From gnutls-devel at lists.gnutls.org Wed Feb 1 10:01:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Feb 2023 09:01:26 +0000 Subject: [gnutls-devel] GnuTLS | Add libbrotlienc/dec.dll to archive (!1694) In-Reply-To: References: Message-ID: Reassigned merge request 1694 https://gitlab.com/gnutls/gnutls/-/merge_requests/1694 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 1 10:01:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Feb 2023 09:01:28 +0000 Subject: [gnutls-devel] GnuTLS | Add libbrotlienc/dec.dll to archive (!1694) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1694 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 1 12:27:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Feb 2023 11:27:07 +0000 Subject: [gnutls-devel] GnuTLS | Add compression dlls to mingw archive (!1694) In-Reply-To: References: Message-ID: Merge request !1694 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1694 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 1 13:10:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Feb 2023 12:10:40 +0000 Subject: [gnutls-devel] GnuTLS | Add compression dlls to mingw archive (!1694) In-Reply-To: References: Message-ID: Merge request !1694 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1694 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 1 13:10:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Feb 2023 12:10:39 +0000 Subject: [gnutls-devel] GnuTLS | Missing DLLs in windows binaries (#1441) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via commit 1dc85222fc8e08a3fc9e6c554f001a44baa61bd0 Issue #1441: https://gitlab.com/gnutls/gnutls/-/issues/1441 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1441 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 1 13:31:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Feb 2023 12:31:33 +0000 Subject: [gnutls-devel] GnuTLS | Revert commit f7160e4f (!1695) In-Reply-To: References: Message-ID: Reassigned merge request 1695 https://gitlab.com/gnutls/gnutls/-/merge_requests/1695 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1695 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 1 13:31:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Feb 2023 12:31:35 +0000 Subject: [gnutls-devel] GnuTLS | Revert commit f7160e4f (!1695) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1695 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #1446 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1695 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 4 08:46:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Feb 2023 07:46:09 +0000 Subject: [gnutls-devel] GnuTLS | Fail to retrieve directory listing connecting TLS 1.3 protocol (#1451) In-Reply-To: References: Message-ID: Daiki Ueno commented: @codesquid do you have any clue off-hand? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1451#note_1265705669 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 4 11:43:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Feb 2023 10:43:59 +0000 Subject: [gnutls-devel] GnuTLS | Fail to retrieve directory listing connecting TLS 1.3 protocol (#1451) In-Reply-To: References: Message-ID: Tim Kosse commented: TLS 1.3 has changed how close_notify works, now allowing half-closed connections that are only closed in one direction, whereas previously the recipient of close_notify had to immediately reply with a close_notify on its own resulting in a duplex close. As existing applications might rely on the previous behavior, the OpenJDK developers try to emulate the previous behavior in TLS 1.3 through use of the user_canceled alert, intending to force a duplex close in TLS 1.3 This non-standard use of user_canceled by OpenJDK as part of the normal connection shutdown obviously causes compatibility issues, depending on how other TLS libraries and the applications using them process and react to alerts. In particular, RFC 8446 explicitly states that post-handshake, user_canceled can be used "If a user cancels an operation", which is clearly at odds with OpenJDK's use of the alert. I only see one viable solution: OpenJDK needs to get rid of the user_canceled workaround entirely. If TLS 1.3 breaking existing applications expecting TLS 1.2 behavior wrt. close_notify is a major concern, they could for example make TLS 1.3 an opt-in feature instead. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1451#note_1265730817 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 4 20:21:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Feb 2023 19:21:20 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add the symmetric encryption algorithms (!7) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/7 Project:Branches: vivien_/guile:symmetric-algorithms to gnutls/guile:master Author: Vivien Kraus Would Rather Not Be On Gitlab_com Dear GnuTLS guilers, Here are the AEAD functions, to perform high-level encryption! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/7 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 5 07:43:46 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Feb 2023 06:43:46 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the symmetric encryption algorithms (!7) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !7 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/7 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 5 07:45:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Feb 2023 06:45:29 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Add the symmetric encryption algorithms (!7) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: I forgot to provide the aead-cipher-algorithm function, and I?d like to also bring the "legacy" cipher API because it is required for JWT stuff (https://www.rfc-editor.org/rfc/rfc7518#section-5) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/7#note_1265951946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 5 17:44:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Feb 2023 16:44:21 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add the symmetric encryption algorithms (!7) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !7 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/7 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 6 11:15:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Feb 2023 10:15:55 +0000 Subject: [gnutls-devel] GnuTLS | Revert commit f7160e4f (!1695) In-Reply-To: References: Message-ID: Merge request !1695 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1695 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1695 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 6 11:15:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Feb 2023 10:15:35 +0000 Subject: [gnutls-devel] GnuTLS | Revert commit f7160e4f (!1695) In-Reply-To: References: Message-ID: Merge request !1695 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1695 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1695 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 6 11:15:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Feb 2023 10:15:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli crashes with segfault in mingw (#1446) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1695 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1695) Issue #1446: https://gitlab.com/gnutls/gnutls/-/issues/1446 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1446 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 6 15:20:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Feb 2023 14:20:31 +0000 Subject: [gnutls-devel] GnuTLS | Fail to retrieve directory listing connecting TLS 1.3 protocol (#1451) In-Reply-To: References: Message-ID: Alla Gofman commented: @codesquid Thank you for your explanation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1451#note_1267064152 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 6 15:36:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Feb 2023 14:36:01 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add new interop tests (!1696) References: Message-ID: Peter Leitmann created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1696 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1696 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 7 07:09:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Feb 2023 06:09:10 +0000 Subject: [gnutls-devel] GnuTLS | remove inoperative variable (!1697) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1697 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 09:58:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 08:58:59 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add new interop tests (!1696) In-Reply-To: References: Message-ID: Stanislav ?idek commented: @not4pedro Looks good to me! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1696#note_1270026476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 12:10:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 11:10:18 +0000 Subject: [gnutls-devel] GnuTLS | remove inoperative variable (!1697) In-Reply-To: References: Message-ID: Merge request !1697 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1697 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 12:10:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 11:10:59 +0000 Subject: [gnutls-devel] GnuTLS | remove inoperative variable (!1697) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Looks safe to merge. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1697#note_1270364691 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 12:18:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 11:18:27 +0000 Subject: [gnutls-devel] GnuTLS | remove inoperative variable (!1697) In-Reply-To: References: Message-ID: Merge request !1697 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1697 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 12:20:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 11:20:27 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit-trust: investigate whether CKA_NSS_{SERVER, EMAIL}_DISTRUST_AFTER can be used (#912) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.10.0 ( https://gitlab.com/gnutls/gnutls/-/milestones/38 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/912 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 12:47:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 11:47:19 +0000 Subject: [gnutls-devel] GnuTLS | auth/rsa: side-step potential side-channel (!1698) References: Message-ID: Hubert Kario (@mention me if you need reply) created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698 Project:Branches: tomato42/gnutls:timing-leak-fix to gnutls/gnutls:master Author: Hubert Kario (@mention me if you need reply) Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 14:35:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 13:35:30 +0000 Subject: [gnutls-devel] GnuTLS | add new interop tests (!1696) In-Reply-To: References: Message-ID: Peter Leitmann marked merge request !1696 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1696 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 14:36:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 13:36:39 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add new interop tests (!1696) In-Reply-To: References: Message-ID: Peter Leitmann marked merge request !1696 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1696 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 14:52:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 13:52:32 +0000 Subject: [gnutls-devel] GnuTLS | auth/rsa: side-step potential side-channel (!1698) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: The fix looks good. Approved. Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698#note_1270647234 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 14:52:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 13:52:34 +0000 Subject: [gnutls-devel] GnuTLS | auth/rsa: side-step potential side-channel (!1698) In-Reply-To: References: Message-ID: Merge request !1698 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698 Project:Branches: tomato42/gnutls:timing-leak-fix to gnutls/gnutls:master Author: Hubert Kario (@mention me if you need reply) Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 14:55:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 13:55:39 +0000 Subject: [gnutls-devel] GnuTLS | auth/rsa: side-step potential side-channel (!1698) In-Reply-To: References: Message-ID: Merge request !1698 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698 Project:Branches: tomato42/gnutls:timing-leak-fix to gnutls/gnutls:master Author: Hubert Kario (@mention me if you need reply) Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 16:02:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 15:02:38 +0000 Subject: [gnutls-devel] GnuTLS | auth/rsa: side-step potential side-channel (!1698) In-Reply-To: References: Message-ID: Merge request !1698 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698 Project:Branches: tomato42/gnutls:timing-leak-fix to gnutls/gnutls:master Author: Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1698 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 8 16:02:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Feb 2023 15:02:38 +0000 Subject: [gnutls-devel] GnuTLS | Timing sidechannel in RSA decryption (#1050) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via commit 22e3dc0c415654d0ac2170209e763175c7547069 Issue #1050: https://gitlab.com/gnutls/gnutls/-/issues/1050 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1050 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 04:26:45 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 03:26:45 +0000 Subject: [gnutls-devel] GnuTLS | fix possible out-of-bounds access (!1699) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 10:58:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 09:58:16 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.9 (!1700) In-Reply-To: References: Message-ID: Reassigned merge request 1700 https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 10:58:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 09:58:18 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.9 (!1700) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:gnutls_3_7_x Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 11:47:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 10:47:22 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.9 (!1700) In-Reply-To: References: Message-ID: Merge request !1700 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:gnutls_3_7_x Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 11:55:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 10:55:09 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.9 (!1700) In-Reply-To: References: Message-ID: Merge request !1700 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:gnutls_3_7_x Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 13:38:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 12:38:21 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.0 release (!5) In-Reply-To: References: Message-ID: Reassigned merge request 5 https://gitlab.com/gnutls/abi-dump/-/merge_requests/5 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 13:38:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 12:38:24 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.0 release (!5) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/abi-dump/-/merge_requests/5 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 13:38:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 12:38:54 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.0 release (!5) In-Reply-To: References: Message-ID: Merge request !5 was merged Merge request URL: https://gitlab.com/gnutls/abi-dump/-/merge_requests/5 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 13:45:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 12:45:25 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.0 (!1701) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1701 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 13:45:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 12:45:24 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.0 (!1701) In-Reply-To: References: Message-ID: Reassigned merge request 1701 https://gitlab.com/gnutls/gnutls/-/merge_requests/1701 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 14:36:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 13:36:39 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.9 (!1700) In-Reply-To: References: Message-ID: Merge request !1700 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:gnutls_3_7_x Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 15:01:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 14:01:29 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.0 (!1701) In-Reply-To: References: Message-ID: Merge request !1701 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1701 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 15:34:23 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 14:34:23 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.0 (!1701) In-Reply-To: References: Message-ID: Merge request !1701 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1701 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 22:30:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 21:30:40 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add new interop tests (!1696) In-Reply-To: References: Message-ID: Merge request !1696 was closed by Peter Leitmann Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1696 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1696 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 9 22:43:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Feb 2023 21:43:54 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add new interop tests (!1702) References: Message-ID: Peter Leitmann created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 11:35:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 10:35:39 +0000 Subject: [gnutls-devel] GnuTLS | NEWS and release-steps update (!1703) In-Reply-To: References: Message-ID: Reassigned merge request 1703 https://gitlab.com/gnutls/gnutls/-/merge_requests/1703 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 11:35:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 10:35:41 +0000 Subject: [gnutls-devel] GnuTLS | NEWS and release-steps update (!1703) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 12:26:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 11:26:17 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.0 release (!6) In-Reply-To: References: Message-ID: Reassigned merge request 6 https://gitlab.com/gnutls/web-pages/-/merge_requests/6 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 12:26:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 11:26:18 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.0 release (!6) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/6 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 12:40:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 11:40:20 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.0 release (!6) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) started a new discussion on security-entries/GNUTLS-SA-2020-07-14: https://gitlab.com/gnutls/web-pages/-/merge_requests/6#note_1274124459 > + CVE-2023-0361 > + Severity Medium; timing sidechannel in RSA decryption > + A vulnerability was found using the TLS fuzzer tools that the response times to malformed RSA ciphertexts in ClientKeyExchange depend on the size of encrypted data in the PKCS#1 v1.5 encrypted data. The issue was reported in the issue tracker as #1050.
`...tools that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/6#note_1274124459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 12:44:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 11:44:33 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.0 release (!6) In-Reply-To: References: Message-ID: All discussions on merge request !6 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/web-pages/-/merge_requests/6 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 12:48:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 11:48:01 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.0 release (!6) In-Reply-To: References: Message-ID: Merge request !6 was approved by Hubert Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/6 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 12:48:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 11:48:35 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.0 release (!6) In-Reply-To: References: Message-ID: Merge request !6 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/6 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 12:59:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 11:59:59 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit-trust: investigate whether CKA_NSS_{SERVER, EMAIL}_DISTRUST_AFTER can be used (#912) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/912 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 13:00:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 12:00:09 +0000 Subject: [gnutls-devel] GnuTLS | Support external PSK importer (#1355) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 10 13:31:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Feb 2023 12:31:34 +0000 Subject: [gnutls-devel] GnuTLS | add new interop tests (!1702) In-Reply-To: References: Message-ID: Peter Leitmann marked merge request !1702 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 12 00:01:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 11 Feb 2023 23:01:06 +0000 Subject: [gnutls-devel] GnuTLS | fix possible out-of-bounds access (!1699) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699#note_1275237476 > return NULL; > len = ret; > - http_buffer = realloc(http_buffer, len + data.size); Since this is a test program, I would simply use `xrealloc` from ["xalloc.h",](https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob_plain;f=modules/xalloc-die) which would cause the program crash when allocation fails. -- Daiki Ueno started a new discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699#note_1275237477 > + *ret_length = len + data.size; > + } else { > + gnutls_free(http_buffer); `gnutls_free` should only be used on the memory area allocated with GnuTLS memory functions (e.g., `gnutls_malloc`, `gnutls_realloc`, etc.) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 13 03:33:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Feb 2023 02:33:53 +0000 Subject: [gnutls-devel] GnuTLS | audit: add macros to define USDT probes for crypto-auditing (!1704) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1704 Project:Branches: dueno/gnutls:wip/dueno/usdt to gnutls/gnutls:wip/usdt Author: Daiki Ueno This adds USDT probe points for the use with the [crypto-auditing](https://github.com/latchset/crypto-auditing) project. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 13 04:06:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Feb 2023 03:06:06 +0000 Subject: [gnutls-devel] GnuTLS | fix possible out-of-bounds access (!1699) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699#note_1275521519 > if (ret < 0) > return NULL; > len = ret; > - http_buffer = realloc(http_buffer, len + data.size); Good idea,That is easy to know what happened. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699#note_1275521519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 13 07:48:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Feb 2023 06:48:20 +0000 Subject: [gnutls-devel] GnuTLS | audit: add macros to define USDT probes for crypto-auditing (!1704) In-Reply-To: References: Message-ID: Merge request !1704 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1704 Project:Branches: dueno/gnutls:wip/dueno/usdt to gnutls/gnutls:wip/usdt Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 13 12:02:46 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Feb 2023 11:02:46 +0000 Subject: [gnutls-devel] GnuTLS | fix possible out-of-bounds access (!1699) In-Reply-To: References: Message-ID: All discussions on merge request !1699 were resolved by xuraoqing https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 13 17:39:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Feb 2023 16:39:31 +0000 Subject: [gnutls-devel] GnuTLS | fix possible out-of-bounds access (!1699) In-Reply-To: References: Message-ID: Merge request !1699 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 13 17:40:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Feb 2023 16:40:34 +0000 Subject: [gnutls-devel] GnuTLS | add new interop tests (!1702) In-Reply-To: References: Message-ID: Merge request !1702 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 13 17:40:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Feb 2023 16:40:54 +0000 Subject: [gnutls-devel] GnuTLS | add new interop tests (!1702) In-Reply-To: References: Message-ID: Merge request !1702 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702 Project:Branches: not4pedro/gnutls:new-interop-tests to gnutls/gnutls:master Author: Peter Leitmann -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 13 17:42:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Feb 2023 16:42:47 +0000 Subject: [gnutls-devel] GnuTLS | NEWS and release-steps update (!1703) In-Reply-To: References: Message-ID: Daiki Ueno commented: While you are at it, would you also mind updating README.md as well to point to 3.8.x? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703#note_1276704987 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 14 11:29:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Feb 2023 10:29:51 +0000 Subject: [gnutls-devel] GnuTLS | NEWS and release-steps update (!1703) In-Reply-To: References: Message-ID: Merge request !1703 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 14 11:49:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Feb 2023 10:49:16 +0000 Subject: [gnutls-devel] GnuTLS | PCT are conditioned on ENABLE_FIPS140, not _gnutls_fips_mode_enabled() (#1453) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1453 As @dueno has spotted, pct_test in lib/nettle/pk.c is conditioned on the library being compiled with `ENABLE_FIPS140`, but not on a runtime check that FIPS mode is enabled (`_gnutls_fips_mode_enabled()`). We should consider changing that to improve performance in non-FIPS mode. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 14 13:25:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Feb 2023 12:25:37 +0000 Subject: [gnutls-devel] GnuTLS | packit: remove old sig files (!1705) In-Reply-To: References: Message-ID: Reassigned merge request 1705 https://gitlab.com/gnutls/gnutls/-/merge_requests/1705 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1705 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 14 13:25:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Feb 2023 12:25:39 +0000 Subject: [gnutls-devel] GnuTLS | packit: remove old sig files (!1705) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1705 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1705 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 14 16:46:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Feb 2023 15:46:27 +0000 Subject: [gnutls-devel] GnuTLS | packit: remove old sig files (!1705) In-Reply-To: References: Message-ID: Merge request !1705 was closed by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1705 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1705 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 15 10:16:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Feb 2023 09:16:24 +0000 Subject: [gnutls-devel] GnuTLS | fix possible out-of-bounds access (!1699) In-Reply-To: References: Message-ID: Merge request !1699 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 16 09:11:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Feb 2023 08:11:55 +0000 Subject: [gnutls-devel] GnuTLS | Build error when enable fips under cross compile (#1373) In-Reply-To: References: Message-ID: Alexander Kanavin commented: This only works if your system is set up to transparently run cross binaries with qemu usermode, but it will not work otherwise. I'd rather have a switch for disabling the execution of the problematic binary. I think you closed this a little bit prematurely. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1373#note_1280978542 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 16 09:12:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Feb 2023 08:12:10 +0000 Subject: [gnutls-devel] GnuTLS | Build error when enable fips under cross compile (#1373) In-Reply-To: References: Message-ID: Alexander Kanavin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1373#note_1280978835 This only works if your system is set up to transparently run cross binaries with qemu usermode, but it will not work otherwise. I'd rather have a switch for disabling the execution of the problematic binary. I think you closed this a little bit prematurely. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1373#note_1280978835 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 16 13:15:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Feb 2023 12:15:53 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) References: Message-ID: Pedro Monreal created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 Project:Branches: pmgdeb/gnutls:ECC-full-pk-validation-ECDH to gnutls/gnutls:master Author: Pedro Monreal Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 16 13:25:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Feb 2023 12:25:10 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Pedro Monreal commented: This is now a requirement for the FIPS 140-3 certification according to SP800-56A rev3, section 5.6.2.3.3: ECC Full Public-Key Validation Routine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1281373351 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 16 13:30:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Feb 2023 12:30:47 +0000 Subject: [gnutls-devel] GnuTLS | PCT are conditioned on ENABLE_FIPS140, not _gnutls_fips_mode_enabled() (#1453) In-Reply-To: References: Message-ID: Gisle Vanem commented: BTW, A `-DENABLE_FIPS140` on Windows is not possible due to the use of `` in `fips.c` etc.
Is there some initiative to change that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1453#note_1281384181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 16 13:49:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Feb 2023 12:49:27 +0000 Subject: [gnutls-devel] GnuTLS | Empty _CONSTRUCTOR/_DESTRUCTOR for clang-cl (#1454) References: Message-ID: Gisle Vanem created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1454 Building with MSVC seems impossible, but using `clang-cl` should IMHO be possible (due to resemblance to gcc).
But I discovered the constructor / destructor in `global.c` did absolutely nothing due to these lines in `str.h`: ```c # ifndef __attribute__ /* This feature is available in gcc versions 2.5 and later. */ # if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) # define __attribute__(Spec) /* empty */ ``` It seems `clang-cl` processor does not recognizes `__ attribute__` as a built-in.
Hence with this patch: ```diff --- a/lib/str.h 2023-02-11 21:35:44 +++ b/lib/str.h 2023-02-16 13:22:06 @@ -168,7 +168,7 @@ size_t data_size, const char *invalid_chars); int _gnutls_buffer_unescape(gnutls_buffer_st * dest); -# ifndef __attribute__ +# if !defined(__attribute__) && !defined(__clang__) /* This feature is available in gcc versions 2.5 and later. */ # if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) # define __attribute__(Spec) /* empty */ ``` I'm able to successfully run (so far) 15 programs under `./test`. There are other issues, but I hope Windows could be supported better. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1454 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 16 14:31:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Feb 2023 13:31:31 +0000 Subject: [gnutls-devel] GnuTLS | Empty _CONSTRUCTOR/_DESTRUCTOR for clang-cl (#1454) In-Reply-To: References: Message-ID: Gisle Vanem commented: > I'm able to successfully run (so far) 15 programs Now it's 188 or 265. But 12 programs crashes. Of which 3 due to a simple double `rpl_free()`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1454#note_1281517330 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 16 17:04:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Feb 2023 16:04:11 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) References: Message-ID: Pedro Monreal created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 Project:Branches: pmgdeb/gnutls:PCT-DH-keygen to gnutls/gnutls:master Author: Pedro Monreal Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 17 03:30:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Feb 2023 02:30:41 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1708) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1708 Project:Branches: dueno/gnutls:wip/dueno/gnulib-update to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1708 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 17 06:12:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Feb 2023 05:12:15 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1282541022 @pmgdeb @smuellerDD May I confirm if this is really a requirement, not just for a future proof? The previous [discussion](https://gitlab.com/gnutls/gnutls/-/merge_requests/1299?commit_id=db001209da553a7eeaa68fd06d2d64a22ef42bde#note_377102502) indicates that partial validation is sufficient upon key derivation (not key generation). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1282541022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 17 07:08:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Feb 2023 06:08:51 +0000 Subject: [gnutls-devel] GnuTLS | add new interop tests (!1702) In-Reply-To: References: Message-ID: Daiki Ueno commented: @not4pedro I trust @ep69's guidance on those MRs, but if I may ask something: - Is there any result matrix we can link from a badge or README.md? - Have you considered collecting code coverage around those interop tests? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702#note_1282567957 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 18 13:33:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Feb 2023 12:33:17 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Fix removal of duplicate certs during verification for 3.7. series (!1709) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 Project:Branches: ametzler/gnutls:tmp-ametzler-fix-1335-for-3.7 to gnutls/gnutls:gnutls_3_7_x Author: Andreas Metzler #1335 was only fixed on master branch, fix this. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 18 14:26:08 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Feb 2023 13:26:08 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Andreas Metzler commented: I have no idea about the pipeline errors. Is there a special step needed when extending the list of gnulib modules? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709#note_1284173779 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 18 18:54:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Feb 2023 17:54:11 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Bind the random number generator (!8) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/8 Project:Branches: vivien_/guile:random-number-generator to gnutls/guile:master Author: Vivien Kraus Would Rather Not Be On Gitlab_com Dear gnutls guilers, Here is the gnutls-random function that generates a random bytevector. Since the "random" name is already taken, I think it is a good idea to keep the "gnutls-" prefix. What do you think? Best regards, Vivien -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 18 20:55:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Feb 2023 19:55:19 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Public key cryptography (!9) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/9 Project:Branches: vivien_/guile:public-key-cryptography to gnutls/guile:master Author: Vivien Kraus Would Rather Not Be On Gitlab_com Dear GnuTLS guilers, This was a little harder than what I expected, but I now believe that I have most of the public key API that gnutls exports. Not everything is in there: notably, gost curves, some key generation flags, reproducible key generation, converting from and to openpgp keys. However, I believe this to be a good basis to implement the JWT algorithms for instance. What do you think? Best regards, Vivien -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 18 23:34:45 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Feb 2023 22:34:45 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add the HMAC and hash functions (!5) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1284360048 Hi @jas, the "more work" that we were discussing earlier consists of !7 !8 and !9. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/5#note_1284360048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 19 10:36:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Feb 2023 09:36:12 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709#note_1284478599 Looks like something has changed in the gitlab.com side, i.e., not including necessary files in the bootstrap artifacts. I'm [trying](https://gitlab.com/gnutls/gnutls/-/merge_requests/1708/diffs?commit_id=6db5a89d27b9bd08f4b44cf1e4673345a6042925) to resolve it with `artifacts::untracked`, but it's still not working. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709#note_1284478599 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 19 10:38:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Feb 2023 09:38:11 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Merge request !1709 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 Project:Branches: ametzler/gnutls:tmp-ametzler-fix-1335-for-3.7 to gnutls/gnutls:gnutls_3_7_x Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 19 11:55:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Feb 2023 10:55:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Andreas Metzler marked merge request !1709 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 20 10:16:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Feb 2023 09:16:12 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) References: Message-ID: Paul Menzel created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1455 Using self-built GnuTLS 3.7.8, it?s unable to verify www.netfilter.org (or iptables.org). ``` $ gnutls-cli --version gnutls-cli 3.7.8 [?] $ gnutls-cli www.netfilter.org Processed 142 CA certificate(s). Resolving 'www.netfilter.org:443'... Connecting to '92.243.18.11:443'... - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `CN=iptables.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04675191b85af1eea91388782cc5a2e1258c, RSA key 2048 bits, signed using RSA-SHA256, activated `2023-01-06 22:33:05 UTC', expires `2023-04-06 22:33:04 UTC', pin-sha256="+uWS05Cq49ezAdUve1eMV+fAqtOqSVI1kPr0UM9mxGE=" Public Key ID: sha1:138a74de0999cbecdbfda39e88f372307a2e4ee8 sha256:fae592d390aae3d7b301d52f7b578c57e7c0aad3aa49523590faf450cf66c461 Public Key PIN: pin-sha256:+uWS05Cq49ezAdUve1eMV+fAqtOqSVI1kPr0UM9mxGE= - Certificate[1] info: - subject `CN=iptables.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04675191b85af1eea91388782cc5a2e1258c, RSA key 2048 bits, signed using RSA-SHA256, activated `2023-01-06 22:33:05 UTC', expires `2023-04-06 22:33:04 UTC', pin-sha256="+uWS05Cq49ezAdUve1eMV+fAqtOqSVI1kPr0UM9mxGE=" - Certificate[2] info: - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=" - Certificate[3] info: - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=" - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. ``` strace shows that it?s parsing `/etc/ssl/certs/ca-certificates.crt` openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY|O_CLOEXEC) = 3 pointing to `/etc/ssl/ca-bundle.crt`. $ ls -lh /etc/ssl/certs/ca-certificates.crt lrwxrwxrwx 1 root root 22 Jun 17 2014 /etc/ssl/certs/ca-certificates.crt -> /etc/ssl/ca-bundle.crt That file contains Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1 but not the listed issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.`. The certificates are retrieved from `https://curl.haxx.se/ca/cacert.pem`. For some reason it works in Debian sid/unstable with *gnutls-bin* 3.7.9-1.. It might be related to [DST Root CA X3 Expiration (September 2021)](https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 20 10:18:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Feb 2023 09:18:06 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Paul Menzel commented: Full cert contained in `/etc/ssl/certs/ca-certificates.crt`: ``` Certificate: Data: Version: 3 (0x2) Serial Number: 82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1 Validity Not Before: Jun 4 11:04:38 2015 GMT Not After : Jun 4 11:04:38 2035 GMT Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1 [?] -----BEGIN CERTIFICATE----- MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE----- ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1285052663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 20 11:26:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Feb 2023 10:26:05 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Paul Menzel commented: Building GnuTLS 3.7.9, the issue *is* still present. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1285164455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 20 12:38:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Feb 2023 11:38:06 +0000 Subject: [gnutls-devel] GnuTLS | Tag 3.7.9 missing (#1456) References: Message-ID: Paul Menzel created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1456 The tag 3.7.9 is not present: $ curl -I https://gitlab.com/gnutls/gnutls/-/tree/3.7.9 HTTP/2 404 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 20 16:51:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Feb 2023 15:51:09 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1708) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1708 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 20 17:22:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Feb 2023 16:22:29 +0000 Subject: [gnutls-devel] GnuTLS | Tag 3.7.9 missing (#1456) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich Issue #1456: https://gitlab.com/gnutls/gnutls/-/issues/1456 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 20 17:22:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Feb 2023 16:22:29 +0000 Subject: [gnutls-devel] GnuTLS | Tag 3.7.9 missing (#1456) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Fixed now https://gitlab.com/gnutls/gnutls/-/tags/3.7.9 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1456#note_1285738986 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 20 18:23:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Feb 2023 17:23:43 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Andreas Metzler commented: I suspect this might be duplicate of #1335 since I cannot reprodice on Debian (which is patched for this problem). Does !1709 work for you? cu Andreas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1285808794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 05:27:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 04:27:42 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1708) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm merging this without approval, as it is a CI-only change and blocking other MRs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1708#note_1286113478 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 05:28:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 04:28:11 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1708) In-Reply-To: References: Message-ID: All reviewers were removed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1708 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 05:28:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 04:28:19 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1708) In-Reply-To: References: Message-ID: Merge request !1708 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1708 Project:Branches: dueno/gnutls:wip/dueno/gnulib-update to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1708 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 05:34:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 04:34:14 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: use artifacts:untracked [3.7.x] (!1710) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1710 Project:Branches: dueno/gnutls:wip/ci-fixes-3_7_x to gnutls/gnutls:gnutls_3_7_x Author: Daiki Ueno This fixes CI issue blocking !1709. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1710 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 05:35:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 04:35:32 +0000 Subject: [gnutls-devel] GnuTLS | NEWS and release-steps update (!1703) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you rebase against the latest git master? That should fix the CI issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703#note_1286116572 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 05:36:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 04:36:00 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you rebase against the latest git master? That should fix the CI issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1286116783 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 05:36:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 04:36:15 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you rebase against the latest git master? That should fix the CI issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1286116897 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 07:48:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 06:48:55 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 Project:Branches: dueno/gnutls:wip/dueno/ems to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1445 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 07:52:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 06:52:54 +0000 Subject: [gnutls-devel] GnuTLS | Add setting for requiring use of EMS in TLS 1.2 (#1445) In-Reply-To: References: Message-ID: Reassigned Issue 1445 https://gitlab.com/gnutls/gnutls/-/issues/1445 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1445 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 07:53:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 06:53:12 +0000 Subject: [gnutls-devel] GnuTLS | Add setting for requiring use of EMS in TLS 1.2 (#1445) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1445 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 09:11:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 08:11:48 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: simplify timestamp preservation (!1712) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1712 Project:Branches: dueno/gnutls:wip/dueno/ci-fixes2 to gnutls/gnutls:master Author: Daiki Ueno This simplifies commit 738b968271 to consolidate the logic into default target. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1712 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 10:57:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 09:57:36 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Reassigned merge request 1711 https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 10:57:44 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 09:57:44 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 11:10:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 10:10:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Paul Menzel commented: How do I apply the second commit https://gitlab.com/gnutls/gnutls/-/merge_requests/1709/diffs?commit_id=c34ce4e161c11976432b56c5aae15e02051f387c to the 3.7.9 release sources from the release archive, which does not contain `bootstrap.conf`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709#note_1286476952 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 12:24:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 11:24:49 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: Looks good in general, I'm not a big fan of the name: `FORCE_SESSION_HASH`. While, yes, the RFC talks session hash, the extension is called extended_master_secret... On the other-other hand, we already have `NO_SESSION_HASH`... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1286591969 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 12:24:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 11:24:53 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Merge request !1711 was approved by Hubert Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 Project:Branches: dueno/gnutls:wip/dueno/ems to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 12:33:46 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 11:33:46 +0000 Subject: [gnutls-devel] GnuTLS | Impossible to separately specify path for libev header files (#1457) References: Message-ID: Paul Menzel created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1457 libev 4.11 is installed like below in our system: ``` /usr/lib/libev.a /usr/lib/libev.so//libev.so.4.0.0 /usr/lib/libev.so.4//libev.so.4.0.0 /usr/lib/libev.so.4.0.0 /usr/share/man/man3/ev.3 /usr/include/ev/event.h /usr/include/ev/ev++.h /usr/include/ev/ev.h ``` The build (configure) system only allows to specify a prefix for both header files and libraries, which does not work here. --with-libev-prefix[=DIR] search for libev in DIR/include and DIR/lib -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 14:53:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 13:53:13 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Paul Menzel commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1286804897 Spot on. Thank you. Please mark it as a duplicate. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1286804897 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 15:00:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 14:00:20 +0000 Subject: [gnutls-devel] GnuTLS | Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Paul Menzel commented: Build the source from the branch, and verified that it fixed my issue https://gitlab.com/gnutls/gnutls/-/issues/1455. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709#note_1286817215 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 21 15:01:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Feb 2023 14:01:47 +0000 Subject: [gnutls-devel] GnuTLS | Impossible to separately specify path for libev header files (#1457) In-Reply-To: References: Message-ID: Paul Menzel commented: Passing `--disable-full-test-suite` to `configure` works around the issue, as no libev is needed then. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1457#note_1286819787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 22 11:48:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Feb 2023 10:48:29 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1288213772 > bool force_etm; > unsigned int additional_verify_flags; > bool tls13_compat_mode; > + bool force_ext_master_secret; Just curious: why does `_no_ext_master_secret` lives under internals, but `force_ext_master_secret` does not? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1288213772 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 22 13:32:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Feb 2023 12:32:49 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Regarding setting them together: maybe we should document that setting them both is not supported. This way we will later be able turn booleans into enums and make %FORCE_SESSION_HASH override previously specified %NO_SESSION_HASH and vice versa. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1288380744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 22 14:21:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Feb 2023 13:21:48 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: simplify timestamp preservation (!1712) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm merging this without approval, as it's a CI-only change. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1712#note_1288457332 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 22 14:21:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Feb 2023 13:21:56 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: simplify timestamp preservation (!1712) In-Reply-To: References: Message-ID: Merge request !1712 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1712 Project:Branches: dueno/gnutls:wip/dueno/ci-fixes2 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1712 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 22 23:31:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Feb 2023 22:31:15 +0000 Subject: [gnutls-devel] GnuTLS | add new interop tests (!1702) In-Reply-To: References: Message-ID: Peter Leitmann commented: Hi @dueno, sorry for the late reply. To be honest, I am not very experienced in anything like this. However, if the implementation is not too demanding, I am open to considering it. Therefore, I would like to ask you for defining the two bullet points a little bit further (maybe an example of what you are looking for), so we are on the same page. *redundant tag @ep69* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1702#note_1289168430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 08:33:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 07:33:06 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Pedro Monreal commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1289459283 @smuellerDD pointed out that for this assurance in ECDH on key derivation, partial key validation would be sufficient. This means that step 4 would not be necessary, although it would not harm. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1289459283 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 08:38:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 07:38:22 +0000 Subject: [gnutls-devel] libtasn1 | Update to 2023 to make CI/CD happy (!88) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/88 Project:Branches: jas/libtasn1:jas/wip2 to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/88 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 09:00:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 08:00:00 +0000 Subject: [gnutls-devel] GnuTLS | NEWS and release-steps update (!1703) In-Reply-To: References: Message-ID: Merge request !1703 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1703 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 09:41:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 08:41:13 +0000 Subject: [gnutls-devel] GnuTLS | .gitmodules: revert to use full URLs for submodules (!1713) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1713 Project:Branches: dueno/gnutls:wip/dueno/ci-fixes to gnutls/gnutls:master Author: Daiki Ueno The previous attempt to use relative paths caused issues when the repository is mirrored, requiring all the local submodules are mirrored as well. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1713 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 10:53:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 09:53:32 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Merge request !1706 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 Project:Branches: pmgdeb/gnutls:ECC-full-pk-validation-ECDH to gnutls/gnutls:master Author: Pedro Monreal Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 10:53:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 09:53:49 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: All discussions on merge request !1706 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 10:53:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 09:53:49 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1289658788 OK, thank you for the confirmation! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1289658788 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 10:54:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 09:54:34 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1289659915 Sorry, there was a hiccup in the previous attempt, which should be fixed now. Could you rebase again? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1289659915 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 11:40:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 10:40:43 +0000 Subject: [gnutls-devel] GnuTLS | .gitmodules: revert to use full URLs for submodules (!1713) In-Reply-To: References: Message-ID: Daiki Ueno commented: This is also a CI-only change; merging without approval. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1713#note_1289736399 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 11:40:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 10:40:50 +0000 Subject: [gnutls-devel] GnuTLS | .gitmodules: revert to use full URLs for submodules (!1713) In-Reply-To: References: Message-ID: Merge request !1713 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1713 Project:Branches: dueno/gnutls:wip/dueno/ci-fixes to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1713 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 11:42:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 10:42:27 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1289738939 > bool force_etm; > unsigned int additional_verify_flags; > bool tls13_compat_mode; > + bool force_ext_master_secret; I suppose we could consolidate them into a single enum, but maybe a separate MR, as there is also a similar example of %NO/%FORCE usage (e.g., %NO_ETM/%FORCE_ETM). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1289738939 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 11:42:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 10:42:28 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: All discussions on merge request !1711 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 11:42:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 10:42:33 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Merge request !1711 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 Project:Branches: dueno/gnutls:wip/dueno/ems to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 11:44:45 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 10:44:45 +0000 Subject: [gnutls-devel] libtasn1 | Update to 2023 to make CI/CD happy (!88) In-Reply-To: References: Message-ID: Merge request !88 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/88 Project:Branches: jas/libtasn1:jas/wip2 to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/88 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 23 23:41:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Feb 2023 22:41:10 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1290766516 Now it's failing at `commit-check` because of indentation (we started auto-indenting the source code in !1692), which should be fixed by running `devel/indent-gnutls`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1290766516 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 02:49:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 01:49:28 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: Merge request !1707 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 Project:Branches: pmgdeb/gnutls:PCT-DH-keygen to gnutls/gnutls:master Author: Pedro Monreal Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 06:57:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 05:57:41 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: use artifacts:untracked [3.7.x] (!1710) In-Reply-To: References: Message-ID: Daiki Ueno commented: Merging without approval, as this is a CI-only change. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1710#note_1290989403 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 06:57:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 05:57:50 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: use artifacts:untracked [3.7.x] (!1710) In-Reply-To: References: Message-ID: Merge request !1710 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1710 Project:Branches: dueno/gnutls:wip/ci-fixes-3_7_x to gnutls/gnutls:gnutls_3_7_x Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1710 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 06:58:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 05:58:32 +0000 Subject: [gnutls-devel] GnuTLS | Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709#note_1290989914 I think I've managed to fix it; could you rebase against the latest `gnutls_3_7_x` branch? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709#note_1290989914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 08:06:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 07:06:26 +0000 Subject: [gnutls-devel] GnuTLS | Make the library modular (#1458) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1458 GnuTLS is designed as a monolithic library that covers many aspects including TLS, DTLS, X.509, Cryptographic API, etc. This increases the application's footprint as well as blurs the boundary of the security module certified by FIPS. We could split the library into sub-libraries per role while preserving ABI compatibility through stubs defined as weak symbols. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 08:07:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 07:07:35 +0000 Subject: [gnutls-devel] GnuTLS | Add data driven TLS API (#1459) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1459 Instead of transparently generating/parsing protocol data underneath, GnuTLS could provide a data driven API for TLS, similar to [rustls](https://docs.rs/rustls/0.18.1/rustls/#getting-started). That would eliminate the need of using threads for waiting I/O in the applications. We now have a similar API in the handshake protocol for QUIC, but the new API is for the record protocol. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 08:08:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 07:08:54 +0000 Subject: [gnutls-devel] GnuTLS | Experiment support for post-quantum algorithms in X.509 certificates (#1460) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1460 Certain set of cryptographic algorithms currently in use would be vulnerable for cryptographic attacks with quantum computers. As a countermeasure NIST is standardizing new algorithms for key exchange and digital signature that are supposed to be quantum resistant. This project is to add (experimental) support for those algorithms in our X.509 library to see whether/how they could be actually useful. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1460 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 08:50:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 07:50:16 +0000 Subject: [gnutls-devel] GnuTLS | Enable static code scanning (#1461) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1461 Semmle's LGTM is no longer supported, but maybe we should enable other static code scanning tools like: - [Code Climate](https://docs.gitlab.com/ee/ci/testing/code_quality.html) integration in GitLab - [CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql) scanning -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 09:23:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 08:23:57 +0000 Subject: [gnutls-devel] GnuTLS | Impossible to separately specify path for libev header files (#1457) In-Reply-To: References: Message-ID: Daiki Ueno commented: The configure option is defined using `lib-link.m4` in the [havelib](https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob_plain;f=modules/havelib) Gnulib module, which doesn't allow separate includedir/libdir. Perhaps it might make sense to report it to the Gnulib mailing list. On the other hand, some distributions ship a pkgconfig file (`libev.pc`), so perhaps we could take advantage of it (then you would be specify separate CFLAGS/LIBS through envvars). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1457#note_1291115551 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 10:04:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 09:04:05 +0000 Subject: [gnutls-devel] GnuTLS | memleak in wrap_nettle_mpi_init (#1328) In-Reply-To: References: Message-ID: xuraoqing commented: Normally, the DHE parameter is released after the key exchange message from the client is received.as follows? ![image](/uploads/3a7a5470c726df02e913f8c9a1050602/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1328#note_1291164306 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 10:16:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 09:16:20 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 10:23:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 09:23:01 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Pedro Monreal commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1291203998 Ah, right! I'll fix that in a moment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1291203998 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 10:39:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 09:39:22 +0000 Subject: [gnutls-devel] GnuTLS | Timeout in _asn1_find_up (#1327) In-Reply-To: References: Message-ID: xuraoqing commented: It seems that the problem is caused by the following code in libtasn1. ![image](/uploads/b7bd7c90ba146374dc974b4f6ba377bd/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1327#note_1291250258 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 11:02:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 10:02:57 +0000 Subject: [gnutls-devel] GnuTLS | Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: All discussions on merge request !1709 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 11:03:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 10:03:05 +0000 Subject: [gnutls-devel] GnuTLS | Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Merge request !1709 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 Project:Branches: ametzler/gnutls:tmp-ametzler-fix-1335-for-3.7 to gnutls/gnutls:gnutls_3_7_x Author: Andreas Metzler -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 11:03:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 10:03:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix removal of duplicate certs during verification for 3.7. series (!1709) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1709#note_1291300740 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 11:06:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 10:06:56 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1455: https://gitlab.com/gnutls/gnutls/-/issues/1455 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 11:06:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 10:06:57 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Daiki Ueno commented: Should be fixed with !1709. Thanks for the confirmation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1291306088 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 13:28:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 12:28:58 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Paul Menzel commented: Thank you. As commented in the merge request, patching the 3.9.1 sources from the release archive is not so easy as a new Gnulib module is used, not packaged in the 3.9.1 source archive. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1291488970 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 13:29:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 12:29:16 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Paul Menzel commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1291489284 Are you going to release 3.9.2 soon with the fix? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1291489284 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 22:59:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 21:59:42 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: All discussions on merge request !1706 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 23:02:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 22:02:49 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Merge request !1706 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 Project:Branches: pmgdeb/gnutls:ECC-full-pk-validation-ECDH to gnutls/gnutls:master Author: Pedro Monreal -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 23:03:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 22:03:28 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1292119319 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 24 23:07:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Feb 2023 22:07:48 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292121419 > return GNUTLS_E_DB_ERROR; > } > cache_db_alloc = cache_db_alloc * 2 + 1; > - cache_db = realloc(cache_db, > - cache_db_alloc * sizeof(CACHE)); > - if (!cache_db) > + ptr = realloc(cache_db, I suggest using `xreallocarray` ([defined](https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/xalloc.h;h=f373c2fe59959fbeda4a04a6297d59d735967d0b;hb=HEAD#l80) in "xalloc.h"), which checks integer overflow on the multiplication and also aborts the program when allocation fails. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292121419 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 01:42:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 00:42:26 +0000 Subject: [gnutls-devel] GnuTLS | Draft: priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !1711 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 01:43:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 00:43:19 +0000 Subject: [gnutls-devel] GnuTLS | Draft: priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm marking this as draft, as it turns out that several TLS tests are failing under FIPS mode (maybe they expect no EMS). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1292192448 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 01:49:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 00:49:57 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit-trust: investigate whether CKA_NSS_{SERVER, EMAIL}_DISTRUST_AFTER can be used (#912) In-Reply-To: References: Message-ID: Daiki Ueno commented: The expected behavior is precisely documented at https://wiki.mozilla.org/CA/Additional_Trust_Changes#Distrust_After: > For some root certificates Mozilla has set 'Distrust for TLS After Date' or 'Distrust for S/MIME After Date'. For certificates chaining up to those root certificates, Mozilla does not trust end-entity certificates that have a Valid-From date later than the specified distrust-after date. Certificates with a Valid-From date earlier than the distrust-after date will continue to be trusted until the certificate's natural expiration or until the certificate is revoked. I guess that would translate to: - obtain any CKA_NSS_SERVER_DISTRUST_AFTER attribute when retrieving issuer certificate (maybe store it in a private field of `struct gnutls_x509_crt_int`) - compare issuer's distrust-after date with the one retrieved with `gnutls_x509_crt_get_activation_time` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/912#note_1292194022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 02:12:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 01:12:04 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1292200217 Assuming that you mean 3.7.10, I agree that we can create a new bug-fix release (maybe backporting other fixes which only exist in 3.8.x). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1292200217 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 02:18:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 01:18:41 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix typo in rsa-encrypt-decrypt (!1715) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1715 Project:Branches: dueno/gnutls:wip/fix-typo-in-test to gnutls/gnutls:master Author: Daiki Ueno Patch from Radostin Stoyanov in #1452. Fixes: #1452 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 02:19:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 01:19:10 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix typo in rsa-encrypt-decrypt (!1715) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 02:19:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 01:19:22 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix typo in rsa-encrypt-decrypt (!1715) In-Reply-To: References: Message-ID: Merge request !1715 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1715 Project:Branches: dueno/gnutls:wip/fix-typo-in-test to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 02:25:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 01:25:52 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292203627 > return GNUTLS_E_DB_ERROR; > } > cache_db_alloc = cache_db_alloc * 2 + 1; > - cache_db = realloc(cache_db, > - cache_db_alloc * sizeof(CACHE)); > - if (!cache_db) > + ptr = realloc(cache_db, I initially planned to use xrealloc as before, but cache_db may already have session data stored, and the user may need to do something else before aborting. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292203627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 08:29:23 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 07:29:23 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Paul Menzel commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1292257518 Yes, sorry 3.7.10. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1292257518 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 09:00:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 08:00:56 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292260792 > return GNUTLS_E_DB_ERROR; > } > cache_db_alloc = cache_db_alloc * 2 + 1; > - cache_db = realloc(cache_db, > - cache_db_alloc * sizeof(CACHE)); > - if (!cache_db) > + ptr = realloc(cache_db, Yeah, good point; we should always use different pointer for the return value of `*realloc` than the first argument and have a proper NULL check. I see a similar error a few lines below; could you also fix it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292260792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 09:14:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 08:14:29 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (#1462) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1462 The TPM2 private key support in GnuTLS relies on other crypto libraries (OpenSSL or mbedTLS, depending on how tpm2-tss is compiled) for cryptographic primitives used by the [ESYS API](https://tpm2-tss.readthedocs.io/en/latest/group__esys.html). Since version [4.0.0](https://github.com/tpm2-software/tpm2-tss/releases/tag/4.0.0), tpm2-tss started providing an ability to switch crypto backend at run time, through `Esys_SetCryptoCallbacks`. It would be nice if we could make use of it and set GnuTLS based callbacks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 09:22:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 08:22:53 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix typo in rsa-encrypt-decrypt (!1715) In-Reply-To: References: Message-ID: Merge request !1715 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1715 Project:Branches: dueno/gnutls:wip/fix-typo-in-test to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 10:51:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 09:51:11 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: Merge request !1714 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 10:52:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 09:52:06 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you run `devel/indent-gnutls` to format the code? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292276557 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 14:11:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 13:11:37 +0000 Subject: [gnutls-devel] GnuTLS | [Draft] Use faketime instead of datefudge (!1716) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 Project:Branches: ametzler/gnutls:tmp-ametzler-faketime to gnutls/gnutls:master Author: Andreas Metzler datefudge et.al are currently (Debian sid) broken 32 bit archs. Investigation showed that there multiple implementations in Debian with datefudge having only two users in Debian and unlikely to be fixed. Quoting Matthias Urlichs: > I do recommend switching to a supported library. I'm sorry to say that > my time budget already is negative for the foreseeable future, thus > resuming support for datefudge is out of the question unfortunately. Debian is therefore trying to move the datefudge-users to faketime which is a) more broadly used and b) has an active upstream. Patch originally posted on https://bugs.debian.org/1031553 by Nicolas Boulenguez , debugged and extended for tests not part of the shipped tarball by myself. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 16:35:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 15:35:30 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292336061 ok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292336061 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 16:38:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 15:38:51 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: All discussions on merge request !1714 were resolved by xuraoqing https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 16:55:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 15:55:11 +0000 Subject: [gnutls-devel] GnuTLS | [Draft] Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Daiki Ueno commented: Perhaps it's time to consider adding an option to set current time for testing, e.g., `--time`, to the utilities like `certool`, so we don't need LD_PRELOAD hack? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1292339984 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 21:33:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 20:33:49 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: Pedro Monreal commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1292407106 Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706#note_1292407106 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 21:34:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 20:34:05 +0000 Subject: [gnutls-devel] GnuTLS | ecdh: perform SP800-56A rev3 full pubkey validation on key (!1706) In-Reply-To: References: Message-ID: All discussions on merge request !1706 were resolved by Pedro Monreal https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 25 23:40:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Feb 2023 22:40:56 +0000 Subject: [gnutls-devel] GnuTLS | [Draft] Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1292419683 s_client and s_server also seem to provide `-attime` option since OpenSSL 1.1, which we could make use of in the tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1292419683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 26 02:10:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Feb 2023 01:10:58 +0000 Subject: [gnutls-devel] GnuTLS | Add `--attime` option to tools that perform certificate verification (#1463) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1463 The tests are currently using the `datefudge` program to tweak current time to be used for certificate verification, which replaces time related syscalls with an LD_PRELOAD'ed library. This could be simplified if the tools (certtool, gnutls-cli, and gnutls-serv) natively support setting the current time when verifying certificates, as with the `-attime` [option](https://www.openssl.org/docs/man1.1.1/man1/verify.html) in OpenSSL s_server and s_client. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 26 02:19:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Feb 2023 01:19:43 +0000 Subject: [gnutls-devel] GnuTLS | Rewrite tests/suite/ciphersuite/* in Python (#1464) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1464 The tests in `tests/suite/ciphersuite/*` are currently written using NodeJS and XSLT, which could be replaced with Python and the standard CSV module to avoid additional dependencies. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1464 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 26 03:35:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Feb 2023 02:35:51 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS will limit year to 2037 when time_t is 32-bit (#843) In-Reply-To: References: Message-ID: Daiki Ueno commented: I think this should be ensured by the recent [effort](https://www.gnu.org/software/gnulib/manual/html_node/Avoiding-the-year-2038-problem.html) in Gnulib (i.e., we now have `--enable-year2038` configure option). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/843#note_1292444854 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 26 06:57:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Feb 2023 05:57:58 +0000 Subject: [gnutls-devel] GnuTLS | Add `--attime` option to tools that perform certificate verification (#1463) In-Reply-To: References: Message-ID: Andreas Metzler commented: Good idea. ocsptool would also need a --attime option, see tests/ocsp-tests/ocsp-load-chain.sh -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1463#note_1292464403 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 26 08:42:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Feb 2023 07:42:55 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292474442 Thanks, but it is still [failing](https://gitlab.com/xuraoqing/gnutls/-/jobs/3834340409#L129); I suspect this is caused by some changes between different GNU indent versions? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292474442 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 26 09:29:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Feb 2023 08:29:07 +0000 Subject: [gnutls-devel] GnuTLS | Thread local storages not free'd until application exits (#824) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #824: https://gitlab.com/gnutls/gnutls/-/issues/824 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/824 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 26 09:29:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Feb 2023 08:29:06 +0000 Subject: [gnutls-devel] GnuTLS | Thread local storages not free'd until application exits (#824) In-Reply-To: References: Message-ID: Daiki Ueno commented: This has also been reported as #1401 and a fix has been committed as !1647. We could optimize the implementation using `tss_*` functions, though it would deserve a new issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/824#note_1292479859 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 01:49:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 00:49:17 +0000 Subject: [gnutls-devel] GnuTLS | [Draft] Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on tests/cert-tests/alt-chain.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1292671576 > echo "" > -datefudge -s "2017-5-10" \ > +faketime -f "2017-5-10 00:00:00" \ I'm OK with merging this without waiting for #1463, but if I may suggest something, we could have a wrapper shell function that does: - if `faketime` is found, use it (i.e., invoke the rest of command-line with it); otherwise fallback to `datefudge` - if `datefudge` is found, use it; otherwise exit 77 That way some other distros not shipping `faketime` don't need to introduce a new package until they decide to switch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 06:36:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 05:36:37 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: All discussions on merge request !1714 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 06:37:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 05:37:51 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: Merge request !1714 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 06:38:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 05:38:06 +0000 Subject: [gnutls-devel] GnuTLS | fix possible memory leakage (!1714) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1714#note_1292785591 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 06:40:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 05:40:06 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1292787546 Sorry, this also needs to be rebased again; could you do that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1292787546 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 12:59:23 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 11:59:23 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: Pedro Monreal commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1293266346 Yes, just rebased. I have also added a missing `goto cleanup;`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1293266346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 15:36:08 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 14:36:08 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1293522008 Thank you; for the missing `goto cleanup;`, oops, that's a good catch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1293522008 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 15:37:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 14:37:52 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: All discussions on merge request !1707 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 15:38:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 14:38:15 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: Merge request !1707 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 Project:Branches: pmgdeb/gnutls:PCT-DH-keygen to gnutls/gnutls:master Author: Pedro Monreal Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 15:59:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 14:59:40 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: Merge request !1707 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 Project:Branches: pmgdeb/gnutls:PCT-DH-keygen to gnutls/gnutls:master Author: Pedro Monreal -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 16:33:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 15:33:19 +0000 Subject: [gnutls-devel] GnuTLS | Draft: priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1293631421 To make them pass under FIPS, as `%FORCE_SESSION_HASH` is the default, we need to think about the library behavior for the following cases: - the negotiated version is either SSL 3.0 or DTLS 0.9 (i.e., EMS cannot be used) - either `%NO_EXTENSIONS` or `%NO_SESSION_HASH` is used For the former, I guess we could simply allow absence of EMS for those protocols; we could disable them in configuration file. For the latter, we probably should have a way to invalidate the effect of implicit `%FORCE_SESSION_HASH`, while we want to ensure that the use of EMS is somehow enforced. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1293631421 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 19:15:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 18:15:49 +0000 Subject: [gnutls-devel] GnuTLS | [Draft] Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on tests/cert-tests/alt-chain.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1293879822 > > . ${srcdir}/../scripts/common.sh > > -skip_if_no_datefudge > +skip_if_no_faketime > > OLD_CA_FILE="${srcdir}/data/alt-chain-old-ca.pem" > NEW_CA_FILE="${srcdir}/data/alt-chain-new-ca.pem" > > echo "" > -datefudge -s "2017-5-10" \ > +faketime -f "2017-5-10 00:00:00" \ That sounds like good plan. I will look into it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1293879822 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 19:28:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 18:28:55 +0000 Subject: [gnutls-devel] GnuTLS | [Draft] Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented: I just realized that I had accidentally already removed SKIP_DATEFUDGE_CHECK without pre-discussing. Afaict the current code https://gitlab.com/ametzler/gnutls/-/blob/master/tests/scripts/common.sh#L101 does not seem to be really useful: ```sh check_for_datefudge() { # On certain platforms running datefudge date fails (e.g., x86 datefudge # with x86-64 date app). if test "${SKIP_DATEFUDGE_CHECK}" = 1;then return fi TSTAMP=`datefudge -s "2006-09-23" "${top_builddir}/tests/datefudge-check" || true` if test "$TSTAMP" != "1158969600" || test "$WINDOWS" = 1; then return 1 fi } ``` It overrides checking whether datefudge works with "yes it does". I could understand the need for "do not even try to test, it is broken, just act as if it was absent", but not for "do not test whether it works but use it anyway". Also it does not seem to be used by the current CI. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1293909529 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 27 20:42:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Feb 2023 19:42:35 +0000 Subject: [gnutls-devel] GnuTLS | pk: extend pair-wise consistency to cover DH key generation (!1707) In-Reply-To: References: Message-ID: Pedro Monreal commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1293976031 Thanks also to fedora-static-analyzers/build. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1707#note_1293976031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 05:31:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 04:31:48 +0000 Subject: [gnutls-devel] GnuTLS | doc: Don't depend on /usr/bin/perl in the Makefile.am. (!1717) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1717 Project:Branches: dueno/gnutls:wip/dueno/perl-path to gnutls/gnutls:master Author: Daiki Ueno Patch from Christopher Baines in !1645. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 05:32:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 04:32:25 +0000 Subject: [gnutls-devel] GnuTLS | doc: Don't depend on /usr/bin/perl in the Makefile.am. (!1645) In-Reply-To: References: Message-ID: Daiki Ueno commented: Superseded by !1717. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1645#note_1294304887 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 05:32:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 04:32:25 +0000 Subject: [gnutls-devel] GnuTLS | doc: Don't depend on /usr/bin/perl in the Makefile.am. (!1645) In-Reply-To: References: Message-ID: Merge request !1645 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1645 Project:Branches: cbaines/gnutls:perl-PATH to gnutls/gnutls:master Author: Christopher Baines Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1645 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 05:32:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 04:32:52 +0000 Subject: [gnutls-devel] GnuTLS | doc: Don't depend on /usr/bin/perl in the Makefile.am. (!1717) In-Reply-To: References: Message-ID: Merge request !1717 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1717 Project:Branches: dueno/gnutls:wip/dueno/perl-path to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 05:59:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 04:59:53 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS will limit year to 2037 when time_t is 32-bit (#843) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #843: https://gitlab.com/gnutls/gnutls/-/issues/843 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/843 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 07:04:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 06:04:40 +0000 Subject: [gnutls-devel] GnuTLS | doc: Don't depend on /usr/bin/perl in the Makefile.am. (!1717) In-Reply-To: References: Message-ID: Merge request !1717 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1717 Project:Branches: dueno/gnutls:wip/dueno/perl-path to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 09:19:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 08:19:59 +0000 Subject: [gnutls-devel] GnuTLS | remove unused extern variables (!1718) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1718 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1718 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 09:52:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 08:52:02 +0000 Subject: [gnutls-devel] GnuTLS | remove unused extern variables (!1718) In-Reply-To: References: Message-ID: Merge request !1718 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1718 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1718 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 09:52:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 08:52:11 +0000 Subject: [gnutls-devel] GnuTLS | remove unused extern variables (!1718) In-Reply-To: References: Message-ID: Merge request !1718 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1718 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1718 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 09:52:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 08:52:18 +0000 Subject: [gnutls-devel] GnuTLS | remove unused extern variables (!1718) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1718#note_1294537010 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 28 15:27:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Feb 2023 14:27:34 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) References: Message-ID: Michael Catanzaro created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1465 Chrome and NSS have begun randomizing the order of TLS extensions in the ClientHello (except the pre_shared_key extension) to make fingerprinting harder. [This blog post](https://www.fastly.com/blog/a-first-look-at-chromes-tls-clienthello-permutation-in-the-wild) explains the scheme nicely. Would be nice for GnuTLS to do the same. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: