From gnutls-devel at lists.gnutls.org Tue Nov 1 09:05:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Nov 2022 08:05:47 +0000 Subject: [gnutls-devel] GnuTLS | Drop stale doc/announce.txt. (!1665) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 Project:Branches: jas/gnutls:jas/drop-announcetxt to gnutls/gnutls:master Author: Simon Josefsson This just drops an old release announcement template, I'm assuming it is stale. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 1 11:38:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Nov 2022 10:38:56 +0000 Subject: [gnutls-devel] GnuTLS | Drop stale doc/announce.txt. (!1665) In-Reply-To: References: Message-ID: Merge request !1665 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 Project:Branches: jas/gnutls:jas/drop-announcetxt to gnutls/gnutls:master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 1 11:44:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Nov 2022 10:44:03 +0000 Subject: [gnutls-devel] GnuTLS | Drop stale doc/announce.txt. (!1665) In-Reply-To: References: Message-ID: Daiki Ueno commented: FYI: for documentation only changes, we can skip the CI pipeline by adding "ci skip" to the commit message, as described in https://docs.gitlab.com/ee/user/project/repository/#commit-changes-to-a-repository -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665#note_1155750492 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 1 17:12:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Nov 2022 16:12:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: Eric Blake commented: Is there anything else I need to do to help move forward on this merge request? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652#note_1156190742 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 03:38:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 02:38:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: Daiki Ueno commented: There are a couple of failures in the CI; would you be able to pacify them? The cppcheck issue seems to be false-positive: ```console 'invalidLifetime:lib/pkcs11_privkey.c:605,error,Using pointer to local variable 'tval' that is out of scope.' 'invalidLifetime:lib/pkcs11_privkey.c:607,error,Using pointer to local variable 'tval' that is out of scope.' ``` as `tval` is only referenced inside the `if` block. Maybe using a separate attribute array than `a` would fix the issue, or we could add a suppression comment like `/* cppcheck-suppress invalidLifetime symbolName=tval */`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652#note_1156648384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 06:51:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 05:51:41 +0000 Subject: [gnutls-devel] GnuTLS | Handle private keys with lowercase hex digits in DEK-Info (!1655) In-Reply-To: References: Message-ID: All discussions on merge request !1655 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1655 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 06:51:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 05:51:50 +0000 Subject: [gnutls-devel] GnuTLS | Handle private keys with lowercase hex digits in DEK-Info (!1655) In-Reply-To: References: Message-ID: Merge request !1655 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1655 Project:Branches: dueno/gnutls:wip/dek-info to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 06:51:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 05:51:34 +0000 Subject: [gnutls-devel] GnuTLS | Handle private keys with lowercase hex digits in DEK-Info (!1655) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/privkey_openssl.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1655#note_1156744450 > - if (*c >= '0' && *c <= '9') > - x = (*c) - '0'; > - else if (*c >= 'A' && *c <= 'F') > - x = (*c) - 'A' + 10; > - else { > - gnutls_assert(); > - /* Invalid salt in encrypted PEM file */ > - ret = GNUTLS_E_INVALID_REQUEST; > - goto out_salt; > - } > - if (i & 1) > - salt.data[i / 2] |= x; > - else > - salt.data[i / 2] = x << 4; > + ret = gnutls_hex_decode(&hex_data, salt.data, &salt_size); > + if (ret == GNUTLS_E_PARSING_ERROR) { Good point, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1655#note_1156744450 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 06:52:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 05:52:01 +0000 Subject: [gnutls-devel] GnuTLS | Handle private keys with lowercase hex digits in DEK-Info (!1655) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1655#note_1156744637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 07:56:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 06:56:00 +0000 Subject: [gnutls-devel] GnuTLS | Handle private keys with lowercase hex digits in DEK-Info (#1415) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit e414198715bf0f3b44eab9ba176fbc0fd38a99e4 Issue #1415: https://gitlab.com/gnutls/gnutls/-/issues/1415 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1415 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 07:56:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 06:56:00 +0000 Subject: [gnutls-devel] GnuTLS | Handle private keys with lowercase hex digits in DEK-Info (!1655) In-Reply-To: References: Message-ID: Merge request !1655 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1655 Project:Branches: dueno/gnutls:wip/dek-info to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 09:28:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 08:28:48 +0000 Subject: [gnutls-devel] GnuTLS | Drop stale doc/announce.txt. (!1665) In-Reply-To: References: Message-ID: Simon Josefsson commented: Thanks -- sometimes it is hard to tell if something is purely a doc fix or not. Is the idea to do merge requests + approval for all changes for GnuTLS? I'm not really sure what the process is, and if I'm missing something or it is just not documented. Anyway, I'll merge this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665#note_1156875155 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 09:28:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 08:28:48 +0000 Subject: [gnutls-devel] GnuTLS | Drop stale doc/announce.txt. (!1665) In-Reply-To: References: Message-ID: Merge request !1665 was closed by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 Project:Branches: jas/gnutls:jas/drop-announcetxt to gnutls/gnutls:master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 09:30:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 08:30:28 +0000 Subject: [gnutls-devel] GnuTLS | Drop stale doc/announce.txt. (!1665) In-Reply-To: References: Message-ID: Merge request !1665 was Simon Josefsson Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 Project:Branches: jas/gnutls:jas/drop-announcetxt to gnutls/gnutls:master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 09:31:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 08:31:02 +0000 Subject: [gnutls-devel] GnuTLS | Drop stale doc/announce.txt. (!1665) In-Reply-To: References: Message-ID: Merge request !1665 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 Project:Branches: jas/gnutls:jas/drop-announcetxt to gnutls/gnutls:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1665 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 14:52:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 13:52:38 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: Eric Blake commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652#note_1157399191 > There are a couple of failures in the CI; would you be able to pacify them? I can try, even though they appear unrelated to my changes. > > The cppcheck issue seems to be false-positive: > ```console > 'invalidLifetime:lib/pkcs11_privkey.c:605,error,Using pointer to local variable 'tval' that is out of scope.' > 'invalidLifetime:lib/pkcs11_privkey.c:607,error,Using pointer to local variable 'tval' that is out of scope.' > ``` > as `tval` is only referenced inside the `if` block. Maybe using a separate attribute array than `a` would fix the issue, or we could add a suppression comment like `/* cppcheck-suppress invalidLifetime symbolName=tval */`. This is code in a function I didn't touch. But I think I see why cppcheck complained, and added a patch that should pacify it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652#note_1157399191 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 19:45:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 18:45:02 +0000 Subject: [gnutls-devel] GnuTLS | Discussion: tarball signing practice (#1407) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: fwiw, i agree with @ametzler here -- you should be able to *add* any number of signatures to the `.sig` of the associated tarball without introducing any problems. It's not GnuTLS's fault that some OpenPGP verification tooling makes poor decisions about how many signatures should be valid, and you certainly shouldn't change your workflow to accomodate that. Having a release signed by multiple keys is entirely reasonable. A fix has been prepared for [debian's tooling](https://salsa.debian.org/debian/devscripts/-/merge_requests/286) so hopefully this won't be an issue for debian for much longer at any rate. Of course, none of the above should stop you from adding any OpenPGP certificate to the list of parties you think *should* be able to sign a release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1407#note_1158001997 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 22:02:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 21:02:17 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: All discussions on merge request !1652 were resolved by Eric Blake https://gitlab.com/gnutls/gnutls/-/merge_requests/1652 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 2 22:02:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Nov 2022 21:02:17 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: Eric Blake commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652#note_1158129555 I've fixed the failures with cppcheck. The CI failures in debian/test are non-deterministic (repeating the job fails in a different part of tls-fuzzer), so I don't see how I could have caused those. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652#note_1158129555 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 3 09:36:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Nov 2022 08:36:54 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: Merge request !1652 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652 Project:Branches: ebblake/gnutls:master to gnutls/gnutls:master Author: Eric Blake Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 3 09:37:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Nov 2022 08:37:04 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: Merge request !1652 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652 Project:Branches: ebblake/gnutls:master to gnutls/gnutls:master Author: Eric Blake -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 3 09:37:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Nov 2022 08:37:12 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652#note_1158557612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 3 10:21:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Nov 2022 09:21:26 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: I agree that the formatting should be unified and probably enforced. I would also suggest adding a script that would format all source files after execution. @dueno what do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1158623851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 3 12:00:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Nov 2022 11:00:17 +0000 Subject: [gnutls-devel] GnuTLS | ktls fallback to userspace (#1420) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: The proposed _fallback mechanism_ kernel patch will not be introduced as it would be needed only in the absence of _kTLS key update support_ patch. The latter patch mitigates the need for the former one. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1420#note_1158791722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 3 12:00:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Nov 2022 11:00:19 +0000 Subject: [gnutls-devel] GnuTLS | ktls fallback to userspace (#1420) In-Reply-To: References: Message-ID: Issue was closed by Franti?ek Kren?elok Issue #1420: https://gitlab.com/gnutls/gnutls/-/issues/1420 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1420 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 4 13:49:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 12:49:48 +0000 Subject: [gnutls-devel] GnuTLS | handshake: clear server's session ticket indication at rehandshake (!1663) In-Reply-To: References: Message-ID: Reviewer changed from Zolt?n Fridrich to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 4 13:49:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 12:49:38 +0000 Subject: [gnutls-devel] GnuTLS | handshake: clear server's session ticket indication at rehandshake (!1663) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on tests/tls12-rehandshake-ticket.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663#note_1160496626 > + gnutls_transport_set_ptr(server, server); > + > + gnutls_session_ticket_key_generate(&session_ticket_key); Memory leak inside the test. Please put `gnutls_free(session_ticket_key.data);` at the end. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 4 13:49:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 12:49:58 +0000 Subject: [gnutls-devel] GnuTLS | handshake: clear server's session ticket indication at rehandshake (!1663) In-Reply-To: References: Message-ID: Reassigned merge request 1663 https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 4 15:21:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 14:21:19 +0000 Subject: [gnutls-devel] GnuTLS | bug in gnutls_init() (#1414) In-Reply-To: References: Message-ID: Eric Blake commented: !1652 was merged -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1414#note_1160634387 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 4 15:26:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 14:26:53 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_init: Always initialize *session (!1652) In-Reply-To: References: Message-ID: Eric Blake commented: fixes #1414 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1652#note_1160645649 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 4 17:32:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 16:32:41 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Simon Josefsson commented: When we update gnulib (!1509) there would be 'make indent' (which is configurable wrt parameters and which files to indent through cfg.mk) so no additional script would be needed, just some configuration in cfg.mk to chose -linux and maybe restrict some files from indentation if necessary. Do you agree with timing this just after 3.8.0? Or should we do it now? In the old times, doing this on a clean release is better, but with all things git these days, I'm not sure if this is important any more. Anyone can check out the commit before and confirm that 'make indent' results in the same code, if there is worry about introducing bugs. (Auditing 'indent' to not introduce bugs is another matter though...) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1160824883 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 4 23:22:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 22:22:38 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Daiki Ueno commented: I think it would be nice if the check could (1) apply different indentation rules per directory, (2) allow us to selectively disable the check even in a same source file, and (3) detect the issues as early as possible in the CI (or in a pre-commit hook, e.g., using [pre-commit](https://pre-commit.com/) tool). (1) and (2) are supported using clang-format (through `.clang-format` file in each directory and `/* clang-format off */` comment), though I'm not sure if this GNU indent based approach has such flexibility. For (3), afaik all `sc_*` rules require the project is bootstrapped. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1161125418 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 5 00:08:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 23:08:09 +0000 Subject: [gnutls-devel] GnuTLS | handshake: clear server's session ticket indication at rehandshake (!1663) In-Reply-To: References: Message-ID: All discussions on merge request !1663 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 5 00:08:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Nov 2022 23:08:30 +0000 Subject: [gnutls-devel] GnuTLS | bug in gnutls_init() (#1414) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1414: https://gitlab.com/gnutls/gnutls/-/issues/1414 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1414 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 5 10:31:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Nov 2022 09:31:29 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Simon Josefsson commented: Ah right, yes 'make indent' and 'make syntax-check' requires a bootstrapped build, and I can see why we want something that works without that. A script 'devel/indent-code'? I'm not familiar with clang-format, how does it interact here? I think we need to standardize on one indentation tool, since different tools are likely to re-format code different, right? Or we could test. I'm aware of GNU indent, Mac OS indent (is it same as some BSD indent?), and then maybe also clang-format? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1161245947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 6 22:43:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Nov 2022 21:43:02 +0000 Subject: [gnutls-devel] GnuTLS | Failed to set TLS options (default:). error: The request is invalid. (#1405) In-Reply-To: References: Message-ID: KENJI AKIHARA commented: I need to resolve this issue by the end of November. It would be greatly appreciated if you could help us to investigate the cause of the problem and solve it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1405#note_1161600777 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 6 22:46:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Nov 2022 21:46:06 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Daiki Ueno commented: > Ah right, yes 'make indent' and 'make syntax-check' requires a bootstrapped build, and I can see why we want something that works without that. A script 'devel/indent-code'? Sounds good to me. An alternative would be to introduce a new CI stage before `bootstrap` to do syntax checks, so even if it still requires bootstrap, subsequent stages are not executed if it fails. > I'm not familiar with clang-format, how does it interact here? Just adding some data points: the Linux kernel has this [guidance](https://www.kernel.org/doc/html/latest/process/clang-format.html) and also provides a [.clang-format](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/.clang-format?id=9d24322e887b6a3d3f9f9c3e76937a646102c8c1) file. NSS (not using the same rule) has this [pre-commit](https://hg.mozilla.org/projects/nss/file/b7e45ee99b4db92e23fcf37806ad3e28a8a13c8a/coreconf/precommit.clang-format.sh). It seems clang-format is much slower than GNU indent: ```console % cd lib % cp .../linux/.clang-format . % time find . -name "*.[ch]" -exec indent -ppi1 -linux {} \; find . -name "*.[ch]" -exec indent -ppi1 -linux {} \; 0.69s user 1.39s system 96% cpu 2.152 total % time find . -name "*.[ch]" -exec clang-format -i {} \; find . -name "*.[ch]" -exec clang-format -i {} \; 12.48s user 7.93s system 98% cpu 20.667 total ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1161601298 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 6 23:41:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Nov 2022 22:41:58 +0000 Subject: [gnutls-devel] GnuTLS | tries to include on MinGW (#1382) In-Reply-To: References: Message-ID: Daiki Ueno commented: I suspect for KTLS, we could simply move the definitions (`gnutls_transport_ktls_enable_flags_t` and `gnutls_transport_is_ktls_enabled`) to ``, as they do not depend on any functionality provided by `` and existing users of them should be already including ``. Cc: @FrantisekKrenzelok? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1382#note_1161616076 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 6 23:50:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Nov 2022 22:50:22 +0000 Subject: [gnutls-devel] GnuTLS | Mention "FIPS 140" instead of "FIPS 140-2" (#1422) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1422 In the documentation and the command line output, there are quite a few references of "FIPS 140-2": ```console $ git grep -i 'FIPS *140-2' | wc -l 102 ``` Now that we are implementing FIPS 140-3 requirements and FIPS 140-2 will be [moved](https://csrc.nist.gov/Projects/fips-140-3-transition-effort) to the historical list in 3+ years, maybe good to simply mention "FIPS 140" (or "FIPS 140-3"). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1422 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 7 02:08:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Nov 2022 01:08:16 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option for certificate compression algorithms (#1423) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1423 Currently, the only means of enabling certificate compression is to call the API (`gnutls_compress_certificate_set_methods`). It might make sense to provide a way to enable it system-wide, through the configuration file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1423 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 7 02:18:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Nov 2022 01:18:31 +0000 Subject: [gnutls-devel] GnuTLS | Make compression library dynamically loadable (#1424) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1424 As the certificate compression functionality is not enabled by default, it might make sense to dynamically load them instead of always linking to them. This is similar to what we do for tpm2-tss, though it should be much simpler as it uses only a couple of functions from each compression library (zlib, libzstd, and libbrotli). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1424 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 7 07:57:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Nov 2022 06:57:27 +0000 Subject: [gnutls-devel] GnuTLS | Failed to set TLS options (default:). error: The request is invalid. (#1405) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm afraid it could be difficult without access to the actual system, but one thing I would suggest is to investigate the decrypted traffic with wireshark, following this [guide](https://wiki.wireshark.org/TLS#tls-decryption). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1405#note_1161809814 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 7 09:22:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Nov 2022 08:22:53 +0000 Subject: [gnutls-devel] GnuTLS | handshake: clear server's session ticket indication at rehandshake (!1663) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Looks good! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663#note_1161900982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 7 09:22:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Nov 2022 08:22:57 +0000 Subject: [gnutls-devel] GnuTLS | handshake: clear server's session ticket indication at rehandshake (!1663) In-Reply-To: References: Message-ID: Merge request !1663 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 Project:Branches: dueno/gnutls:wip/dueno/rehandshake-tickets to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 7 10:01:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Nov 2022 09:01:58 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Simon Josefsson commented: For libidn2 I'm using stages 'quick', 'build' (bootstrap), and 'test' (tarball) that includes 'make syntax-check' which checks indentation -- see output https://gitlab.com/libidn/libidn2/-/pipelines/682199532 -- the 'quick' test is supposed to be one non-parallel work to check as much as possible before starting all the other builds. However my experience with this is that I'm not sure it is worth it -- it adds complexity. I think it is better to not use stages for this -- but instead put all bootstrap-jobs in one stage, which would depend on a single bootstrap-job that does syntax checking. This has the same advantages (saving CPU cycles) with less complexity. I'm working on a generalized CI/CD rule for all projects I'm working on (libidn, libidn2, gsasl, libgssglue, libntlm, libtasn1, shishi, gss, ...) right now and will try that approach for it. I haven't used pre-commit's recently, do they run on the developer's laptop? My experience with those mechanisms is that they are more fragile and harder to maintain than keeping CI/CD operational (which normally is at least rather reproducible and with public logs). And when pre-commit tasks start to consume CPU time, developers are rightly annoyed because it gets in the way of work. The 'make syntax-check' approach is quite nice IMHO, but it does require a ./bootstrap run which is sometimes expensive. Hmm. Gnulib does ship a 'GNUmakefile' which will work without bootstrapping. How about seeing if we can use it do a 'make quick-syntax-check' rule that doesn't require bootstrapping? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1161957218 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 10:17:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 09:17:52 +0000 Subject: [gnutls-devel] guile-gnutls | Publish guile-gnutls manual (#7) References: Message-ID: Simon Josefsson created an issue: https://gitlab.com/gnutls/guile/-/issues/7 The guile-gnutls manual generated via core GnuTLS is available here: https://gnutls.org/manual/gnutls-guile.html However it is not going to be updated since guile-gnutls was separated, and should probably be removed (or redirected) once this issue is closed. I think it would be nice to have a new host for guile-gnutls manual so it is available online with a stable URL. One simple solution would be to setup GitLab CI 'pages' rule to build the manual and publish it automatically. If we use gnulib (see issue #1) we get some nice rules for these for free. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/7 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 12:07:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 11:07:35 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: > Preferably shortly after the 3.8.0 release, I would suggest. Why after and not before? I'm afraid it'll greatly hinder backporting for years to come... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1165534630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:17:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:17:10 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:17:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:17:14 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Changes behavior of fipshmac and selftest to always work with realpaths. This should avoid errors when cross-compiling. Closes #1373 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:17:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:17:10 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Reassigned merge request 1666 https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:18:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:18:01 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Reviewer changed from Daiki Ueno to Daiki Ueno and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:34:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:34:24 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1165972171 > ret = 0; > cleanup: > + gnutls_free(real_path); nit: we should use `free` instead of `gnutls_free` (these days they are the same, but `gnutls_free` should only be used on memory areas that are allocated with `gnutls_malloc` etc.) -- Daiki Ueno started a new discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1165972177 > > - ret = snprintf(path, path_size, "%s", info.dli_fname); > + real_path = realpath(info.dli_fname, NULL); nit: using `canonicalize_file_name` might be slightly more readable (as we can omit the second argument) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:34:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:34:24 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Merge request !1666 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: Daiki Ueno and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:34:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:34:24 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1165972187 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:41:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:41:58 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1165985107 > goto cleanup; > } > > - ret = snprintf(path, path_size, "%s", info.dli_fname); > + real_path = realpath(info.dli_fname, NULL); Havent noticed that function, nice! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1165985107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:42:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:42:21 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1165985668 > > ret = 0; > cleanup: > + gnutls_free(real_path); Alright, makes sense. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1165985668 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 16:42:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 15:42:25 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: All discussions on merge request !1666 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 9 17:12:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Nov 2022 16:12:52 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1166063699 > + if (real_path == NULL) { > + ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR); > + goto cleanup; isn't that a `free(NULL)`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 12:01:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 11:01:20 +0000 Subject: [gnutls-devel] guile-gnutls | Publish guile-gnutls manual (#7) In-Reply-To: References: Message-ID: Issue was closed by Simon Josefsson via commit 6d670625c12b710271a526ea1d100e1446bd23fd Issue #7: https://gitlab.com/gnutls/guile/-/issues/7 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/7 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 12:01:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 11:01:25 +0000 Subject: [gnutls-devel] guile-gnutls | Use gnulib? (#1) In-Reply-To: References: Message-ID: Issue was closed by Simon Josefsson via commit a7da26cb560051a91f0793e69ea07dc7a525e592 Issue #1: https://gitlab.com/gnutls/guile/-/issues/1 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/1 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 12:03:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 11:03:53 +0000 Subject: [gnutls-devel] guile-gnutls | Indent code (#5) In-Reply-To: References: Message-ID: Simon Josefsson commented: C code is now indented -- however, I don't know of any tool to indent Guile code, so leaving this open for future considerations. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/5#note_1167217489 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 14:39:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 13:39:17 +0000 Subject: [gnutls-devel] GnuTLS | Draft: DTLS1_3-client (!1667) In-Reply-To: References: Message-ID: Reassigned merge request 1667 https://gitlab.com/gnutls/gnutls/-/merge_requests/1667 Assignee changed to Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1667 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 14:39:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 13:39:19 +0000 Subject: [gnutls-devel] GnuTLS | Draft: DTLS1_3-client (!1667) References: Message-ID: Franti?ek Kren?elok created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1667 Project:Branches: FrantisekKrenzelok/gnutls:wip/dtls13 to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok DTLS 1.3 client implementaion [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022, ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1667 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 17:54:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 16:54:39 +0000 Subject: [gnutls-devel] guile-gnutls | cicd: Fix AlmaLinux. Fixes: #2. (!1) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/1 Branches: jas/fix-almalinux to master Author: Simon Josefsson It seems guile-snarf doesn't exist on AlmaLinux9 so drop it and use AlmaLinux8 instead. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/1 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 17:56:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 16:56:44 +0000 Subject: [gnutls-devel] guile-gnutls | Build failure on AlmaLinux (#2) In-Reply-To: References: Message-ID: Issue was closed by Simon Josefsson via commit 66065311ac6656019c9722ee4ff8bdbc8802b840 Issue #2: https://gitlab.com/gnutls/guile/-/issues/2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 17:56:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 16:56:44 +0000 Subject: [gnutls-devel] guile-gnutls | cicd: Fix AlmaLinux. Fixes: #2. (!1) In-Reply-To: References: Message-ID: Merge request !1 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/1 Branches: jas/fix-almalinux to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/1 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:02:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:02:38 +0000 Subject: [gnutls-devel] guile-gnutls | cicd: Use default instead of extends: .test. Mark as interruptible. (!2) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/2 Branches: jas/cicd-default to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:03:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:03:40 +0000 Subject: [gnutls-devel] guile-gnutls | cicd: Use default instead of extends: .test. Mark as interruptible. (!2) In-Reply-To: References: Message-ID: Merge request !2 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/2 Branches: jas/cicd-default to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:05:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:05:20 +0000 Subject: [gnutls-devel] guile-gnutls | cicd: Drop centos7, it has too old GnuTLS. Fixes: #3. (!3) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/3 Branches: jas/drop-centos7 to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:07:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:07:59 +0000 Subject: [gnutls-devel] guile-gnutls | cicd: Drop centos7, it has too old GnuTLS. Fixes: #3. (!3) In-Reply-To: References: Message-ID: Merge request !3 was scheduled to merge after pipeline succeeds by Simon Josefsson Merge request url: https://gitlab.com/gnutls/guile/-/merge_requests/3 Branches: jas/drop-centos7 to master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:08:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:08:38 +0000 Subject: [gnutls-devel] guile-gnutls | Centos7 build failures (#3) In-Reply-To: References: Message-ID: Issue was closed by Simon Josefsson via commit cc42df927cb734d9a70386431d0059dda32936d3 Issue #3: https://gitlab.com/gnutls/guile/-/issues/3 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:08:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:08:38 +0000 Subject: [gnutls-devel] guile-gnutls | Centos7 build failures (#3) In-Reply-To: References: Message-ID: Issue was closed by Simon Josefsson via merge request !3 (https://gitlab.com/gnutls/guile/-/merge_requests/3) Issue #3: https://gitlab.com/gnutls/guile/-/issues/3 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:08:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:08:38 +0000 Subject: [gnutls-devel] guile-gnutls | cicd: Drop centos7, it has too old GnuTLS. Fixes: #3. (!3) In-Reply-To: References: Message-ID: Merge request !3 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/3 Branches: jas/drop-centos7 to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:29:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:29:45 +0000 Subject: [gnutls-devel] guile-gnutls | Use gnulib's git-version-gen. (!4) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/4 Branches: jas/use-git-version-gen to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:29:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:29:51 +0000 Subject: [gnutls-devel] guile-gnutls | Use gnulib's git-version-gen. (!4) In-Reply-To: References: Message-ID: Merge request !4 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/4 Branches: jas/use-git-version-gen to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 18:33:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 17:33:24 +0000 Subject: [gnutls-devel] guile-gnutls | warning: AM_V_GUILEC_$(V: non-POSIX recursive variable expansion (#8) References: Message-ID: Simon Josefsson created an issue: https://gitlab.com/gnutls/guile/-/issues/8 Fix these automake warnings. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 19:09:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 18:09:38 +0000 Subject: [gnutls-devel] guile-gnutls | New release: 3.7.10 - v3.7.10 Message-ID: A new Release v3.7.10 for guile-gnutls was published. Visit the Releases page to read more about it: https://gitlab.com/gnutls/guile/-/releases Assets: - Download zip: https://gitlab.com/gnutls/guile/-/archive/v3.7.10/guile-v3.7.10.zip - Download tar.gz: https://gitlab.com/gnutls/guile/-/archive/v3.7.10/guile-v3.7.10.tar.gz - Download tar.bz2: https://gitlab.com/gnutls/guile/-/archive/v3.7.10/guile-v3.7.10.tar.bz2 - Download tar: https://gitlab.com/gnutls/guile/-/archive/v3.7.10/guile-v3.7.10.tar Release notes: https://gitlab.com/gnutls/guile/-/blob/v3.7.10/NEWS [guile-gnutls-3.7.10.tar.gz](/uploads/2cd9acdf9944191c55048a3b0116f5cf/guile-gnutls-3.7.10.tar.gz) [guile-gnutls-3.7.10.tar.gz.sig](/uploads/8eab68830f9064ba6e98bc22bd2ad719/guile-gnutls-3.7.10.tar.gz.sig) -- View it on GitLab: https://gitlab.com/gnutls/guile/-/releases You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 10 19:23:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Nov 2022 18:23:21 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Simon Josefsson commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1167960916 Good point -- and my justification for doing it just after a release is not solid: with public git repositories, it is easy for anyone to check that indent didn't change anything substantial. In the olden days, you would diff tarballs, and separating indent-changes from real changes is difficult so usually you do a "indent only" release for auditability: do the 3.8.0 and then quickly a 3.8.1 indent-only release. I don't hear any substantial disagreement here -- except to my idea of basing this on 'make indent' that requires new Gnulib. So a merge request for this is probably the next step to get more review... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1167960916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 14 03:09:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Nov 2022 02:09:03 +0000 Subject: [gnutls-devel] GnuTLS | fipshmac: pathname checking should resolve realpath of libraries (#1426) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1426 With the following `.gnutls.hmac` file: ``` [global] format-version = 1 [libgnutls.so.30] path = /lib64/libgnutls.so.30 hmac = b94b08e69e16fe9822fce3f548ada7bff35cb501be1d29fe359df8152920897a [libnettle.so.8] path = /lib64/libnettle.so.8 hmac = 91d1e4123f06097a7ba0457425b16f5dbc63e8b4367ec6f34478a6581926f160 [libhogweed.so.6] path = /lib64/libhogweed.so.6 hmac = 982e7cd42272a96080afc180dd7655d097051e1292cac8caee8f125a2988e61c [libgmp.so.10] path = /lib64/libgmp.so.10 hmac = c7850b25b26e8fd2a26722e6aaabfcf74327044a9fe59ebc66707741a2bb8e82 ``` and `/lib64` is actually a symlink to `/usr/lib64`, the FIPS library integrity check may fail with certain LD_LIBRARY_PATH setting: ```console $ LD_LIBRARY_PATH=/usr/lib64 GNUTLS_FORCE_FIPS_MODE=1 gnutls-cli-debug Error in GnuTLS initialization: Error while performing self checks. global state initialization error ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 14 03:09:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Nov 2022 02:09:58 +0000 Subject: [gnutls-devel] GnuTLS | Fipshmac: always use realpaths (!1666) In-Reply-To: References: Message-ID: Daiki Ueno commented: > Closes #1373 This MR actually doesn't resolve #1373. I've create a separate issue (#1426) and linked to it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666#note_1170198306 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 14 04:22:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Nov 2022 03:22:03 +0000 Subject: [gnutls-devel] GnuTLS | Failed to set TLS options (default:). error: The request is invalid. (#1405) In-Reply-To: References: Message-ID: KENJI AKIHARA commented: I got a captcha with Wireshark. As a result, only FIN/ACK was returned for Client Hello. (Server Hello is not returned from gnutls) It would be helpful if you could give me advice on how to determine the problem, such as how to get a debug of gnutls. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1405#note_1170225782 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 14 06:19:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Nov 2022 05:19:38 +0000 Subject: [gnutls-devel] GnuTLS | Failed to set TLS options (default:). error: The request is invalid. (#1405) In-Reply-To: References: Message-ID: Daiki Ueno commented: Since GnuTLS is only used in the server side (Squid), you would need to enable debugging on the server. Perhaps you could run a Squid instance in [foreground](https://scubarda.com/2020/03/23/configure-squid-proxy-for-ssl-tls-inspection-https-interception/) with GnuTLS debug [option](https://www.gnutls.org/manual/html_node/Debugging-and-auditing.html#Debugging-and-auditing) enabled? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1405#note_1170279989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 15 12:55:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Nov 2022 11:55:27 +0000 Subject: [gnutls-devel] GnuTLS | parallel make check fails in serv-udp.sh (#1427) References: Message-ID: AndyRTR created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1427 ## Description of problem: Parallel running make -jX check fails at least since version 3.7.6 and is still present in the last release where we needed to add -j1 to pass all tests. ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Arch Linux FAIL: serv-udp ============== Checking whether UDP server works reserved port 35291 *** Fatal error: Error in the push function. Could not connect to 127.0.0.1:35291: Connection refused Failure: 1. handshake should have succeeded! unreserved port 35291 FAIL serv-udp.sh (exit status: 1) My guess would be to claim 0da805e6d3b2b148f9689b3229ddbbf3f4cedb88 changing the build process. Attaching test logs of a parallel make check run:[test-suite.log](/uploads/19af6c17f1555659443e0973be5a9918/test-suite.log)[serv-udp.log](/uploads/9c0b2c05face7eb768a4916b548f6cd4/serv-udp.log) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1427 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 15 13:01:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Nov 2022 12:01:21 +0000 Subject: [gnutls-devel] GnuTLS | Server initiated TLS 1.2 rehandshake fails due to session tickets (#1421) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1663 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1663) Issue #1421: https://gitlab.com/gnutls/gnutls/-/issues/1421 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1421 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 15 13:01:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Nov 2022 12:01:21 +0000 Subject: [gnutls-devel] GnuTLS | handshake: clear server's session ticket indication at rehandshake (!1663) In-Reply-To: References: Message-ID: Merge request !1663 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 Project:Branches: dueno/gnutls:wip/dueno/rehandshake-tickets to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 15 15:37:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Nov 2022 14:37:39 +0000 Subject: [gnutls-devel] GnuTLS | Adjust FIPS integrity check (!1666) In-Reply-To: References: Message-ID: Merge request !1666 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: Daiki Ueno and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 15 16:02:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Nov 2022 15:02:02 +0000 Subject: [gnutls-devel] GnuTLS | Adjust FIPS integrity check (!1666) In-Reply-To: References: Message-ID: Merge request !1666 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: Daiki Ueno and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 15 17:06:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Nov 2022 16:06:17 +0000 Subject: [gnutls-devel] GnuTLS | Adjust FIPS integrity check (!1666) In-Reply-To: References: Message-ID: Merge request !1666 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: Daiki Ueno and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 15 17:06:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Nov 2022 16:06:17 +0000 Subject: [gnutls-devel] GnuTLS | fipshmac: pathname checking should resolve realpath of libraries (#1426) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1666 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1666) Issue #1426: https://gitlab.com/gnutls/gnutls/-/issues/1426 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 15 18:57:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Nov 2022 17:57:34 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Rui Ribeiro commented: Bug still present in the newly released Fedora 37 today
... On Wed, 24 Aug 2022 at 14:37, Daiki Ueno (@dueno) wrote: > Issue was closed by Daiki Ueno via merge request !1631 > > > ? > Reply to this email directly or view it on GitLab > . > You're receiving this email because of your account on gitlab.com. > Unsubscribe > > from this thread ? Manage all notifications > ? Help > > -- Regards, -- Rui Ribeiro https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
-- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1173013887 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 16 02:08:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Nov 2022 01:08:14 +0000 Subject: [gnutls-devel] GnuTLS | tests: More SIGPIPE treatment as error (!1668) References: Message-ID: Samuel Thibault created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668 Project:Branches: sthibaul/gnutls:SIGPIPE to gnutls/gnutls:master Author: Samuel Thibault 81f8d97b3486 ("tests: treat all signals as error") turned some SIGPIPE signals to EPIPE, but missed tests/mini-dtls-mtu.c. During gnutls_bye(session, GNUTLS_SHUT_WR), on Linux we get client|<11>| WRITE: enqueued 39 bytes for 0x3. Total 39 bytes. client|<11>| WRITE FLUSH: 39 bytes in buffer. client|<2>| WRITE: -1 returned from 0x3, errno: 111 (ECONNREFUSED) but on GNU/Hurd a SIGPIPE is sent instead of returning of ECONNREFUSED. We thus need to turn it into an error to correctly interpret the test result. This happens to be the only gnutls28 testsuite failure on GNU/Hurd. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [N/A] Test suite updated with functionality tests * [N/A] Test suite updated with negative tests * [X] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 16 02:35:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Nov 2022 01:35:56 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1173462298 Could you be more specific about gnutls package version? My guess is that, while the fix (!1631) is included in 3.7.8, the Fedora 37 release compose only includes 3.7.7 (see `f37` tag on the [3.7.7](https://koji.fedoraproject.org/koji/buildinfo?buildID=2039284) build). If that is the case, I would suggest upgrading to 3.7.8 package using `dnf update`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1173462298 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 16 02:37:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Nov 2022 01:37:59 +0000 Subject: [gnutls-devel] GnuTLS | tests: More SIGPIPE treatment as error (!1668) In-Reply-To: References: Message-ID: Merge request !1668 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668 Project:Branches: sthibaul/gnutls:SIGPIPE to gnutls/gnutls:master Author: Samuel Thibault Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 16 02:38:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Nov 2022 01:38:11 +0000 Subject: [gnutls-devel] GnuTLS | tests: More SIGPIPE treatment as error (!1668) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668#note_1173463039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 16 02:38:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Nov 2022 01:38:14 +0000 Subject: [gnutls-devel] GnuTLS | tests: More SIGPIPE treatment as error (!1668) In-Reply-To: References: Message-ID: Merge request !1668 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668 Project:Branches: sthibaul/gnutls:SIGPIPE to gnutls/gnutls:master Author: Samuel Thibault Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 16 08:23:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Nov 2022 07:23:03 +0000 Subject: [gnutls-devel] GnuTLS | x86(_64): CPU feature detection broken (#1282) In-Reply-To: References: Message-ID: Rui Ribeiro commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1173801115 It is not coming in the default media, a dnf update did the trick updating it to 3.7.8, thanks.
... On Wed, 16 Nov 2022 at 01:35, Daiki Ueno (@dueno) wrote: > Daiki Ueno commented on a discussion > : > > Could you be more specific about gnutls package version? My guess is that, > while the fix (!1631 (merged) > ) is included in > 3.7.8, the Fedora 37 release compose only includes 3.7.7 (see f37 tag on > the 3.7.7 > build). If that is the case, I would suggest upgrading to 3.7.8 package > using dnf update. > > ? > Reply to this email directly or view it on GitLab > . > You're receiving this email because of your account on gitlab.com. > Unsubscribe > > from this thread ? Manage all notifications > ? Help > > -- Regards, -- Rui Ribeiro https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
-- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1282#note_1173801115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 16 16:01:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Nov 2022 15:01:15 +0000 Subject: [gnutls-devel] GnuTLS | nettle: mark non-compliant RSA-PSS salt length to be not-approved (!1669) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1669 Project:Branches: dueno/gnutls:wip/dueno/rsa-pss-saltlen to gnutls/gnutls:master Author: Daiki Ueno According to FIPS 186-5 5.4, the salt length must be in the range between 0 and the hash length inclusive. While the use of those salt lengths is still allowed for compatibility, it is reported as non-approved operation through FIPS service indicator. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1669 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 16 19:01:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Nov 2022 18:01:36 +0000 Subject: [gnutls-devel] GnuTLS | tests: More SIGPIPE treatment as error (!1668) In-Reply-To: References: Message-ID: Merge request !1668 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668 Project:Branches: sthibaul/gnutls:SIGPIPE to gnutls/gnutls:master Author: Samuel Thibault -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1668 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 21 17:45:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Nov 2022 16:45:05 +0000 Subject: [gnutls-devel] GnuTLS | nettle: mark non-compliant RSA-PSS salt length to be not-approved (!1669) In-Reply-To: References: Message-ID: Merge request !1669 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1669 Project:Branches: dueno/gnutls:wip/dueno/rsa-pss-saltlen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1669 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 22 00:58:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Nov 2022 23:58:22 +0000 Subject: [gnutls-devel] GnuTLS | nettle: mark non-compliant RSA-PSS salt length to be not-approved (!1669) In-Reply-To: References: Message-ID: Merge request !1669 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1669 Project:Branches: dueno/gnutls:wip/dueno/rsa-pss-saltlen to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1669 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 22 00:58:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Nov 2022 23:58:32 +0000 Subject: [gnutls-devel] GnuTLS | nettle: mark non-compliant RSA-PSS salt length to be not-approved (!1669) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1669#note_1180530134 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 22 05:41:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Nov 2022 04:41:20 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Daiki Ueno commented: @jas I think this MR is ready; I managed to fix the CI failures in sanitizer jobs by removing `-fanalyzer`. Could you take a look? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1180682023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 22 05:41:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Nov 2022 04:41:33 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Reviewer changed to Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 22 14:57:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Nov 2022 13:57:23 +0000 Subject: [gnutls-devel] GnuTLS | get credential type with key exchange algotithm, no break when get it (#1428) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1428 in file lib/algorithms/kx.c function _gnutls_map_kx_get_cred use GNUTLS_KX_MAP_LOOP to get credential type, but no break. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1428 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 22 16:13:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Nov 2022 15:13:44 +0000 Subject: [gnutls-devel] GnuTLS | get credential type with key exchange algotithm, no break when get it (#1428) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the report; seems like a valid point. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1428#note_1181603537 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 22 16:14:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Nov 2022 15:14:00 +0000 Subject: [gnutls-devel] GnuTLS | get credential type with key exchange algotithm, no break when get it (#1428) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1428#note_1181604421 ??????????????????? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1428#note_1181604421 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 22 23:04:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Nov 2022 22:04:36 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Nikolaos Chatzikonstantinou commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1182109982 @dueno any update on this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1182109982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 23 03:35:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Nov 2022 02:35:40 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing #1428 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 23 07:36:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Nov 2022 06:36:42 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) In-Reply-To: References: Message-ID: Merge request !1670 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 23 07:36:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Nov 2022 06:36:58 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1182421329 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 23 14:41:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Nov 2022 13:41:12 +0000 Subject: [gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429) References: Message-ID: Hao Yu created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1429 ## Description of problem: When GnuTLS client negotiate with TLS 1.3, sent early data(0-RTT) and received HRR, 2nd ClientHello does not match RFC 8446. - 2nd ClientHello MUST not be encrypted, it MUST be plaintext. - 2nd ClientHello MUST not include early data extension (RFC8446 section 4.2.10) https://github.com/Mbed-TLS/mbedtls/pull/6485#issuecomment-1319707786 shows the detail information. ## Version of gnutls used: 3.7.2 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: https://github.com/Mbed-TLS/mbedtls/pull/6485#issuecomment-1319707786 shows the server and client command. And the mbedtls test code is https://github.com/yuhaoth/mbedtls1.3/tree/pr/tls13-gnutls-2nd-ClientHello-bug. 1. Put gnutls-cli in your PATH 2. Get mbedtls from above link 3. in mbedtls root run `scripts/config.py full && make clean && make -j20 CLFAGS="-g -Werror" && ./tests/ssl-opt.sh -f "TLS 1.3 G->m: EarlyData: HRR check, enabled. good"` tests/o-srv-1.log is mbedtls server tests/o-cli-1.log is gnutls-cli output. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 07:11:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 06:11:28 +0000 Subject: [gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the report with the reproducer. I've tried it, but it seems the test is skipped: ```console $ ./tests/ssl-opt.sh -f "TLS 1.3 G->m: EarlyData: HRR check, enabled. good" TLS 1.3 G->m: EarlyData: HRR check, enabled. good. ..................... SKIP ------------------------------------------------------------------------ PASSED (1 / 1 tests (1 skipped)) ``` Do you have any idea? Anyway I think I was able to reproduce it partially with gnutls-serv/gnutls-cli: ```console $ gnutls-serv --x509certfile=doc/credentials/x509/cert-rsa-pss.pem --x509keyfile=doc/credentials/x509/key-rsa-pss.pem --earlydata --priority=NORMAL:-GROUP-ALL:+GROUP-X448 & $ echo aaa > earlydata.txt $ SSLKEYLOGFILE=$PWD/keylog.txt gnutls-cli --x509cafile=doc/credentials/x509/ca.pem -p 5556 localhost --inline-commands --earlydata=earlydata.txt ... ^resume^ ``` It seems even gnutls-serv itself cannot handle the mis-crafted ClientHello. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1185362594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 08:21:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 07:21:26 +0000 Subject: [gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429) In-Reply-To: References: Message-ID: Hao Yu commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1185406712 `export GNUTLS_NEXT_CLI=gnutls-cli` Sorry, I forget that. To run the script need GNUTLS_NEXT_CLI. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1185406712 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 10:24:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 09:24:11 +0000 Subject: [gnutls-devel] GnuTLS | gnutlsxx: become header-only library (!1622) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1185532049 Sorry, I thought that you were still working on that change (as the CI has some error). Yes, I agree that it would be nice header-only is default. Regarding this [commit](https://gitlab.com/gnutls/gnutls/-/merge_requests/1622/diffs?commit_id=fd907d08893db6e0fa9bd968296f6dbc2b96e192), I would suggest adding stubs only for public symbols. For that, it might be easier to organize the change like: ```c #ifdef ENABLE_SRP void gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t cred, gnutls_srp_client_credentials_function * func) { /* proper implementation of this API function */ } const char *gnutls_srp_server_get_username(gnutls_session_t session) { /* proper implementation of this API function */ } ... #else void gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t cred, gnutls_srp_client_credentials_function * func) { /* stub, do nothing */ } const char *gnutls_srp_server_get_username(gnutls_session_t session) { /* stub, do nothing but returning NULL */ } ... #endif -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1622#note_1185532049 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 15:07:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 14:07:02 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Reviewer changed from Simon Josefsson to Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 15:14:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 14:14:41 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186052414 > COMPILER: clang > NETTLE_DIR: nettle > + allow_failure: true why? -- Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186052423 > - export CXXFLAGS="$CFLAGS" > - dash ./configure --cache-file $CCACHE_FILE --disable-doc --with-pkcs12-iter-count=10000 > + - sed -i 's/-fanalyzer//g' lib/Makefile why, is there some incompatibility? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 15:38:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 14:38:48 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186088111 > variables: > COMPILER: clang > NETTLE_DIR: nettle > + allow_failure: true My question as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186088111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 15:41:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 14:41:13 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Overall looks good. Everything made sense to me except allowing failures in fedora-nettle tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186090902 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 23:42:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 22:42:45 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186520657 > - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope" > - export CXXFLAGS="$CFLAGS" > - dash ./configure --cache-file $CCACHE_FILE --disable-doc --with-pkcs12-iter-count=10000 > + - sed -i 's/-fanalyzer//g' lib/Makefile >From the commit log of https://gitlab.com/gnutls/gnutls/-/merge_requests/1509/diffs?commit_id=c9e25c8543a84d58c9752e5b82d7e91fa6c6b61b: > It turned out that -fanalyzer combined with -fsanitize=undefined takes excessive time when compiling certain files, e.g., lib/priority.c. Removing -fanalyzer should be safe as it is enabled in other Fedora-based jobs. In practice it would take longer than 3h for just compiling that single file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186520657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 25 23:46:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Nov 2022 22:46:43 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186521837 > variables: > COMPILER: clang > NETTLE_DIR: nettle > + allow_failure: true No idea about the root cause, but fedora-nettle* jobs now fails consistently (retrying doesn't help). In any case, as written in the commit log of https://gitlab.com/gnutls/gnutls/-/merge_requests/1509/diffs?commit_id=9f0a079625a94cfc52ab56a4b9d704d77e3e5445: > As fedora-nettle jobs have external dependency on the master branch of Nettle, we shouldn't make it a hard requirement but could manually inspect the results. It might not be sensible to expect that GnuTLS works with unreleased Nettle versions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186521837 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 07:23:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 06:23:06 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in cli.c, screenshot shows details (#1430) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1430 ![image](/uploads/e586d443d97dbb9eee8c69545b7c9ee0/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 07:26:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 06:26:28 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in cli.c, it occurs when call print_cert_info in cert_verify_callback. screenshot show the details (#1431) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1431 ![image](/uploads/8295ce60cc28a683899f730084de1079/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1431 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 07:28:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 06:28:32 +0000 Subject: [gnutls-devel] GnuTLS | stack buffer overflow in tests/slow/cipher-api-test.c (#1432) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1432 ![image](/uploads/0b855cd3a9b2583ec91ec13149965c21/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1432 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 07:29:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 06:29:37 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in tests/resume-with-previous-stek.c (#1433) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1433 ![image](/uploads/8a37d475f2625198507cc4c5779c9580/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1433 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 12:39:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 11:39:25 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in cli.c, screenshot shows details (#1430) In-Reply-To: References: Message-ID: Daiki Ueno commented: Yes, we should deinit `pk_cert` with `gnutls_pcert_deinit` as documented. Thanks for the report. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1430#note_1186705022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 12:40:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 11:40:36 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in cli.c, it occurs when call print_cert_info in cert_verify_callback. screenshot show the details (#1431) In-Reply-To: References: Message-ID: Daiki Ueno commented: I think this should be fixed along with #1430. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1431#note_1186705167 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 12:43:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 11:43:39 +0000 Subject: [gnutls-devel] GnuTLS | stack buffer overflow in tests/slow/cipher-api-test.c (#1432) In-Reply-To: References: Message-ID: Daiki Ueno commented: This is not a bug; the test intentionally exercise wrong API usage. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1432#note_1186705565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 12:43:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 11:43:42 +0000 Subject: [gnutls-devel] GnuTLS | stack buffer overflow in tests/slow/cipher-api-test.c (#1432) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1432: https://gitlab.com/gnutls/gnutls/-/issues/1432 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1432 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 12:45:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 11:45:06 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in tests/resume-with-previous-stek.c (#1433) In-Reply-To: References: Message-ID: Daiki Ueno commented: Yes, we should release the session data with gnutls_free in this test. Thanks for the report. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1433#note_1186705754 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 12:45:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 11:45:35 +0000 Subject: [gnutls-devel] GnuTLS | memory leak in cli.c, it occurs when call print_cert_info in cert_verify_callback. screenshot show the details (#1431) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1431: https://gitlab.com/gnutls/gnutls/-/issues/1431 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1431 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 13:54:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 12:54:04 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Merge request !1509 was approved by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 Project:Branches: dueno/gnutls:wip/dueno/gnulib to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 13:56:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 12:56:13 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Simon Josefsson commented: I looked through all commits, and it looks good (assuming pipeline succeeds). This brings up gnulib to a more modern version, enabling a bunch of other improvements I had in mind. So +1 from me! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1186718260 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 20:51:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 19:51:57 +0000 Subject: [gnutls-devel] GnuTLS | Indent code. (!1671) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671 Project:Branches: jas/gnutls:jas/indent to gnutls/gnutls:master Author: Simon Josefsson This indents all code using 'indent -ppi1 -linux' and sets up CI/CD check to catch regressions, fixing #1419. I believe it is ready for review and ultimately merge. What do you think? The only surprising part was the fix to silence 'make syntax-check' (which is run during CI/CD before this merge request): I have no idea why that didn't trigger before since clearly lib/cert-cred.c contains user-translatable strings. Even though it is unrelated to code indentation, I hope it is acceptable to fix that problem through this merge request. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1671 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 26 21:06:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Nov 2022 20:06:44 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Simon Josefsson commented: I have created a merge request for this now. It indents all code, and sets up CI/CD to check for regressions. If we need to add special exceptions, that is possible inline through /* INDENT-OFF */ or, if different indent parameters are needed for some files, by modifying devel/indent-gnutls. I'm not sure if we need any exceptions? I don't know how to setup pre-commit hooks, or if that is really something we want at this point. Thoughts? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1186783421 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 27 12:44:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Nov 2022 11:44:38 +0000 Subject: [gnutls-devel] libtasn1 | coding.c: fix undefined behavior with pointer arithmetics (!63) In-Reply-To: References: Message-ID: Simon Josefsson commented: Hi. I am looking at this, but I can't reproduce any ubsan issue here -- can you check with latest version? I tried on PureOS 10: ``` ./configure CC=clang-11 CFLAGS="-O2 -fsanitize=undefined" ``` but all checks pass. We also do ubsan in CI/CD, but it seems with gcc. Before changing anything, I'd like to understand what is wrong. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/63#note_1186896272 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 27 12:46:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Nov 2022 11:46:04 +0000 Subject: [gnutls-devel] libtasn1 | fix memleaks in asn1_array2tree, free the unused child (!62) In-Reply-To: References: Message-ID: Simon Josefsson commented: Thank you. How can I reproduce the memory leak? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/62#note_1186896475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 27 12:47:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Nov 2022 11:47:39 +0000 Subject: [gnutls-devel] libtasn1 | fix memleaks in asn1_array2tree, free the unused child (!62) In-Reply-To: References: Message-ID: Simon Josefsson commented: Is this #26 perhaps? It would be nice to reproduce or at least understand more in detail what the problem is. Perhaps best to followup in that issue instead of here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/62#note_1186896687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 27 12:57:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Nov 2022 11:57:35 +0000 Subject: [gnutls-devel] libtasn1 | coding.c: fix undefined behavior with pointer arithmetics (!63) In-Reply-To: References: Message-ID: Simon Josefsson commented: I believe we already fixed these in #30 so I am closing this, please re-open if still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/63#note_1186898130 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 27 12:57:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Nov 2022 11:57:36 +0000 Subject: [gnutls-devel] libtasn1 | coding.c: fix undefined behavior with pointer arithmetics (!63) In-Reply-To: References: Message-ID: Merge request !63 was closed by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/63 Project:Branches: alexander-us/libtasn1:clang_10_ptr_arith_ub to gnutls/libtasn1:master Author: Alexander Us Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/63 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 27 14:24:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Nov 2022 13:24:39 +0000 Subject: [gnutls-devel] libtasn1 | memory leaks in asn1_array2tree (#26) In-Reply-To: References: Message-ID: Simon Josefsson commented: How do I reproduce the leak errors you got? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/26#note_1186911859 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 00:01:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Nov 2022 23:01:30 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1187012806 > variables: > COMPILER: clang > NETTLE_DIR: nettle > + allow_failure: true Instead of `allow_failure`, I added `--disable-full-test-suite` to those fedora-nettle tests. While that might slightly decrease the coverage, TLS interop tests are mostly out of scope of Nettle integration. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1187012806 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 03:07:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 02:07:39 +0000 Subject: [gnutls-devel] GnuTLS | fix obtain credential type based on the key exchange type fail (!1670) In-Reply-To: References: Message-ID: Daiki Ueno commented: @xuraoqing would it be possible to resolve the CI error? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1670#note_1187065657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 04:00:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 03:00:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leaks in tools and tests (!1672) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1672 Project:Branches: dueno/gnutls:wip/dueno/memleak-fixes to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1430 Fixes: #1433 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1672 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 04:07:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 03:07:51 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1434 The kernel has support for a couple of other ciphersuites than the ones GnuTLS supports: - TLS_AES_128_CCM_SHA256 - TLS_CHACHA20_POLY1305_SHA256 - TLS_SM4_GCM_SM3 - TLS_SM4_CCM_SM3 - TLS_*_ARIA_128_GCM_SHA256 - TLS_*_ARIA_256_GCM_SHA384 It would be nice to add support for those. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 04:20:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 03:20:56 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes on KTLS (!1673) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1673 Project:Branches: dueno/gnutls:wip/dueno/ktls-fixes2 to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1382 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1673 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 09:04:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 08:04:48 +0000 Subject: [gnutls-devel] GnuTLS | Failed to set TLS options (default:). error: The request is invalid. (#1405) In-Reply-To: References: Message-ID: KENJI AKIHARA commented: I got debug and TLS1.x support is no. I think this is a problem, can you give me some advice on how to fix it? ------------------------------------------------------------------------- root:/tmp/squid_vup# /opt/freeware/bin/gnutls-cli-debug -p 38443 localhost Warning: getservbyport(38443) failed. Using port number as service. GnuTLS debug client 3.7.2 Checking localhost:38443 whether the server accepts default record size (512 bytes)... no whether %ALLOW_SMALL_RECORDS is required... no whether we need to disable TLS 1.2... yes whether we need to disable TLS 1.1... yes whether we need to disable TLS 1.0... yes for TLS 1.0 (RFC2246) support... no for TLS 1.0 (RFC2246) support with TLS 1.0 record version... no for TLS 1.1 (RFC4346) support... no fallback from TLS 1.1 to... failed for TLS 1.2 (RFC5246) support... no for TLS 1.3 (RFC8446) support... no for known TLS or SSL protocols support... no root:/tmp/squid_vup# -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1405#note_1187313499 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 09:05:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 08:05:20 +0000 Subject: [gnutls-devel] GnuTLS | Failed to set TLS options (default:). error: The request is invalid. (#1405) In-Reply-To: References: Message-ID: KENJI AKIHARA commented: I got debug and TLS1.x support is no. I think this is a problem, can you give me some advice on how to fix it? root:/tmp/squid_vup# /opt/freeware/bin/gnutls-cli-debug -p 38443 localhost Warning: getservbyport(38443) failed. Using port number as service. GnuTLS debug client 3.7.2 Checking localhost:38443 whether the server accepts default record size (512 bytes)... no whether %ALLOW_SMALL_RECORDS is required... no whether we need to disable TLS 1.2... yes whether we need to disable TLS 1.1... yes whether we need to disable TLS 1.0... yes for TLS 1.0 (RFC2246) support... no for TLS 1.0 (RFC2246) support with TLS 1.0 record version... no for TLS 1.1 (RFC4346) support... no fallback from TLS 1.1 to... failed for TLS 1.2 (RFC5246) support... no for TLS 1.3 (RFC8446) support... no for known TLS or SSL protocols support... no root:/tmp/squid_vup# -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1405#note_1187314086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 09:07:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 08:07:51 +0000 Subject: [gnutls-devel] GnuTLS | Failed to set TLS options (default:). error: The request is invalid. (#1405) In-Reply-To: References: Message-ID: KENJI AKIHARA commented: I got debug and TLS1.x support is no. I think this is a problem, can you give me some advice on how to fix it? root:/tmp/squid_vup# /opt/freeware/bin/gnutls-cli-debug -p 38443 localhost Warning: getservbyport(38443) failed. Using port number as service. GnuTLS debug client 3.7.2 Checking localhost:38443 whether the server accepts default record size (512 bytes)... no whether %ALLOW_SMALL_RECORDS is required... no whether we need to disable TLS 1.2... yes whether we need to disable TLS 1.1... yes whether we need to disable TLS 1.0... yes for TLS 1.0 (RFC2246) support... no for TLS 1.0 (RFC2246) support with TLS 1.0 record version... no for TLS 1.1 (RFC4346) support... no fallback from TLS 1.1 to... failed for TLS 1.2 (RFC5246) support... no for TLS 1.3 (RFC8446) support... no for known TLS or SSL protocols support... no root:/tmp/squid_vup# -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1405#note_1187316883 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 09:26:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 08:26:40 +0000 Subject: [gnutls-devel] GnuTLS | Failed to set TLS options (default:). error: The request is invalid. (#1405) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm afraid I can't be of much help only with this information. Have you actually checked the links I provided in the previous response? With them, I basically suggested running the `squid` binary on the server somehow with `GNUTLS_DEBUGL_LEVEL` envvar, like: ```console GNUTLS_DEBUG_LEVEL=10 .../squid -YC -N -f .../squid.conf ``` then connect to the server and see if there is any clue in the log. Calling `gnutls-cli-debug` doesn't help much; it is a tool to check TLS features enabled on the server. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1405#note_1187340390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 11:28:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 10:28:32 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: Caused this issue with TLS PSK when kTLS is enabled: https://lists.fedoraproject.org/archives/list/devel at lists.fedoraproject.org/thread/KX3R7T3AWHESMPL32W72ONA27ERA2B7T/ (Note issue is fixed upstream, only affects Fedora) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434#note_1187604137 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 15:46:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 14:46:23 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: All discussions on merge request !1509 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 15:48:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 14:48:30 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review; let's merge it as is for now, and see if we could improve the test coverage later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509#note_1188070817 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 28 15:48:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Nov 2022 14:48:42 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1509) In-Reply-To: References: Message-ID: Merge request !1509 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 Project:Branches: dueno/gnutls:wip/dueno/gnulib to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1509 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 29 03:13:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Nov 2022 02:13:03 +0000 Subject: [gnutls-devel] GnuTLS | Preserve backward compatibility of FIPS .hmac file location (#1435) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1435 During the process of consolidating 4 .hmac files (for gnutls, nettle, and gmp) into a single file (!1562), we have changed the .hmac file path from `.libgnutls.so.*.hmac` to `.gnutls.hmac`. This turned out to cause a problem, as some tools, such as dracut, are still [expecting](https://github.com/dracutdevs/dracut/blob/4a9b165de0ee0184dffb02c9223ff41aa0aeb903/src/install/dracut-install.c#L629) the old naming convention. While technically it would be possible to fix dracut to copy `.gnutls.hmac`, I suggest going a little backwards and rename it back to `.libgnutls.so.*.hmac` as it feels unwise to add a special case for GnuTLS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1435 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 29 03:30:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Nov 2022 02:30:59 +0000 Subject: [gnutls-devel] GnuTLS | fips: rename .gnutls.hmac back to .libgnutls.so.*.hmac (!1674) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 Project:Branches: dueno/gnutls:wip/dueno/fipshmac-followup2 to gnutls/gnutls:master Author: Daiki Ueno Using a GnuTLS specific construction of .hmac file name causes a problem with dracut, which expects that .hmac files are installed alongside the corresponding shared libraries. To preserve backward compatibility, this renames the file name back to .libgnutls.so.*.hmac, while the content remains the same covering all the dependent libraries (libgnutls, libhogweed, libnettle, and libgmp). Fixes: #1435 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 29 05:52:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Nov 2022 04:52:18 +0000 Subject: [gnutls-devel] GnuTLS | Build error when enable fips under cross compile (#1373) In-Reply-To: References: Message-ID: Daiki Ueno commented: This might be already fixed in !1585. I've set up AArch64 cross-compilation environment on Fedora 36, with: ```console $ sudo dnf install gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu $ sudo dnf build-dep --repo=fedora --releasever=36 --forcearch aarch64 --installroot /usr/aarch64-linux-gnu/sys-root gnutls ``` and compile GnuTLS with: ```console $ ./configure --disable-doc --disable-cxx --enable-fips140-mode --host=`aarch64-linux-gnu-gcc -dumpmachine` $ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu/sys-root make -j$(nproc) ... CCLD fipshmac GEN .libs/.gnutls.hmac ... $ file lib/.libs/fipshmac lib/.libs/fipshmac: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=7bdb92b2f47e3efcc801fcee893ac8ec0a0df539, for GNU/Linux 3.7.0, with debug_info, not stripped, too many notes (256) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1373#note_1188885215 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 29 05:54:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Nov 2022 04:54:37 +0000 Subject: [gnutls-devel] GnuTLS | Build error when enable fips under cross compile (#1373) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1373: https://gitlab.com/gnutls/gnutls/-/issues/1373 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 29 15:23:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Nov 2022 14:23:32 +0000 Subject: [gnutls-devel] GnuTLS | Support more ciphersuites in KTLS (#1434) In-Reply-To: References: Message-ID: Reassigned Issue 1434 https://gitlab.com/gnutls/gnutls/-/issues/1434 Assignee changed to Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1434 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 10:49:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 09:49:36 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes on KTLS (!1673) In-Reply-To: References: Message-ID: Merge request !1673 was approved by Franti?ek Kren?elok Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1673 Project:Branches: dueno/gnutls:wip/dueno/ktls-fixes2 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1673 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 10:49:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 09:49:33 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes on KTLS (!1673) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: Looking good, Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1673#note_1190801659 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 11:44:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 10:44:51 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes on KTLS (!1673) In-Reply-To: References: Message-ID: Merge request !1673 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1673 Project:Branches: dueno/gnutls:wip/dueno/ktls-fixes2 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1673 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 11:44:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 10:44:51 +0000 Subject: [gnutls-devel] GnuTLS | tries to include on MinGW (#1382) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1673 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1673) Issue #1382: https://gitlab.com/gnutls/gnutls/-/issues/1382 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 14:30:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 13:30:17 +0000 Subject: [gnutls-devel] GnuTLS | fips: rename .gnutls.hmac back to .libgnutls.so.*.hmac (!1674) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Logic looks correct. I didnt find any mistakes. But I would prefer to not remove ret = 0; from get_library_path function. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674#note_1191160972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 14:30:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 13:30:17 +0000 Subject: [gnutls-devel] GnuTLS | fips: rename .gnutls.hmac back to .libgnutls.so.*.hmac (!1674) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674#note_1191160959 > } > > - ret = 0; I would not remove this. The get_library_path function returns gnutls error code which should be GNUTLS_E_SUCCESS aka 0. By removing this line, the check (ret == GNUTLS_E_SUCCESS) would fail even though the function finished correctly. Thats because snprintf returns number of bytes written which is temporarily stored in ret. Maybe change it into ret = GNUTLS_E_SUCCESS; -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 14:34:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 13:34:26 +0000 Subject: [gnutls-devel] GnuTLS | fips: rename .gnutls.hmac back to .libgnutls.so.*.hmac (!1674) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674#note_1191167111 > goto cleanup; > } > > - ret = 0; Good catch, it was actually a left-over when I was trying to rewrite the caller's logic to not stack-allocate `file`. I will revert it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674#note_1191167111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 14:36:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 13:36:34 +0000 Subject: [gnutls-devel] GnuTLS | fips: rename .gnutls.hmac back to .libgnutls.so.*.hmac (!1674) In-Reply-To: References: Message-ID: Merge request !1674 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 Project:Branches: dueno/gnutls:wip/dueno/fipshmac-followup2 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 14:36:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 13:36:37 +0000 Subject: [gnutls-devel] GnuTLS | fips: rename .gnutls.hmac back to .libgnutls.so.*.hmac (!1674) In-Reply-To: References: Message-ID: All discussions on merge request !1674 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 16:16:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 15:16:53 +0000 Subject: [gnutls-devel] GnuTLS | Preserve backward compatibility of FIPS .hmac file location (#1435) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1674 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1674) Issue #1435: https://gitlab.com/gnutls/gnutls/-/issues/1435 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1435 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 16:16:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 15:16:52 +0000 Subject: [gnutls-devel] GnuTLS | fips: rename .gnutls.hmac back to .libgnutls.so.*.hmac (!1674) In-Reply-To: References: Message-ID: Merge request !1674 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 Project:Branches: dueno/gnutls:wip/dueno/fipshmac-followup2 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1674 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 16:38:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 15:38:08 +0000 Subject: [gnutls-devel] web-pages | GNUTLS-SA-2022-07-07 should link to CVE-2022-2509 (#5) References: Message-ID: Rolf Eike Beer created an issue: https://gitlab.com/gnutls/web-pages/-/issues/5 Apart from the [release mail](https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html) there is no canonical information that these 2 identifiers actually refer to the same issue. Please add the link to the advisories table as well for easier matching. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 30 22:05:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Nov 2022 21:05:57 +0000 Subject: [gnutls-devel] GnuTLS | Cannot use certificates from machine store. (#1365) In-Reply-To: References: Message-ID: juxeii commented: Hi all, today this OpenConenct GUI patch stopped working after months without issues. Interestingly, the command line still works. Attached is the log for the GUI version([gui_failed.txt](/uploads/92395d1193d0acae77c6df03db8e70b5/gui_failed.txt)) Attached is also the log of the CLI, the first line is the call command([cli_passed.txt](/uploads/13a9a5ea50e8ed75e3e7907f61bc539f/cli_passed.txt)) What could possibly the reason? Some timing issues? Any help appreciated :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_1191843895 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: