implementation supports for the authenticated encryption function. which I interpret as limit(len(C)) == limit(len(P)) == 2^39-256 bit -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1013465260 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 4 00:56:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 03 Jul 2022 22:56:58 +0000 Subject: [gnutls-devel] GnuTLS | tests/fips-test: minor extension (!1605) In-Reply-To: References: Message-ID: Merge request !1605 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1605 Project:Branches: asosedkin/gnutls:more-rsa-checks to gnutls/gnutls:master Author: Alexander Sosedkin Assignee: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 4 00:57:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 03 Jul 2022 22:57:13 +0000 Subject: [gnutls-devel] GnuTLS | tests/fips-test: minor extension (!1605) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1605#note_1014271343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 5 12:36:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Jul 2022 10:36:01 +0000 Subject: [gnutls-devel] GnuTLS | Add self-test code inside a FIPS context (!1607) In-Reply-To: References: Message-ID: Richard Costa changed the draft status of merge request !1607 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 6 10:29:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Jul 2022 08:29:24 +0000 Subject: [gnutls-devel] GnuTLS | Add self-test code inside a FIPS context (!1607) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607#note_1017257958 > gnutls_fips140_run_self_tests(void) > { > #ifdef ENABLE_FIPS140 > - int ret; > + int ret, fips_ctx_ret = -1; > unsigned prev_lib_state; > + gnutls_fips140_context_t fips_context; > + > + /* Save the FIPS context, because self tests change it */ > + if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED) { > + fips_ctx_ret = gnutls_fips140_context_init(&fips_context); `fips_context` needs to be released with `gnutls_fips140_context_deinit`. Having that in mind, maybe a simpler logic would be: ```c gnutls_fips140_context_t fips_context = NULL; /* Save the FIPS context, because self tests change it */ if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED) { if (gnutls_fips140_context_init(&fips_context) < 0) { /* some error handling */ goto error; } if (gnutls_fips140_push_context(fips_context) < 0) { /* some error handling */ goto error; } } ... if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED) { if (gnutls_fips140_pop_context() < 0) { /* some error handling */ goto error; } } error: gnutls_fips140_context_deinit(fips_context); ``` Or, if we don't want to treat those errors hard: ```c gnutls_fips140_context_t fips_context = NULL; /* Save the FIPS context, because self tests change it */ if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED) { if (gnutls_fips140_context_init(&fips_context) < 0 || gnutls_fips140_push_context(fips_context) < 0) { gnutls_fips140_context_deinit(fips_context); fips_context = NULL; } } ... if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && fips_context) { if (gnutls_fips140_pop_context() < 0) { /* some error handling */ } gnutls_fips140_context_deinit(fips_context); } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607#note_1017257958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 6 11:08:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Jul 2022 09:08:37 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1017321443 For (2), my reading is that the statement merely talks about the property of AES-GCM (if not AEAD in general), where the lengths of those input data would be the same as the ones given to the encryption function, thus we don't need to apply the same requirement to the decryption function. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1017321443 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 7 14:57:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 07 Jul 2022 12:57:34 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/session_pack.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_1019201474 > return GNUTLS_E_INVALID_REQUEST; > > BUFFER_POP_NUM(ps, username_size); > - if (username_size > (sizeof(info->username) - 1)) { > - gnutls_assert(); > - return GNUTLS_E_INTERNAL_ERROR; > - } > + if (username_size > MAX_USERNAME_SIZE) `username_size` does not account for the terminating NULL here and `MAX_USERNAME_SIZE` does not either, therefore `username_size > MAX_USERNAME_SIZE` is correct. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_1019201474 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 7 14:57:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 07 Jul 2022 12:57:53 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: All discussions on merge request !1581 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 8 10:46:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Jul 2022 08:46:02 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Merge request !1581 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 8 10:46:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Jul 2022 08:46:39 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_1020254284 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 8 10:50:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Jul 2022 08:50:25 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Merge request !1581 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 8 11:17:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Jul 2022 09:17:18 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Merge request !1581 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 8 11:17:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Jul 2022 09:17:19 +0000 Subject: [gnutls-devel] GnuTLS | gnutls restricts TLSv1.3 identity to 128 characters (#1323) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1581 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1581) Issue #1323: https://gitlab.com/gnutls/gnutls/-/issues/1323 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1323 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 8 17:41:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Jul 2022 15:41:09 +0000 Subject: [gnutls-devel] GnuTLS | Add self-test code inside a FIPS context (!1607) In-Reply-To: References: Message-ID: All discussions on merge request !1607 were resolved by Richard Costa https://gitlab.com/gnutls/gnutls/-/merge_requests/1607 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 9 02:47:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 09 Jul 2022 00:47:44 +0000 Subject: [gnutls-devel] GnuTLS | Add self-test code inside a FIPS context (!1607) In-Reply-To: References: Message-ID: Merge request !1607 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607 Project:Branches: richard.costa/gnutls:master to gnutls/gnutls:master Author: Richard Costa Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 9 02:48:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 09 Jul 2022 00:48:12 +0000 Subject: [gnutls-devel] GnuTLS | Add self-test code inside a FIPS context (!1607) In-Reply-To: References: Message-ID: Daiki Ueno commented: Good catch, thanks for the patch! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607#note_1021176630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 9 02:50:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 09 Jul 2022 00:50:23 +0000 Subject: [gnutls-devel] GnuTLS | Add self-test code inside a FIPS context (!1607) In-Reply-To: References: Message-ID: Merge request !1607 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607 Project:Branches: richard.costa/gnutls:master to gnutls/gnutls:master Author: Richard Costa -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 10 18:12:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 10 Jul 2022 16:12:09 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) References: Message-ID: civodul created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 Project:Branches: civodul/gnutls:wip-remove-guile-1.8-support to gnutls/gnutls:master Author: civodul Hello! This removes support for Guile 1.8, which has long been deprecated and unmaintained (last release in Dec. 2010). This change doesn't necessarily have to go in 3.7.7; it could wait until 3.8 in case someone somewhere relies on Guile 1.8 support in 3.7. Thoughts? Ludo'. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [X] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 10 18:59:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 10 Jul 2022 16:59:52 +0000 Subject: [gnutls-devel] GnuTLS | guile: Session record port treats premature termination as EOF. (!1609) References: Message-ID: civodul created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1609 Project:Branches: civodul/gnutls:wip-guile-premature-termination to gnutls/gnutls:master Author: civodul It used to be that, while reading from a Guile "session record port" ("ports" are Guile's I/O abstraction, similar to `FILE` in C), an exception corresponding to `GNUTLS_E_PREMATURE_TERMINATION` could be thrown. This was inconvenient as users of the port may not be prepared to deal with a GnuTLS exception. This change fixes that. I think it could go in the next 3.7 release. Thoughts? Ludo'. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [X] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [X] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 04:52:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 02:52:12 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: Merge request !1608 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 Project:Branches: civodul/gnutls:wip-remove-guile-1.8-support to gnutls/gnutls:master Author: civodul Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 04:52:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 02:52:36 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks, that sounds good to me! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608#note_1021636084 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 04:54:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 02:54:48 +0000 Subject: [gnutls-devel] GnuTLS | guile: Session record port treats premature termination as EOF. (!1609) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1609#note_1021636718 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 12:26:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 10:26:17 +0000 Subject: [gnutls-devel] GnuTLS | guile: Allow session record ports to have a 'close' procedure (!1610) References: Message-ID: civodul created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610 Project:Branches: civodul/gnutls:wip-session-record-port-close to gnutls/gnutls:master Author: civodul Hello, (This patch depends on !1608.) This patch lets users assign a `close` procedure to a session record port, either via `set-session-record-port-close!` or as a second argument to `session-record-port`. That procedure is called when the port is closed, which typically lets users reclaim resources such as closing the file descriptor or port that backs a session. For the record, until now, this cleanup had to be handled by wrapping the session record port in a "custom" port with its own `close` procedure, as in [this `tls-wrap` procedure](https://git.savannah.gnu.org/cgit/guile.git/tree/module/web/client.scm?id=7e048c6c516fa477366c6b4b09914dcff44b2f5e#n245). This was not only wasteful, it also prevented use of session record ports in a non-blocking context. Tested with Guile 2.0.14, 2.2.7, and 3.0.7. Thoughts? Ludo'. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [X] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [X] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 12:27:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 10:27:13 +0000 Subject: [gnutls-devel] GnuTLS | guile: Session record port treats premature termination as EOF. (!1609) In-Reply-To: References: Message-ID: Merge request !1609 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1609 Project:Branches: civodul/gnutls:wip-guile-premature-termination to gnutls/gnutls:master Author: civodul Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 12:27:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 10:27:28 +0000 Subject: [gnutls-devel] GnuTLS | guile: Session record port treats premature termination as EOF. (!1609) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 12:27:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 10:27:56 +0000 Subject: [gnutls-devel] GnuTLS | guile: Session record port treats premature termination as EOF. (!1609) In-Reply-To: References: Message-ID: Merge request !1609 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1609 Project:Branches: civodul/gnutls:wip-guile-premature-termination to gnutls/gnutls:master Author: civodul -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 12:28:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 10:28:41 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 12:29:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 10:29:19 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 12:30:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 10:30:57 +0000 Subject: [gnutls-devel] GnuTLS | Suppress compile time warnings on Fedora 36 (!1606) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 14:39:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 12:39:07 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: Daiki Ueno commented: > This change doesn't necessarily have to go in 3.7.7; it could wait until 3.8 in case someone somewhere relies on Guile 1.8 support in 3.7. Is Guile 1.8 still supported in any form, e.g., what if an issue or a patch is received upstream? Otherwise, I think we don't need to wait for 3.8. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608#note_1022263451 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 15:49:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 13:49:34 +0000 Subject: [gnutls-devel] GnuTLS | kTLS with TLS-PSK fails with an internal error (#1384) References: Message-ID: Richard W_M_ Jones created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1384 For this you will need to enable kTLS in gnutls (an experimental feature), load the tls.ko kernel module, and maybe enable ktls in your security policy. After doing that you can reproduce the bug using just gnutls-serv/gnutls-cli as follows: ``` $ cat keys.psk qemu:82b818aa2e9e5473567fa94e4eec4aa086bb839abbb26c378be7ace07d986cf4 $ LD_LIBRARY_PATH=~/d/gnutls/lib/.libs gnutls-serv --priority NORMAL:+ECDHE-PSK:+PSK --pskpasswd keys.psk --pskhint qemu --http -d 99 $ LD_LIBRARY_PATH=~/d/gnutls/lib/.libs gnutls-cli --pskusername qemu --pskkey 82b818aa2e9e5473567fa94e4eec4aa086bb839abbb26c378be7ace07d986cf4 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK -p 5556 localhost ``` Hit enter in CLI, and you will see the server failing with: ``` |<5>| REC: Sending Alert[2|80] - Internal error Error: Error in the pull function. |<13>| BUF[HSK]: Emptied buffer |<5>| REC[0x5642b619cd00]: Start of epoch cleanup |<5>| REC[0x5642b619cd00]: End of epoch cleanup |<5>| REC[0x5642b619cd00]: Epoch #2 freed ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 18:22:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 16:22:34 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 was reviewed by Ondrej Moris -- Ondrej Moris commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1022608860 I reviewed the changes and I did not spot any obvious failure, although I admit that I am not very familiar with GnuTLS code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 11 18:24:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Jul 2022 16:24:57 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Ondrej Moris commented: I reviewed the changes and I did not spot any obvious failure, although I admit that I am not very familiar with GnuTLS code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1022611137 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 12 09:51:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Jul 2022 07:51:20 +0000 Subject: [gnutls-devel] GnuTLS | Add self-test code inside a FIPS context (!1607) In-Reply-To: References: Message-ID: Richard Costa commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607#note_1023306688 Thanks a ton for the support! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607#note_1023306688 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 12 16:32:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Jul 2022 14:32:02 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Ondrej Moris commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1023961199 I asked Stephan about this and he confirmed what Daiki is saying. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1023961199 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 12 19:32:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Jul 2022 17:32:42 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Issue was reopened by Adrien B?raud Issue 1377: https://gitlab.com/gnutls/gnutls/-/issues/1377 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 12 19:34:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Jul 2022 17:34:39 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Issue was closed by Adrien B?raud Issue #1377: https://gitlab.com/gnutls/gnutls/-/issues/1377 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 13 12:43:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 13 Jul 2022 10:43:59 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Merge request !1603 was approved by Hubert Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 Project:Branches: dueno/gnutls:wip/dueno/aes-gcm-rekey-limit to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 13 12:44:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 13 Jul 2022 10:44:07 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1025029867 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 13 13:50:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 13 Jul 2022 11:50:00 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1025134727 Thanks for the review. I've mentioned the limit in NEWS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603#note_1025134727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 13 13:50:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 13 Jul 2022 11:50:01 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: All discussions on merge request !1603 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 13 13:50:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 13 Jul 2022 11:50:10 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Merge request !1603 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 Project:Branches: dueno/gnutls:wip/dueno/aes-gcm-rekey-limit to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 13 17:29:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 13 Jul 2022 15:29:55 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Merge request !1603 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 Project:Branches: dueno/gnutls:wip/dueno/aes-gcm-rekey-limit to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 14 09:30:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Jul 2022 07:30:38 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 Project:Branches: dueno/gnutls:wip/dueno/cbc-pkcs7-pad to gnutls/gnutls:master Author: Daiki Ueno This adds a couple of functions `gnutls_cipher_encrypt3` and `gnutls_cipher_decrypt3`, which add or remove padding as necessary if the length of the plaintext is not a multiple of the block size. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 14 14:33:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Jul 2022 12:33:05 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Andreas Schneider commented: Hi, thank you very much for extending the API! I like the idea of a new flags argument. This allows to add more things in future if needed. However you named the flags enum `gnutls_cipher_padding_flags_t`. Shouldn't it be just `gnutls_cipher_flags_t`? Then other flags not only PADDING could be added in future. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1026591154 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 14 17:04:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Jul 2022 15:04:10 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Adrien B?raud commented: Related issue for reference: https://github.com/android/ndk/issues/1710 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1026841103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 15 12:12:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 15 Jul 2022 10:12:38 +0000 Subject: [gnutls-devel] GnuTLS | Suppress compile time warnings on Fedora 36 (!1606) In-Reply-To: References: Message-ID: Zolt?n Fridrich started a new discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606#note_1027694681 I tried to compile gnutls with this patch locally on my f36, looks pretty good. There are still 4 compiler warnings however: ``` tpm2.c:123:20: warning: 'asn1_static_node_t' macro is deprecated, use 'asn1_static_node' instead. 123 | ASN1_DATA_NODE d; tests.c:1604:17: warning: use of NULL 'pos' where non-null expected [CWE-476] [-Wanalyzer-null-argument] 1604 | memcpy(pos, t.data, t.size); certtool-common.c:92:7: warning: function might be candidate for attribute 'malloc' [-Wsuggest-attribute=malloc] 92 | FILE *safe_open_rw(const char *file, int privkey_op) certtool-common.c:92:7: warning: function might be candidate for attribute 'malloc' [-Wsuggest-attribute=malloc] 92 | FILE *safe_open_rw(const char *file, int privkey_op) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606#note_1027694681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 04:35:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 02:35:17 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1587) In-Reply-To: References: Message-ID: Merge request !1587 was closed by Brad Smith Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1587 Project:Branches: brad0/gnutls:master to gnutls/gnutls:master Author: Brad Smith Assignee: Brad Smith Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 04:51:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 02:51:39 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1612) References: Message-ID: Brad Smith created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 Project:Branches: brad0/gnutls:aarch64_openbsd to gnutls/gnutls:master Author: Brad Smith This adds support for detecting hardware support for crypto on OpenBSD/aarch64. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 09:37:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 07:37:13 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1612) In-Reply-To: References: Message-ID: Merge request !1612 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 Project:Branches: brad0/gnutls:aarch64_openbsd to gnutls/gnutls:master Author: Brad Smith Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 09:37:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 07:37:23 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1612) In-Reply-To: References: Message-ID: Merge request !1612 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 Project:Branches: brad0/gnutls:aarch64_openbsd to gnutls/gnutls:master Author: Brad Smith Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 09:37:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 07:37:33 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1612) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612#note_1028496522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 09:37:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 07:37:49 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1612) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 09:38:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 07:38:59 +0000 Subject: [gnutls-devel] GnuTLS | gnutls restricts TLSv1.3 identity to 128 characters (#1323) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1323 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 09:40:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 07:40:08 +0000 Subject: [gnutls-devel] GnuTLS | Expose a public interface for executing FIPS integrity tests on-demand (#1364) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 16 10:24:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Jul 2022 08:24:40 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1612) In-Reply-To: References: Message-ID: Merge request !1612 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 Project:Branches: brad0/gnutls:aarch64_openbsd to gnutls/gnutls:master Author: Brad Smith -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 17 19:04:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Jul 2022 17:04:19 +0000 Subject: [gnutls-devel] GnuTLS | verification error on duplicate server cert in chain (#1335) In-Reply-To: References: Message-ID: Andreas Metzler commented: After this code block in [verify-high.c](lib/x509/verify-high.c#L1483) ```C for (i = 0; i < cert_list_size && cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH; ) { unsigned int sorted_size = 1; unsigned int j; gnutls_x509_crt_t issuer; if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN)) { sorted_size = _gnutls_sort_clist(&cert_list[i], cert_list_size - i); } ``` The list ~~~ Subject: CN=ci.debian.net Subject: CN=R3,O=Let's Encrypt,C=US Subject: CN=ci.debian.net Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US ~~~ is resorted properly, moving the duplicate CN=ci.debian.net from position 3 to 4. However the following code-block cannot/does not handle a later duplicate of the first entry and does not remove it. [verify-high.c](lib/x509/verify-high.c#L1494) ``` /* Remove duplicates. Start with index 1, as the first element * may be re-checked after issuer retrieval. */ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1335#note_1028739720 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 17 22:52:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Jul 2022 20:52:26 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: civodul commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608#note_1028774889 > Is Guile 1.8 still supported in any form, e.g., what if an issue or a patch is received upstream? No. Guile 1.8 has been unmaintained upstream for more than 10 years. > Otherwise, I think we don't need to wait for 3.8. Yeah, it's OK not to wait. Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608#note_1028774889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 18 01:48:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Jul 2022 23:48:46 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: All discussions on merge request !1608 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 18 01:48:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Jul 2022 23:48:53 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: Merge request !1608 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 Project:Branches: civodul/gnutls:wip-remove-guile-1.8-support to gnutls/gnutls:master Author: civodul Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 18 02:02:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 18 Jul 2022 00:02:36 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: Merge request !1608 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 Project:Branches: civodul/gnutls:wip-remove-guile-1.8-support to gnutls/gnutls:master Author: civodul -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 19 09:13:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Jul 2022 07:13:42 +0000 Subject: [gnutls-devel] GnuTLS | guile: Allow session record ports to have a 'close' procedure (!1610) In-Reply-To: References: Message-ID: Merge request !1610 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610 Project:Branches: civodul/gnutls:wip-session-record-port-close to gnutls/gnutls:master Author: civodul Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 19 09:13:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Jul 2022 07:13:58 +0000 Subject: [gnutls-devel] GnuTLS | guile: Allow session record ports to have a 'close' procedure (!1610) In-Reply-To: References: Message-ID: Daiki Ueno commented: I guess we can merge this now? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610#note_1030414554 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 19 11:10:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Jul 2022 09:10:21 +0000 Subject: [gnutls-devel] GnuTLS | TLS1.3 PSK: support PSK with SHA384 (#386) In-Reply-To: References: Message-ID: Hannes Reinecke commented: I'd love to see these two issues ('Support PSK with SHA384' and 'Support multiple PSKs') separated. Multiple PSKs are already allowed / defined (cf RFC 8446 Section 4.2.11: ~~~ identities: A list of the identities that the client is willing to negotiate with the server. If sent alongside the "early_data" extension (see Section 4.2.10), the first identity is the one used for 0-RTT data. ~~~ and I actually would need that for NVMe-over-Fabrics TLS support. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/386#note_1030594392 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 19 12:04:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Jul 2022 10:04:10 +0000 Subject: [gnutls-devel] GnuTLS | guile: Allow session record ports to have a 'close' procedure (!1610) In-Reply-To: References: Message-ID: civodul commented: @dueno Yup, it's ready to go! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610#note_1030677929 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 19 12:23:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Jul 2022 10:23:10 +0000 Subject: [gnutls-devel] GnuTLS | guile: Allow session record ports to have a 'close' procedure (!1610) In-Reply-To: References: Message-ID: Merge request !1610 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610 Project:Branches: civodul/gnutls:wip-session-record-port-close to gnutls/gnutls:master Author: civodul -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 19 14:18:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Jul 2022 12:18:02 +0000 Subject: [gnutls-devel] GnuTLS | Support multiple identities for TLS 1.3 PSK (#1385) References: Message-ID: Hannes Reinecke created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1385 ## Description of the feature: Support multiple identities for PSK in TLS 1.3 as per RFC 8446 4.2.11. ## Applications that this feature may be relevant to: NVMe-over-Fabrics TLS encryption has defined several possible identities per client. To correctly support TLS 1.3 the client would need to include all of those identities in the Pre-Shared-Key ClientHello extension. With gnutls this is currently not possible, and so we have to restart negotiation when the wrong PSK had been presented. ## Is this feature implemented in other libraries (and which) Not that I am aware. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1385 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 20 12:45:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Jul 2022 10:45:31 +0000 Subject: [gnutls-devel] GnuTLS | Suppress compile time warnings on Fedora 36 (!1606) In-Reply-To: References: Message-ID: All discussions on merge request !1606 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 20 12:46:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Jul 2022 10:46:41 +0000 Subject: [gnutls-devel] GnuTLS | Suppress compile time warnings on Fedora 36 (!1606) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: I tried to compile this and there were no warnings. Output is clean. Changes also look good. Approved. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606#note_1032286411 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 20 12:46:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Jul 2022 10:46:45 +0000 Subject: [gnutls-devel] GnuTLS | Suppress compile time warnings on Fedora 36 (!1606) In-Reply-To: References: Message-ID: Merge request !1606 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 Project:Branches: dueno/gnutls:wip/dueno/minor-f36 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 21 08:33:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 21 Jul 2022 06:33:38 +0000 Subject: [gnutls-devel] GnuTLS | testdane.sh is failing with external hosts (#1386) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1386 Looks like `dane.verisignlabs.com` has gone. We should either implement some mock by ourselves or simply stop using the hosts for testing. ```console *** Testing good HTTPS hosts *** Ncat: Could not resolve hostname "good.dane.verisignlabs.com": Name or service not known. QUITTING. www.freebsd.org: ok Ncat: Connection reset by peer. fedoraproject.org: Error checking fedoraproject.org FAIL testdane.sh (exit status: 1) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 21 11:55:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 21 Jul 2022 09:55:04 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1033704954 > + * that case, @ctext must hold enough space to store padded cipher > + * text and @ctext_len is updated to be a multiple of the block > + * size. The initial size can be obtained by calling this function IMO it's not fully clear from the current wording 1. what the 'initial size' refers to here 2. that one isn't supposed to call it with `ctext=NULL` when flags aren't 0 Maybe it makes sense to support `ctext=NULL` for all combinations of other parameters to reduce the surprise factor. -- Alexander Sosedkin started a new discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1033704957 > + } else { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED); > + } gnutls_cipher_decrypt2 can be reused in full -- Alexander Sosedkin started a new discussion on tests/cipher-padding.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1033704966 > + fail("plaintext does not match\n"); > + } > + no coverage for decrypting / encrypting without padding -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 21 12:57:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 21 Jul 2022 10:57:48 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1033798875 > + } else { > + ret = _gnutls_cipher_decrypt2(&h->ctx_dec, > + ctext, ctext_len, > + ptext, *ptext_len); > + } > + > + if (ret < 0) { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); > + } else { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED); > + } > + > + if (_gnutls_cipher_type(h->ctx_enc.e) == CIPHER_BLOCK && > + (flags & GNUTLS_CIPHER_PADDING_PKCS7)) { > + uint8_t *p = ptext; > + uint8_t padding = p[*ptext_len - 1]; Checking just the last value is more lax than my reading of https://datatracker.ietf.org/doc/html/rfc2315#section-10.3. Is it intended or should the prior values be checked as well? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1033798875 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 08:00:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 06:00:35 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1034888441 > + > + if (_gnutls_cipher_type(h->ctx_enc.e) != CIPHER_BLOCK) { > + ret = _gnutls_cipher_decrypt2(&h->ctx_enc, > + ctext, ctext_len, > + ptext, *ptext_len); > + } else { > + ret = _gnutls_cipher_decrypt2(&h->ctx_dec, > + ctext, ctext_len, > + ptext, *ptext_len); > + } > + > + if (ret < 0) { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); > + } else { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED); > + } Good point, fixed; also added a check on `ret` before removing padding. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1034888441 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 08:02:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 06:02:20 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1034890308 > + } else { > + ret = _gnutls_cipher_decrypt2(&h->ctx_dec, > + ctext, ctext_len, > + ptext, *ptext_len); > + } > + > + if (ret < 0) { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); > + } else { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED); > + } > + > + if (_gnutls_cipher_type(h->ctx_enc.e) == CIPHER_BLOCK && > + (flags & GNUTLS_CIPHER_PADDING_PKCS7)) { > + uint8_t *p = ptext; > + uint8_t padding = p[*ptext_len - 1]; The checking is done below in the for loop (I'll add a comment). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1034890308 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 08:29:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 06:29:47 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Andreas Schneider started a new discussion on tests/cipher-padding.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1034918794 > + plaintext, SIZE_MAX, > + NULL, &size, > + GNUTLS_CIPHER_PADDING_PKCS7); > + if (ret != GNUTLS_E_INVALID_REQUEST) { > + fail("gnutls_cipher_encrypt3 succeeded\n"); > + } > + > + /* Get the ciphertext size */ > + ret = gnutls_cipher_encrypt3(ch, > + plaintext, plaintext_size, > + NULL, &size, > + GNUTLS_CIPHER_PADDING_PKCS7); > + if (ret < 0) { > + fail("gnutls_cipher_encrypt3 failed\n"); > + } > + As there is *always* padding, I would suggest to add a check: `size > plaintext_size` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1034918794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 08:48:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 06:48:36 +0000 Subject: [gnutls-devel] GnuTLS | Suppress compile time warnings on Fedora 36 (!1606) In-Reply-To: References: Message-ID: Merge request !1606 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 Project:Branches: dueno/gnutls:wip/dueno/minor-f36 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 10:52:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 08:52:44 +0000 Subject: [gnutls-devel] GnuTLS | Suppress compile time warnings on Fedora 36 (!1606) In-Reply-To: References: Message-ID: Merge request !1606 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 Project:Branches: dueno/gnutls:wip/dueno/minor-f36 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 10:52:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 08:52:45 +0000 Subject: [gnutls-devel] GnuTLS | testdane.sh is failing with external hosts (#1386) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1606 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1606) Issue #1386: https://gitlab.com/gnutls/gnutls/-/issues/1386 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:06:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:06:32 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1035103700 > + } else { > + ret = _gnutls_cipher_decrypt2(&h->ctx_dec, > + ctext, ctext_len, > + ptext, *ptext_len); > + } > + > + if (ret < 0) { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); > + } else { > + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED); > + } > + > + if (_gnutls_cipher_type(h->ctx_enc.e) == CIPHER_BLOCK && > + (flags & GNUTLS_CIPHER_PADDING_PKCS7)) { > + uint8_t *p = ptext; > + uint8_t padding = p[*ptext_len - 1]; my bad -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1035103700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:17:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:17:28 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on tests/cipher-padding.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1035119432 > + ciphertext, size, > + ciphertext, &size, > + GNUTLS_CIPHER_PADDING_PKCS7); > + if (ret < 0) { > + fail("gnutls_cipher_encrypt3 failed\n"); > + } > + > + if (size != plaintext_size) { > + fail("size does not match: %zu (expected %zu)\n", > + size, plaintext_size); > + } > + > + if (memcmp(ciphertext, plaintext, size) != 0) { > + fail("plaintext does not match\n"); > + } > + thanks for expanding it -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1035119432 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:19:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:19:02 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Merge request !1611 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 Project:Branches: dueno/gnutls:wip/dueno/cbc-pkcs7-pad to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:45:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:45:08 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1613) In-Reply-To: References: Message-ID: Reassigned merge request 1613 https://gitlab.com/gnutls/gnutls/-/merge_requests/1613 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1613 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:45:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:45:09 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1613) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1613 Project:Branches: ZoltanFridrich/gnutsl-private:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #1383 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1613 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:56:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:56:22 +0000 Subject: [gnutls-devel] GnuTLS | cipher: limit plaintext length supplied to AES-GCM (!1603) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:56:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:56:42 +0000 Subject: [gnutls-devel] GnuTLS | Remove support for Guile 1.8. (!1608) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:56:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:56:56 +0000 Subject: [gnutls-devel] GnuTLS | guile: Allow session record ports to have a 'close' procedure (!1610) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:57:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:57:11 +0000 Subject: [gnutls-devel] GnuTLS | Add self-test code inside a FIPS context (!1607) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:57:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:57:37 +0000 Subject: [gnutls-devel] GnuTLS | tests/fips-test: minor extension (!1605) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:57:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:57:50 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes on KTLS (!1604) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:58:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:58:00 +0000 Subject: [gnutls-devel] GnuTLS | nettle: restrict output size of HKDF-Expand to 255 * HashLen (!1602) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1602 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:58:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:58:15 +0000 Subject: [gnutls-devel] GnuTLS | fips: make service indicator logging louder (!1567) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1567 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:58:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:58:29 +0000 Subject: [gnutls-devel] GnuTLS | README.md: explicitly install libtasn1-bin (!1600) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1600 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:58:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:58:54 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/tls-fuzzer: use more -x/-X instead of -e and less -n (!1593) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 11:58:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 09:58:41 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: disable by default enable by config (!1599) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1599 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 12:01:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 10:01:05 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1613) In-Reply-To: References: Message-ID: Merge request !1613 was closed by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1613 Project:Branches: ZoltanFridrich/gnutsl-private:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1613 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 12:01:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 10:01:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1614) In-Reply-To: References: Message-ID: Reassigned merge request 1614 https://gitlab.com/gnutls/gnutls/-/merge_requests/1614 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1614 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 12:01:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 10:01:56 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1614) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1614 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #1383 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1614 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 12:51:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 10:51:53 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: All discussions on merge request !1611 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 12:51:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 10:51:54 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/cipher-padding.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1035251226 > + plaintext, SIZE_MAX, > + NULL, &size, > + GNUTLS_CIPHER_PADDING_PKCS7); > + if (ret != GNUTLS_E_INVALID_REQUEST) { > + fail("gnutls_cipher_encrypt3 succeeded\n"); > + } > + > + /* Get the ciphertext size */ > + ret = gnutls_cipher_encrypt3(ch, > + plaintext, plaintext_size, > + NULL, &size, > + GNUTLS_CIPHER_PADDING_PKCS7); > + if (ret < 0) { > + fail("gnutls_cipher_encrypt3 failed\n"); > + } > + Yeah, that makes sense; I've added the check. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1035251226 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 15:08:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 13:08:54 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Reassigned merge request 1615 https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 15:08:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 13:08:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #1383 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 22 15:13:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 13:13:45 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1614) In-Reply-To: References: Message-ID: Merge request !1614 was closed by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1614 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1614 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 23 01:50:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 23:50:44 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615#note_1036090604 > > * Version 3.7.7 (unreleased) > > +** libgnutls: Fixed double free during verification of pkcs7 signatures. > + Reported by Jaak Ristioja (#1383). CVE code has been allocated for > + this vulnerability: [CVE-2022-2509] Let's assess the CVSS score using the [calculator](https://www.first.org/cvss/calculator/), and also assign our own SA like [this](https://gitlab.com/gnutls/gnutls/-/blob/e80b334563d648d86d654346ad49b1010974e7ad/NEWS#L266) so we can [list](https://www.gnutls.org/security-new.html) it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615#note_1036090604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 23 01:51:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 23:51:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Daiki Ueno commented: Please rebase against the master to fix the CI failures. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615#note_1036090822 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 23 01:52:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 23:52:43 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the reviews. Let's get this in for the next release 3.7.7. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611#note_1036091041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 23 01:52:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 23:52:52 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Merge request !1611 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 Project:Branches: dueno/gnutls:wip/dueno/cbc-pkcs7-pad to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 23 01:52:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Jul 2022 23:52:57 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 23 02:00:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 23 Jul 2022 00:00:56 +0000 Subject: [gnutls-devel] GnuTLS | crypto-api: add block cipher API with automatic padding (!1611) In-Reply-To: References: Message-ID: Merge request !1611 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 Project:Branches: dueno/gnutls:wip/dueno/cbc-pkcs7-pad to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 23 18:49:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 23 Jul 2022 16:49:59 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Andreas Metzler commented: @ZoltanFridrich Stupid Question: Why did you open a new merge request 3 times instead of updating the original one with a force-push? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615#note_1036314459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 09:06:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 07:06:11 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615#note_1036861167 Because I have no CI minutes left for this month. Therefore the CI would not start and I would not be able to merge the MR. That's why I had to create a branch directly in gnutls repo. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615#note_1036861167 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 09:39:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 07:39:12 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: All discussions on merge request !1615 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 09:42:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 07:42:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: All discussions on merge request !1615 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 12:14:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 10:14:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Merge request !1615 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 12:16:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 10:16:57 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pkcs7_import may cause memory leak (#1387) References: Message-ID: Zolt?n Fridrich created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1387 Assignee: Zolt?n Fridrich Following code snipet will cause a memory leak: ``` gnutls_pkcs7_init(&pkcs7)); gnutls_pkcs7_set_crt(pkcs7, cert); gnutls_pkcs7_import(pkcs7, &data, GNUTLS_X509_FMT_PEM)); ``` 1. After `gnutls_pkcs7_init()` the `pkcs7.signed_data` will contain `NULL` 2. Because `pkcs7.signed_data` is `NULL`, it will be initialized for the first time in `gnutls_pkcs7_set_crt()` 3. `gnutls_pkcs7_import()` then creates a new asn1 element and overwrites already set `pkcs7.signed_data` leaking memory in the process More precisely, this is the point where the data are leaked https://gitlab.com/gnutls/gnutls/-/blob/master/lib/x509/pkcs7.c#L146 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1387 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 12:17:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 10:17:11 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pkcs7_import may cause memory leak (#1387) In-Reply-To: References: Message-ID: Reassigned Issue 1387 https://gitlab.com/gnutls/gnutls/-/issues/1387 Assignee changed from Zolt?n Fridrich to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1387 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 12:26:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 10:26:38 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Merge request !1615 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 16:09:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 14:09:36 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak in gnutls_pkcs7_import (!1616) In-Reply-To: References: Message-ID: Reassigned merge request 1616 https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 16:09:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 14:09:36 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak in gnutls_pkcs7_import (!1616) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 16:09:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 14:09:38 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak in gnutls_pkcs7_import (!1616) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 Branches: zfridric_devel2 to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Closes #1387 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 25 16:20:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 14:20:19 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak in gnutls_pkcs7_import (!1616) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: @dueno I have fixed the memory leak in the simplest way. Not changing the behavior, just removing the leak. We might want to discuss if this is the right way to fix this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616#note_1037509851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 01:20:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Jul 2022 23:20:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak in gnutls_pkcs7_import (!1616) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616#note_1038173666 It might be worth mentioning in the documentation that `gnutls_pkcs7_import` (and possibly others) would destroy previously set PKCS#7 structure? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616#note_1038173666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 02:16:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 00:16:24 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak in gnutls_pkcs7_import (!1616) In-Reply-To: References: Message-ID: Merge request !1616 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 Branches: zfridric_devel2 to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 04:48:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 02:48:21 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls-cli work with KTLS (!1617) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 Project:Branches: dueno/gnutls:wip/dueno/socket-no-wrap to gnutls/gnutls:master Author: Daiki Ueno Currently gnutls-cli does not use KTLS even if it is configured, because the program sets custom pull/push functions. This limits the usage of those custom functions so KTLS can be enabled in typical use-cases. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 07:42:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 05:42:28 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls-cli work with KTLS (!1617) In-Reply-To: References: Message-ID: Reassigned merge request 1617 https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 07:42:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 05:42:33 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls-cli work with KTLS (!1617) In-Reply-To: References: Message-ID: Reviewer changed to Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 11:42:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 09:42:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak in gnutls_pkcs7_import (!1616) In-Reply-To: References: Message-ID: All discussions on merge request !1616 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 14:45:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 12:45:26 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak in gnutls_pkcs7_import (!1616) In-Reply-To: References: Message-ID: Merge request !1616 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 Branches: zfridric_devel2 to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 14:45:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 12:45:26 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pkcs7_import may cause memory leak (#1387) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1616 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1616) Issue #1387: https://gitlab.com/gnutls/gnutls/-/issues/1387 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1387 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 15:06:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 13:06:46 +0000 Subject: [gnutls-devel] GnuTLS | verification error on duplicate server cert in chain (#1335) In-Reply-To: References: Message-ID: Pierre Zurek commented: Hello, I think I encountered the same issue when trying to clone https://voidpoint.io/terminx/eduke32. ```bash gnutls-cli voidpoint.io Processed 127 CA certificate(s). Resolving 'voidpoint.io:443'... Connecting to '212.8.242.14:443'... - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `CN=voidpoint.io', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x03e3fa6d56ff7a9a0d319f14335fdea34302, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-06-24 06:33:18 UTC', expires `2022-09-22 06:33:17 UTC', pin-sha256="aMVMzbZFrzK7cLH4a6uRQm9Bw9kWqdd88TVu4GwVuaA=" Public Key ID: sha1:2c3d9676b9046367de19f2dc8053a30df0c52695 sha256:68c54ccdb645af32bb70b1f86bab91426f41c3d916a9d77cf1356ee06c15b9a0 Public Key PIN: pin-sha256:aMVMzbZFrzK7cLH4a6uRQm9Bw9kWqdd88TVu4GwVuaA= - Certificate[1] info: - subject `CN=voidpoint.io', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x03e3fa6d56ff7a9a0d319f14335fdea34302, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-06-24 06:33:18 UTC', expires `2022-09-22 06:33:17 UTC', pin-sha256="aMVMzbZFrzK7cLH4a6uRQm9Bw9kWqdd88TVu4GwVuaA=" - Certificate[2] info: - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=" - Certificate[3] info: - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=" - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1335#note_1038976153 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 26 16:47:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Jul 2022 14:47:20 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pkcs7_import may cause memory leak (#1387) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 22, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1387 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 04:32:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 02:32:42 +0000 Subject: [gnutls-devel] GnuTLS | guile: reauth test is failing (#1388) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1388 In the latest git master, the `reauth.scm` test is failing with: ```console FAIL: tests/reauth.scm ====================== throw to `gnutls-error' with args (# reauthenticate) [PID 153702] 9 (primitive-load "/builds/gnutls/gnutls/gnutls-3.7.6/_bu?") In ice-9/eval.scm: 155:9 8 (_ _) In ice-9/boot-9.scm: 829:9 7 (catch _ _ # ?) In ice-9/eval.scm: 619:8 6 (_ #(#(#(#(# ?) ?) ?) ?)) In unknown file: 5 (reauthenticate #) In ice-9/boot-9.scm: 751:25 4 (dispatch-exception 0 gnutls-error (# ?)) In ice-9/eval.scm: 619:8 3 (_ #(#(#) ?)) In ice-9/boot-9.scm: 142:2 2 (dynamic-wind # ?) In ice-9/eval.scm: 159:9 1 (_ #(#(# ?))) In unknown file: 0 (make-stack #t) FAIL tests/reauth.scm (exit status: 1) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 04:33:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 02:33:51 +0000 Subject: [gnutls-devel] GnuTLS | guile: reauth test is failing (#1388) In-Reply-To: References: Message-ID: Daiki Ueno commented: @civodul could you take a look? The CI trace is available at: https://gitlab.com/gnutls/gnutls/-/jobs/2771635108 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1388#note_1039788102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 11:15:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 09:15:01 +0000 Subject: [gnutls-devel] GnuTLS | make error: In procedure dynamic-link: file: "/home/bp/Desktop/workspace/gnutls2/gnutls/build/guile/src/guile-gnutls-v-2", message: "file not found" (#1389) References: Message-ID: Adonis-Song created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1389 ## Description of problem: make error ## Version of gnutls used: 3.7.5 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * download gnutls, clone submodule , * apt-get some library, * ./bootstrap * mkdir build && cd build && ../configure --with-included-libtasn1 --with-included-unistring --without-p11-kit --disable-doc --disable-full-test-suite --disable-shared --prefix=/usr/local * make -j 8 ## Actual results: ``` ice-9/boot-9.scm:752:25: In procedure dispatch-exception: In procedure dynamic-link: file: "/home/bp/Desktop/workspace/gnutls2/gnutls/build/guile/src/guile-gnutls-v-2", message: "file not found" make[3]: *** [Makefile:3007: modules/gnutls/extra.go] Error 1 make[3]: Leaving directory '/home/bp/Desktop/workspace/gnutls2/gnutls/build/guile' make[2]: *** [Makefile:2480: all-recursive] Error 1 make[2]: Leaving directory '/home/bp/Desktop/workspace/gnutls2/gnutls/build/guile' make[1]: *** [Makefile:2257: all-recursive] Error 1 make[1]: Leaving directory '/home/bp/Desktop/workspace/gnutls2/gnutls/build' make: *** [Makefile:2182: all] Error 2 ``` ## Expected results: make successful. If I remove `--disable-shared`, I could make successful -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 13:48:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 11:48:43 +0000 Subject: [gnutls-devel] GnuTLS | guile: revert gnutls/build/tests.scm to use use-modules (!1618) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618 Project:Branches: dueno/gnutls:wip/dueno/guile-skip-reauth-test to gnutls/gnutls:master Author: Daiki Ueno This partially reverts e727eb7901a3f1754de970c8529925ae3d591b90. For some reason, the usage of #:use-module causes some behavioral difference that affects reauth.scm test. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 13:51:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 11:51:04 +0000 Subject: [gnutls-devel] GnuTLS | guile: reauth test is failing (#1388) In-Reply-To: References: Message-ID: Daiki Ueno commented: !1618 fixes the issue for me, though I don't understand why (possibly because of evaluation order?). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1388#note_1040414269 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 14:26:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 12:26:24 +0000 Subject: [gnutls-devel] GnuTLS | guile: revert gnutls/build/tests.scm to use use-modules (!1618) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Looks good, approving! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618#note_1040472133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 14:26:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 12:26:26 +0000 Subject: [gnutls-devel] GnuTLS | guile: revert gnutls/build/tests.scm to use use-modules (!1618) In-Reply-To: References: Message-ID: Merge request !1618 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618 Project:Branches: dueno/gnutls:wip/dueno/guile-skip-reauth-test to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 14:31:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 12:31:09 +0000 Subject: [gnutls-devel] GnuTLS | guile: revert gnutls/build/tests.scm to use use-modules (!1618) In-Reply-To: References: Message-ID: Merge request !1618 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618 Project:Branches: dueno/gnutls:wip/dueno/guile-skip-reauth-test to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 14:39:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 12:39:12 +0000 Subject: [gnutls-devel] GnuTLS | guile: revert gnutls/build/tests.scm to use use-modules (!1618) In-Reply-To: References: Message-ID: Merge request !1618 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618 Project:Branches: dueno/gnutls:wip/dueno/guile-skip-reauth-test to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 15:49:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 13:49:00 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Merge request !1615 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 16:16:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 14:16:44 +0000 Subject: [gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615) In-Reply-To: References: Message-ID: Merge request !1615 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 27 16:41:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Jul 2022 14:41:37 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls-cli work with KTLS (!1617) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: Looks good -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617#note_1040784192 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 08:58:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 06:58:01 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls-cli work with KTLS (!1617) In-Reply-To: References: Message-ID: Merge request !1617 was approved by Franti?ek Kren?elok Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 Project:Branches: dueno/gnutls:wip/dueno/socket-no-wrap to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 09:00:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 07:00:22 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls-cli work with KTLS (!1617) In-Reply-To: References: Message-ID: Merge request !1617 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 Project:Branches: dueno/gnutls:wip/dueno/socket-no-wrap to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 09:00:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 07:00:38 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls-cli work with KTLS (!1617) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 29, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 11:28:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 09:28:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.7.5 libgnutls-symbols.expsym not in: lib/.libs/libgnutls.30.dylib (#1370) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.8 (Jul 1, 2022?Sep 1, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/37 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1370 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 12:35:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 10:35:17 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.7 release (!4) In-Reply-To: References: Message-ID: Reassigned merge request 4 https://gitlab.com/gnutls/abi-dump/-/merge_requests/4 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 12:35:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 10:35:18 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.7 release (!4) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/abi-dump/-/merge_requests/4 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 12:36:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 10:36:33 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.7 release (!4) In-Reply-To: References: Message-ID: Merge request !4 was merged Merge request URL: https://gitlab.com/gnutls/abi-dump/-/merge_requests/4 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 12:51:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 10:51:20 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.7 (!1619) In-Reply-To: References: Message-ID: Reassigned merge request 1619 https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 12:51:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 10:51:21 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.7 (!1619) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 13:16:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 11:16:40 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.7 (!1619) In-Reply-To: References: Message-ID: Merge request !1619 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 14:00:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 12:00:51 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.7 (!1619) In-Reply-To: References: Message-ID: Merge request !1619 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 14:06:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 12:06:36 +0000 Subject: [gnutls-devel] GnuTLS | Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7 (#758) In-Reply-To: References: Message-ID: jphppd commented: I had a similar issue with a Yocto-based distribution (version dunfell, gnutls 3.6.14) on an arm i.MX6 target. Apparently, the following modification ```diff static int gnutls_system_mutex_init(void **priv) { - pthread_mutex_t *lock = malloc(sizeof(pthread_mutex_t)); + pthread_mutex_t *lock = calloc(1, sizeof(pthread_mutex_t)); int ret; ``` in [threads.c](https://gitlab.com/gnutls/gnutls/-/blob/3.6.14/lib/system/threads.c#L92) fixes the issue (at least, in my use-case). The reason is not completely clear though, the following call to `pthread_mutex_init` should init the mutex properly. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/758#note_1042015608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 15:48:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 13:48:47 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.7 (!1619) In-Reply-To: References: Message-ID: Merge request !1619 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 Branches: zfridric_devel to master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1619 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 17:34:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 15:34:23 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.7 release (!5) In-Reply-To: References: Message-ID: Reassigned merge request 5 https://gitlab.com/gnutls/web-pages/-/merge_requests/5 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 28 17:34:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Jul 2022 15:34:24 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.7 release (!5) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/5 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 02:43:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 00:43:05 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.7 release (!5) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on security-entries/GNUTLS-SA-2022-07-07: https://gitlab.com/gnutls/web-pages/-/merge_requests/5#note_1043410592 > + N/A > + Severity Medium; memory corruption > + When gnutls_pkcs7_verify cannot verify signature against given trust list, it starts creating a chain of certificates starting from identified signer up to known root. During the creation of this chain the signer certificate gets freed which results in double free when the same signer certificate is freed at the end of the algorithm. The issue was reported in the issue tracker as #1383.
Can we mention affected versions? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/5#note_1043410592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 09:14:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 07:14:04 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.7 release (!5) In-Reply-To: References: Message-ID: All discussions on merge request !5 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/web-pages/-/merge_requests/5 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 09:15:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 07:15:01 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.7 release (!5) In-Reply-To: References: Message-ID: Merge request !5 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/5 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 10:48:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 08:48:57 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1620) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 10:48:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 08:48:57 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1620) In-Reply-To: References: Message-ID: Reassigned merge request 1620 https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 Assignee changed to Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 10:48:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 08:48:59 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1620) References: Message-ID: Franti?ek Kren?elok created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 Project:Branches: FrantisekKrenzelok/gnutls:ktls_fix to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno session->internals.pull_func is set to system_read during gnutls_init() so check for user set pull/push function added in commit 2d3cba6bb21acb40141180298f3924c73c7de8f8 will **always** result in not enabling KTLS. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 10:58:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 08:58:38 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1620) In-Reply-To: References: Message-ID: Merge request !1620 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 Project:Branches: FrantisekKrenzelok/gnutls:ktls_fix to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 10:59:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 08:59:00 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1620) In-Reply-To: References: Message-ID: Merge request !1620 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 Project:Branches: FrantisekKrenzelok/gnutls:ktls_fix to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 10:59:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 08:59:14 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1620) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for spotting this! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620#note_1044399780 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 29 13:02:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Jul 2022 11:02:30 +0000 Subject: [gnutls-devel] GnuTLS | KTLS: hotfix (!1620) In-Reply-To: References: Message-ID: Merge request !1620 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 Project:Branches: FrantisekKrenzelok/gnutls:ktls_fix to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 30 23:44:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 30 Jul 2022 21:44:11 +0000 Subject: [gnutls-devel] GnuTLS | Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266. (!1621) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 Project:Branches: jas/gnutls:jas/doc-fix-tls-exporter to gnutls/gnutls:master Author: Simon Josefsson Hi! A small doc fix to celebrate that the RFC has been published. The pipeline has passed except for fedora-static-analyzers/test which seems stuck (or extremely slow...), but I can't imagine this causing problems. I haven't contributed for a while, so I'm learning the new ways to contribute, let me know if I made some mistake... /Simon ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 31 03:41:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 31 Jul 2022 01:41:24 +0000 Subject: [gnutls-devel] GnuTLS | Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266. (!1621) In-Reply-To: References: Message-ID: Merge request !1621 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 Project:Branches: jas/gnutls:jas/doc-fix-tls-exporter to gnutls/gnutls:master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 31 03:41:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 31 Jul 2022 01:41:36 +0000 Subject: [gnutls-devel] GnuTLS | Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266. (!1621) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621#note_1045518091 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 31 03:41:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 31 Jul 2022 01:41:44 +0000 Subject: [gnutls-devel] GnuTLS | Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266. (!1621) In-Reply-To: References: Message-ID: Merge request !1621 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 Project:Branches: jas/gnutls:jas/doc-fix-tls-exporter to gnutls/gnutls:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 31 03:51:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 31 Jul 2022 01:51:27 +0000 Subject: [gnutls-devel] GnuTLS | Make use of `interruptible` keyword in Gitlab CI (#1390) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1390 @ZoltanFridrich suggested to use the [`interruptible`](https://docs.gitlab.com/ee/ci/yaml/#interruptible) keyword to automatically cancel the previous CI jobs when an MR is updated subsequently. That would help save CI time consumption. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: