From gnutls-devel at lists.gnutls.org Wed Jan 1 10:56:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Jan 2025 09:56:05 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add cmake (!1908) In-Reply-To: References: Message-ID: Sam James commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1908#note_2278113879 > (is it not also extendable via pure Python scripting?) No, it's not. It's quite easy to audit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1908#note_2278113879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 1 12:18:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Jan 2025 11:18:23 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Gene commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2278134207 For completeness the gpg issue is [gnupg issue T6965](https://dev.gnupg.org/T6965) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2278134207 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 1 14:20:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Jan 2025 13:20:51 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process thisUpdate field according to RFC5280 (#1638) References: Message-ID: Qianxin Cheng created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1638 ## Description of problem: The RFC standard for X.509 CRLs restricts the thisUpdate field to only two formats, namely UTCTime (YYMMDDHHMMSSZ) and GeneralizedTime (YYYYMMDDHHMMSSZ) in ASN.1 representation, which are 13 and 15 characters wide, respectively. However, GnuTLS 3.7.11 accepts certificates with a thisUpdate field of length 11 ("0103010100Z"). ## Version of gnutls used: GnuTLS3.7.11 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to reproduce: Use the following command: certtool --crl-info --inder --infile crl_file.der to reproduce the issue. crl_file.der is a CRL with a thisUpdate field length of 11. ## Actual results: The CRL is trusted and printed ## Expected results: The RFC standard for X.509 CRLs limits the thisUpdate field to only two formats: UTCTime (YYMMDDHHMMSSZ) and GeneralizedTime (YYYYMMDDHHMMSSZ) in ASN.1 encoding, which are 13 and 15 characters wide, respectively. Therefore, it should reject a CRL file with a thisUpdate field length of 11 (e.g., "0103010100Z").[crl_file.der](/uploads/a0678daac2315cae8d57fc74b8886b81/crl_file.der) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1638 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 2 09:27:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Jan 2025 08:27:42 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add meson step 10 (!1914) In-Reply-To: References: Message-ID: Tal Regev marked merge request !1914 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 3 16:29:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Jan 2025 15:29:53 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: David Dudas commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2280769625 Unfortunately, the values for "version" come from nowhere. Back then, I was not able to find any specification mentioning the versions. I have associated 44 with 4, 65 with 6, and 87 with 8. But perhaps 1, 2, and 3 would be better? I should have mentioned this next to `_gnutls_get_pqc_alg_version`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2280769625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 3 17:05:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Jan 2025 16:05:08 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Geert Hendrickx commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2280814618 Will you add support for hybrid SecP384r1MLKEM1024 as well? [IANA has assigned `0x11ed`](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8), from [draft-kwiatkowski-tls-ecdhe-mlkem-03](https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-03.html). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2280814618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 15:15:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 14:15:33 +0000 Subject: [gnutls-devel] GnuTLS | trust-store test not finding certificates when using p11-kit as default trust store (#1639) References: Message-ID: Maxim Cournoyer created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1639 Hello! I'm trying to debug why gnutls (as seen in the trust-store test) doesn't find p11-kit provided certificates when configured with `--with-default-trust-store-pkcs11=pkcs11:`. There is no /etc/ssl/* directory on the system, and p11-kit is configured to have the nss provided certificates on its trust_paths (`-Dtrust_paths=/gnu/store/bxwlna9pk9f4rh161a9hjbxrabd3ayyh-nss-certs-3.99/etc/ssl/certs`), and something like `p11-kit list-objects pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=certs` confirms it has access to these certificates: ``` p11-kit list-objects pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=certs Object: #0 class: nss-builtin-root-list label: Trust Anchor Roots flags: token Object: #1 class: nss-builtin-root-list label: Trust Anchor Roots flags: token Object: #2 class: nss-builtin-root-list label: Trust Anchor Roots flags: token Object: #3 class: nss-trust label: Atos TrustedRoot 2011 id: a7:a5:06:b1:2c:a6:09:60:ee:d1:97:e9:70:ae:bc:3b:19:6c:db:21 flags: token Object: #4 uri: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=certs;id=%73%7A%6B%96%DB%42%07%8B%52%66%C2%64%32%17%FE%E0%67%90%2E%AD;object=DigiCert%20SMIME%20ECC%20P384%20Root%20G5;type=cert class: certificate certificate-type: x-509 certificate-category: authority label: DigiCert SMIME ECC P384 Root G5 id: 73:7a:6b:96:db:42:07:8b:52:66:c2:64:32:17:fe:e0:67:90:2e:ad start-date: 2021.01.15 end-date: 2046.01.14 flags: token Object: #5 class: nss-trust label: DigiCert SMIME ECC P384 Root G5 id: 73:7a:6b:96:db:42:07:8b:52:66:c2:64:32:17:fe:e0:67:90:2e:ad flags: token Object: #6 uri: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=certs;id=%35%0F%C8%36%63%5E%E2%A3%EC%F9%3B%66%15%CE%51%52%E3%91%9A%3D;object=OISTE%20WISeKey%20Global%20Root%20GB%20CA;type=cert class: certificate certificate-type: x-509 certificate-category: authority label: OISTE WISeKey Global Root GB CA id: 35:0f:c8:36:63:5e:e2:a3:ec:f9:3b:66:15:ce:51:52:e3:91:9a:3d start-date: 2014.12.01 end-date: 2039.12.01 flags: token [...] ``` Now the problem is that running the `tests/trust-store` test in that environment produces: ``` doit:63: no certificates were found in system trust store! ``` It seems it doesn't consider the p11-kit certs, although my reading of the code is that it should. Any ideas? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 16:52:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 15:52:04 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1918) References: Message-ID: Loganaden Velvindron created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1918 Project:Branches: loganaden1/gnutls:SecP384r1MLKEM1024 to gnutls/gnutls:master Author: Loganaden Velvindron Add MLKEM-1024 and SecP384r1MLKEM1024. Signed-off-by: Loganaden Velvindron Signed-off-by: Jaykishan Mutkawoa Signed-off-by: Kavish Nadan -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1918 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 16:55:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 15:55:39 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1918) In-Reply-To: References: Message-ID: Merge request !1918 was closed by Loganaden Velvindron Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1918 Project:Branches: loganaden1/gnutls:SecP384r1MLKEM1024 to gnutls/gnutls:master Author: Loganaden Velvindron Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1918 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 16:56:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 15:56:53 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) References: Message-ID: Loganaden Velvindron created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 Project:Branches: loganaden1/gnutls:SecP384r1MLKEM1024 to gnutls/gnutls:master Author: Loganaden Velvindron * Add MLKEM-1024 and SecP384r1MLKEM1024. Signed-off-by: Loganaden Velvindron Signed-off-by: Jaykishan Mutkawoa Signed-off-by: Kavish Nadan ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 17:23:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 16:23:06 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281796167 I'm not sure why it's failing commit-check. Can someone please help ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281796167 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 01:51:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 00:51:14 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281863012 Thank you. As for plumbing ML-KEM-1024, see also https://gitlab.com/gnutls/gnutls/-/merge_requests/1916/diffs?commit_id=1e493f2f92329fd1dca534e8ba83e70c7f1126d5 which also includes update for documentation and tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281863012 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 01:51:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 00:51:14 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/algorithms/groups.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281863010 > + .id = GNUTLS_GROUP_EXP_SECP384R1, GNUTLS_GROUP_EXP_MLKEM1024, > + GNUTLS_GROUP_INVALID }, > + .tls_id = 0x11ED }, Notice the separate `.id` and `.ids` fields in this structure, where the former assigns a unique ID for this key share group, while the latter specifies the subgroups compositing this hybrid group. The correct entry should look like: ```suggestion:-3+0 { .name = "SECP384R1-MLKEM1024", .id = GNUTLS_GROUP_EXP_SECP384R1_MLKEM1024, .ids = { GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_EXP_MLKEM1024, GNUTLS_GROUP_INVALID }, .tls_id = 0x11ED }, ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 08:11:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 07:11:29 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion on lib/algorithms/groups.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281900655 > .ids = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_EXP_MLKEM768, > GNUTLS_GROUP_INVALID }, > .tls_id = 0x11EB }, > + { .name = "SECP384R1-MLKEM1024", > + .id = GNUTLS_GROUP_EXP_SECP384R1, GNUTLS_GROUP_EXP_MLKEM1024, > + GNUTLS_GROUP_INVALID }, > + .tls_id = 0x11ED }, Thanks for pointing this out. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281900655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 08:12:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 07:12:42 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281900839 Can we take over the ML-KEM-1024 work or do you prefer to do it yourself then we wait for your commit and push our code for SecP384r1MLKEM1024 ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281900839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 11:42:22 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 10:42:22 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281930852 I'd prefer you to take it over, so I can just drop the commit from my MR and rebase against yours. Please feel free to go ahead and be sure to update the docs and tests (it would also be a good idea to add an entry to the NEWS file). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281930852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 17:56:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 16:56:52 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281992322 got it. We shall follow your guidance. Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281992322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 02:13:37 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 01:13:37 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2282085374 Thanks for the clarification. Given that the used algorithm is indicated through `privateKeyAlgorithm.algorithm` as OID, maybe we should always use 0 to be compatible with OneAsymmetricKey or PKCS#8 PrivateKeyInfo. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2282085374 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 07:14:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 06:14:19 +0000 Subject: [gnutls-devel] GnuTLS | What is the command to print a PEM format CRL using GnuTLS? (#1636) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1636: https://gitlab.com/gnutls/gnutls/-/issues/1636 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 07:21:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 06:21:54 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process thisUpdate field according to RFC5280 (#1638) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1638#note_2282218038 Yes, the current implementation treats seconds field in UTCTime as optional. This might be another candidate to be fixed in `--enable-strict-x509`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1638#note_2282218038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:03:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:03:55 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1640) References: Message-ID: Qianxin Cheng created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1640 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:04:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:04:18 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1641) References: Message-ID: Qianxin Cheng created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1641 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:53:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:53:58 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1640) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1640#note_2282577281 Looks like a duplicate of #1641. Closing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1640#note_2282577281 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:53:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:53:57 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1640) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1640: https://gitlab.com/gnutls/gnutls/-/issues/1640 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:56:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:56:50 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1641) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1641#note_2282609857 No need to open a separate issue, as it has the same cause as #1638; our UTCTime handling tolerates a missing SS field, which can appear anywhere. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1641#note_2282609857 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:56:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:56:50 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1641) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1641: https://gitlab.com/gnutls/gnutls/-/issues/1641 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 11:33:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 10:33:20 +0000 Subject: [gnutls-devel] GnuTLS | support: DTLS connection ID (#801) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/801#note_2282788129 Hey @valdaarhun, This issue was originally created for DTLS1.2 and the support for it would be still a nice addition, I would suggest you look at the DTLS1.2 implementation first. In the meantime I will identify the difference between the 1.2 and 1.3 version of the extension if any, we could then incorporate your DTLS1.2 implementation into DTLS1.3 and make modification accordingly. If you find any obstacles not concerning the issue directly, then feel free to contact me at dev at fkrenzel.cz -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/801#note_2282788129 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 11:48:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 10:48:12 +0000 Subject: [gnutls-devel] GnuTLS | Documentation for gnutls_record_send_file() does not mention sendfile() limits (0x7ffff000 SSIZE_MAX) (#1568) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1568#note_2282835715 Hello @mrblarg64, nice catch, If you are still on this, the latter seems much better yet the former would be much less work and we could always fix it using the former later. I will leave that on you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1568#note_2282835715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 13:50:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 12:50:02 +0000 Subject: [gnutls-devel] GnuTLS | Differences in certificate verification results (#1642) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1642 ## Description of problem: GnuTLS has different results than OpenSSL when performing certificate verification. According to RFC5280 and the content of the test case itself, I think it is a gnutls verification error. RFC5280 states: When the keyUsage extension appears in a certificate, at least one of the bits MUST be set to 1. The keyusage value of this test case is empty, that is, there is no bit set to 1. ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * one certtool --verify --load-ca-certificate RootCA.pem --infile Cert1732784164244D1.pem * two openssl verify -CAfile RootCA.pem Cert1732784164244D1.pem ## Actual results: openssl?error:1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate gnutls?Verified. The certificate is trusted. ## Expected results: gnutls?Not verified. The certificate is NOT trusted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1642 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 13:57:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 12:57:30 +0000 Subject: [gnutls-devel] GnuTLS | Policy Mappings Critical Identification (#1643) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1643 ## Description of problem: Gnutls verification failed with a policy map marked as critical openssl verification passed with a policy map marked as critical RFC5280 states:This extension MAY be supported by CAs and/or applications. Conforming CAs SHOULD mark this extension as critical. ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * one certtool --verify --load-ca-certificate RootCA.pem --infile Cert1732784232101M2.pem * two openssl verify -CAfile RootCA.pem Cert1732784232101M2.pem [Cert1732784232101M2.pem](/uploads/581e0c336700905790aa14f6032f7f06/Cert1732784232101M2.pem) [RootCA.pem](/uploads/f94a40431d9580b04f537dd9f530a799/RootCA.pem) ## Actual results: OpenSSL:Cert1732784232101M2.pem: OK GnuTLS:Not verified. The certificate is NOT trusted. The certificate contains an unknown critical extension. ## Expected results: GnuTLS?Verified. The certificate is trusted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 06:06:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 05:06:28 +0000 Subject: [gnutls-devel] GnuTLS | support: DTLS connection ID (#801) In-Reply-To: References: Message-ID: Sahil Siddiq commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/801#note_2284045281 Hi. Thank you for your reply. > Hey @valdaarhun, This issue was originally created for DTLS1.2 and the support for it would be still a nice addition, I would suggest you look at the DTLS1.2 implementation first. In the meantime I will identify the difference between the 1.2 and 1.3 version of the extension if any, we could then incorporate your DTLS1.2 implementation into DTLS1.3 and make modification accordingly. Understood. I'll begin with implementing the DTLS1.2 extension in that case. > If you find any obstacles not concerning the issue directly, then feel free to contact me at dev at fkrenzel.cz Sure thing! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/801#note_2284045281 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 08:01:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 07:01:00 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: All discussions on merge request !1919 were resolved by Loganaden Velvindron https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 10:25:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 09:25:50 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add meson step 11 (!1914) In-Reply-To: References: Message-ID: Tal Regev marked merge request !1914 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 13:41:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 12:41:01 +0000 Subject: [gnutls-devel] GnuTLS | Use ELF notes to indicate what libraries will be dlopen()'d (#1582) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1582#note_2284678137 @rossburton Hello, thank you for the feature suggestion. Do you know whether there are currently any tools that use these ELF notes? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1582#note_2284678137 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 13:55:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 12:55:55 +0000 Subject: [gnutls-devel] GnuTLS | Use ELF notes to indicate what libraries will be dlopen()'d (#1582) In-Reply-To: References: Message-ID: Ross Burton commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1582#note_2284701759 If you mean reading them, then the packaging tools in Fedora (thus future RHEL), Debian (thus Ubuntu), OpenEmbedded and (I'm 90% sure) Gentoo and Arch all read those notes to create package dependencies automatically. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1582#note_2284701759 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:15:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:15:50 +0000 Subject: [gnutls-devel] GnuTLS | Certificate Validation Differences (#1631) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1631#note_2284734017 Looking at https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2 I don't see any requirement for the SKI to have a non-zero length... Where did you find that requirement? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1631#note_2284734017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:28:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:28:41 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284756094 It looks to me like the server is buggy: in the log.txt case it asks for a X25519 key share in the HelloRetryRequest, the gnutls provides it, and then the server rejects the connection with illegal_parameter in the log-192.txt case the server picks the Secp384r1 key share and continues with that. It looks like it has a buggy HRR implementation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284756094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:41:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:41:31 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2284780311 The current drafts require seeds as private keys, but liboqs doesn't support it yet: https://github.com/open-quantum-safe/liboqs/issues/2032 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2284780311 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:48:37 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:48:37 +0000 Subject: [gnutls-devel] GnuTLS | Differences in certificate verification results (#1642) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1642#note_2284797062 This should be covered by strict-x509. Try to build gnutls with --enable-strict-x509 configure option and the behavior should be as expected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1642#note_2284797062 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:49:16 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:49:16 +0000 Subject: [gnutls-devel] GnuTLS | Policy Mappings Critical Identification (#1643) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1643#note_2284798369 I believe this too should be covered by strict-x509. Try to build gnutls with --enable-strict-x509 configure option and the behavior should be as expected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1643#note_2284798369 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:52:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:52:21 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2284805136 @dueno any idea what could be causing the build to fail on some OS targets ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2284805136 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:06:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:06:08 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add meson step 11 (!1914) In-Reply-To: References: Message-ID: Tal Regev commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914#note_2284840701 @dueno I manage to compile nettle and libtasn1 with meson. also some part in lib of gnutls. I am doing this step by step. Can I have a special branch in this repository that I can collaborate with others as you suggested? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914#note_2284840701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:08:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:08:34 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2284847180 Yeah, that's why we stick to -04 for now. When we switch to the native implementation in Nettle, we should take it into account of the API design. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2284847180 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:11:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:11:18 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2284855737 Sorry, it's just an annual annoyance of manually updating copyright year in some files. This [commit](https://gitlab.com/gnutls/gnutls/-/merge_requests/1915/diffs?commit_id=314671262a9830f2053308533002ccc11f249cdd) fixes the issue; you can include it in this MR or wait for !1915 is merged. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2284855737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:14:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:14:41 +0000 Subject: [gnutls-devel] GnuTLS | Assorted minor improvements to the build infrastructure (!1915) In-Reply-To: References: Message-ID: Merge request !1915 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915 Project:Branches: dueno/gnutls:wip/dueno/minor-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:17:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:17:08 +0000 Subject: [gnutls-devel] GnuTLS | Assorted minor improvements to the build infrastructure (!1915) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915#note_2284874659 sanitylib.sh fails but the changes look fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915#note_2284874659 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:20:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:20:41 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Gene commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284885058 Server is nginx. Still, it is interesting that everything from browsers to curl to sequoia all work while gnutls fails. I'm just a user and tls handshake details are outside my expertise. Is it possible, say, that whatever gnutls client provides (e.g. the transcript hash) is somehow causing the server to reject it with illegal parameter rather than nginx is buggy? Ignore if I am off base here but for example, RFC 8446 says: ``` Note: The handshake transcript incorporates the initial ClientHello/HelloRetryRequest exchange; it is not reset with the new ClientHello ``` So as a wild guess, this could go sideways if the transcript hash was was reset instead of retained with the new ClientHello. But as I said, not my area. I defer to others. @tomato42 thanks for sharing your thoughts. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284885058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:39:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:39:27 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284934048 technically, there are valid reasons why a server can reject the second client hello, but I'm afraid I'd need packet capture to be able o tell if gnutls is actually RFC compliant... would you be able to provide that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284934048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 16:36:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 15:36:49 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Gene commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2285216840 Sort of - here is summary of tcpdump - note that since I am on the internal network now I have replaced the IPs with client/server below and I am unable to share the full pcap file(s) for this reason. But of course you can also run gnutle-cli client along with tcpdump on your end and compare with what happens using other clients. I ran twice once with gnutls-cli and once with curl www.sapience.com/sitemap.xml The first difference is at step 6 where server issues HRR to gnutls while for curl it replies with 'Server Hello'. Within that client hello packet curl is sending key_share X25519 while gnutls sends 'secp256r1, x25519'. There are other differences too. My apologies for not being able to share more but you can get a pcap on your client side too, though more work for you - sorry. This is the summary of gnutls: ``` No Time Source Dest Proto Length Info ------------------------------------------------------------ 1 0.000000 client server TCP 74 50170 ? 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=644306766 TSecr=0 WS=128 2 0.002485 server client TCP 74 443 ? 50170 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM TSval=1428335904 TSecr=644306766 WS=128 3 0.002526 client server TCP 66 50170 ? 443 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=644306769 TSecr=1428335904 4 0.002931 client server TLSv1.3 464 Client Hello (SNI=www.sapience.com) 5 0.004983 server client TCP 66 443 ? 50170 [ACK] Seq=1 Ack=399 Win=64768 Len=0 TSval=1428335907 TSecr=644306769 6 0.005294 server client TLSv1.3 159 Hello Retry Request 7 0.005295 server client TLSv1.3 72 Change Cipher Spec 8 0.005325 client server TCP 66 50170 ? 443 [ACK] Seq=399 Ack=94 Win=64256 Len=0 TSval=644306771 TSecr=1428335907 9 0.005346 client server TCP 66 50170 ? 443 [ACK] Seq=399 Ack=100 Win=64256 Len=0 TSval=644306772 TSecr=1428335907 10 0.005561 client server TLSv1.3 395 Client Hello (SNI=www.sapience.com) 11 0.008015 server client TLSv1.3 73 Alert (Level: Fatal, Description: Illegal Parameter) 12 0.008017 server client TCP 66 443 ? 50170 [FIN, ACK] Seq=107 Ack=728 Win=64512 Len=0 TSval=1428335910 TSecr=644306772 13 0.008122 client server TCP 66 50170 ? 443 [FIN, ACK] Seq=728 Ack=108 Win=64256 Len=0 TSval=644306774 TSecr=1428335910 14 0.009992 server client TCP 66 443 ? 50170 [ACK] Seq=108 Ack=729 Win=64512 Len=0 TSval=1428335912 TSecr=644306774 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2285216840 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 8 09:56:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Jan 2025 08:56:31 +0000 Subject: [gnutls-devel] GnuTLS | tls13/compress-cert-neg2 test fails only when run inside Guix build container (#1634) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1634#note_2286569425 Hello, it seems that the zlib is present on the system which is why the test isn't skipped. But when gnutls tries to initialize zlib it fails to `dlopen` it (call to `gnutls_zlib_ensure_library` fails). There are a couple options I see that might be the cause of the problem: either the `Z_LIBRARY_SONAME` was not generated correctly or wasn't generated at all by gnutls in which case the `dlopen` would fail to find the file or the zlib library is present but not accessible which would cause `dlopen` to fail. However I am not sure there is a way for you to check which one of these options it is without actually running a debugger or modifying the code. To further understand what is going on it would be necessary to find out what the `Z_LIBRARY_SONAME` value is and what error code is returned from `gnutls_zlib_ensure_library`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1634#note_2286569425 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 8 17:07:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Jan 2025 16:07:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Reassigned merge request 1920 https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 8 17:07:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Jan 2025 16:07:08 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #957 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 07:25:46 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 06:25:46 +0000 Subject: [gnutls-devel] GnuTLS | Assorted minor improvements to the build infrastructure (!1915) In-Reply-To: References: Message-ID: Merge request !1915 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915 Project:Branches: dueno/gnutls:wip/dueno/minor-fixes to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 12:14:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 11:14:12 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 13:34:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 12:34:30 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2289035328 https://gitlab.com/gnutls/gnutls/-/merge_requests/1916/diffs?commit_id=69cf4fb1938582a9ee5097b713b1f342e52257b2 is my attempt to use 0 or 1 for version. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2289035328 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 13:37:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 12:37:33 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 15:22:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 14:22:31 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Merge request !1916 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 15:23:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 14:23:11 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2289266682 All of the changes look good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2289266682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 22:28:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 21:28:31 +0000 Subject: [gnutls-devel] GnuTLS | Add meson step 11 (!1914) In-Reply-To: References: Message-ID: Tal Regev marked merge request !1914 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 03:01:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 02:01:25 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: All discussions on merge request !1916 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 03:01:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 02:01:40 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2290023501 Thank you for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2290023501 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 03:01:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 02:01:49 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Merge request !1916 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 03:05:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 02:05:09 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290025077 Now that !1915 (and also !1916) has been merged, could you rebase? Also consider updating `tests/hybrid-pqc-kx.sh` to cover the new key exchange. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290025077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 06:10:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 05:10:11 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290231562 We will. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290231562 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 09:32:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 08:32:09 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: All discussions on merge request !1919 were resolved by Loganaden Velvindron https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 11:01:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 10:01:27 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290598503 @dueno rebase done, variables renamed to adhere to the convention and tests updated. Only issue is on one target platform, it's failing. Any idea what might be causing this ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290598503 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 11:39:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 10:39:39 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290686016 @dueno we found a bug and are fixing it to make it build on fedora. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290686016 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 13:10:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 12:10:30 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290869605 @dueno it is now building properly for Fedora. Are there other issues we need to look into or is it ready ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290869605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 13:42:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 12:42:05 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Geert Hendrickx commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290916233 I tested this SecP384r1MLKEM1024 implementation against openssl 3.5 (feature/ml-kem branch) and oqs-provider, but it interoperates with neither: ``` *** Fatal error: A TLS fatal alert has been received. *** Received alert [40]: Handshake failed ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290916233 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 14:05:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 13:05:07 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290957721 @ghen2 thanks. we also found another test issue. We are looking into this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290957721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 11 09:10:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 11 Jan 2025 08:10:50 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292090111 @ghen2 @dueno I'm able to get interop with OpenSSL 3.5 now: |<4>| HSK[0x5e0aef04de60]: SERVER HELLO (2) was received. 08:06:17 [265/1978] frag offset 0, frag length: 1751, sequence: 0 |<3>| ASSERT: buffers.c[get_last_packet]:1130 |<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1374 |<4>| HSK[0x5e0aef04de60]: Server's version: 3.3 |<4>| EXT[0x5e0aef04de60]: Parsing extension 'Supported Versions/43' (2 bytes ) |<4>| EXT[0x5e0aef04de60]: Negotiated version: 3.4 |<4>| HSK[0x5e0aef04de60]: Selected cipher suite: GNUTLS_AES_256_GCM_SHA384 |<4>| EXT[0x5e0aef04de60]: Parsing extension 'Key Share/51' (1669 bytes) |<4>| HSK[0x5e0aef04de60]: Selected group SECP384R1-MLKEM1024 (518) |<2>| EXT[0x5e0aef04de60]: client generated SECP384R1-MLKEM1024 shared key |<11>| HWRITE: enqueued [CHANGE CIPHER SPEC] 1. Total 1 bytes. |<11>| HWRITE FLUSH: 1 bytes in buffer. |<5>| REC[0x5e0aef04de60]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292090111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 11 11:16:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 11 Jan 2025 10:16:39 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Geert Hendrickx commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292145713 Yes, I also tested successfully with both OpenSSL 3.5 and oqsprovider, in both directions (as a client and as a server). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292145713 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 11 13:05:45 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 11 Jan 2025 12:05:45 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292253239 @ghen2 thanks for putting time into testing this MR thoroughly. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292253239 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 12 10:49:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Jan 2025 09:49:44 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 Project:Branches: dueno/gnutls:wip/dueno/gnulib-update to gnutls/gnutls:master Author: Daiki Ueno * gnulib: update gnulib submodule * doc: update copy of LGPLv2.1 to the latest, without FSF address * gnulib: work around misinteractions between close and fchdir modules This caused a build failure on mingw. The workaround was suggested by Bruno Haible in: * build: define GNUTLS_BUILDING_LIB while compiling sources in lib/ * configure: run autoupdate This fixes the warnings generated by autoupdate: configure.ac:55: warning: AC_PROG_CC_C99 is obsolete; use AC_PROG_CC configure.ac:139: warning: The preprocessor macro `STDC_HEADERS' is obsolete. Except in unusual embedded environments, you can safely include all ISO C90 headers unconditionally. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 02:16:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 01:16:06 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Simon Josefsson was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 02:16:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 01:16:14 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 02:56:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 01:56:28 +0000 Subject: [gnutls-devel] GnuTLS | doc: Avoid failures in a parallel build. (!1911) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911#note_2295288991 @apteryks The failure in fedora-static-analyzers/build should be fixed in the latest git master. Could you rebase? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911#note_2295288991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 03:32:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 02:32:05 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: rename GNUTLS_PK_ML_KEM_* to GNUTLS_PK_MLKEM* (!1922) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 Project:Branches: dueno/gnutls:wip/dueno/mlkem-followup to gnutls/gnutls:master Author: Daiki Ueno * algorithms: centrally define KEM algorithm sizes in group entries This switches to define the public key and ciphertext sizes of ML-KEM algorithms in gnutls_group_entry_st, instead of deriving those from the algorithm name at the usage in the TLS key shares. Signed-off-by: Daiki Ueno * algorithms: rename GNUTLS_{PK,SIGN}_ML_DSA_* to GNUTLS_*_MLDSA* To be consistent with ML-KEM algorithms, omit underscores in ML-DSA gnutls_pk_algorithm_t and gnutls_sign_algorithm_t enum definitions, while keeping hyphens in the human readable names. Signed-off-by: Daiki Ueno * algorithms: rename GNUTLS_PK_ML_KEM_* to GNUTLS_PK_MLKEM* To be consistent with the naming of hybrid groups, omit underscores in the enum definition, while keeping hyphens in human readable names. Signed-off-by: Daiki Ueno ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 03:36:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 02:36:44 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295308453 @d-Dudas I'm leaning to name all ML-KEM/ML-DSA constants without hyphens to match our naming of hybrid groups. Is it OK for you? @loganaden1 This also includes a minor cleanup of key_share extension handling. Could you check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295308453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 04:45:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 03:45:24 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295349257 @dueno we will check it today. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295349257 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 06:22:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 05:22:32 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295407889 @dueno OK from our side. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295407889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 07:39:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 06:39:03 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:11:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:11:01 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Merge request !1922 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 Project:Branches: dueno/gnutls:wip/dueno/mlkem-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:11:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:11:19 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295547235 No mistakes spotted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295547235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:11:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:11:57 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Merge request !1922 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 Project:Branches: dueno/gnutls:wip/dueno/mlkem-followup to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:24:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:24:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/pubkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920#note_2295565681 > + /* Even though the PKCS#11 3.1 spec defines EC_POINT as > + * "Public key bytes in little endian order". > + * Previous version of the spec caused confusion and lot of Shouldn't this sentence be a continuation of the previous one, i.e., `Even though the PKCS#11 3.1 spec defines EC_POINT as "Public key bytes in little endian order", previous version of ...`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:24:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:24:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Merge request !1920 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:24:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:24:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920#note_2295565690 Looks good to me. Would it be possible to include a test data under tests/cert-tests/data and update tests/cert-tests/certtool-eddsa.sh to cover both formats? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920#note_2295565690 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 10:41:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 09:41:28 +0000 Subject: [gnutls-devel] GnuTLS | doc: Avoid failures in a parallel build. (!1911) In-Reply-To: References: Message-ID: Merge request !1911 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911 Project:Branches: apteryks/gnutls:fix-doc-parallel-build to gnutls/gnutls:master Author: Maxim Cournoyer Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 10:41:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 09:41:24 +0000 Subject: [gnutls-devel] GnuTLS | doc: Avoid failures in a parallel build. (!1911) In-Reply-To: References: Message-ID: Merge request !1911 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911 Project:Branches: apteryks/gnutls:fix-doc-parallel-build to gnutls/gnutls:master Author: Maxim Cournoyer Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:00:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:00:00 +0000 Subject: [gnutls-devel] GnuTLS | doc: Avoid failures in a parallel build. (!1911) In-Reply-To: References: Message-ID: Merge request !1911 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911 Project:Branches: apteryks/gnutls:fix-doc-parallel-build to gnutls/gnutls:master Author: Maxim Cournoyer -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:49:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:49:12 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Merge request !1921 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 Project:Branches: dueno/gnutls:wip/dueno/gnulib-update to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Simon Josefsson and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:49:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:49:12 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on lib/minitasn1/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2295846089 > > -AM_CPPFLAGS = -DASN1_BUILDING \ > +AM_CPPFLAGS += -DASN1_BUILDING \ should this be appended with `=1` just like `-DGNUTLS_BUILDING_LIB=1`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:49:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:49:14 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2295846115 Overall looks good -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2295846115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:52:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:52:05 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: All discussions on merge request !1921 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:54:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:54:05 +0000 Subject: [gnutls-devel] GnuTLS | Parallel build failures in doc: mv: cannot stat '.deps/common.Tpo': No such file or directory (#1635) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1635: https://gitlab.com/gnutls/gnutls/-/issues/1635 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:54:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:54:06 +0000 Subject: [gnutls-devel] GnuTLS | Parallel build failures in doc: mv: cannot stat '.deps/common.Tpo': No such file or directory (#1635) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1635#note_2295857777 Should be fixed through !1911. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1635#note_2295857777 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 13:07:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 12:07:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: All discussions on merge request !1920 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 13:17:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 12:17:42 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Merge request !1921 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 Project:Branches: dueno/gnutls:wip/dueno/gnulib-update to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 14:26:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 13:26:07 +0000 Subject: [gnutls-devel] GnuTLS | Use ELF notes to indicate what libraries will be dlopen()'d (#1582) In-Reply-To: References: Message-ID: Reassigned Issue 1582 https://gitlab.com/gnutls/gnutls/-/issues/1582 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 14:48:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 13:48:06 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2296219171 Looks good to me. I assume the `fchdir` stuff is needed, I didn't understand that part. It would be nice to put the LGPLv2 in top-level COPYING because then GitLab license information becomes more correct (I would move current LICENSE file content to README). But that could be done separately. /Simon -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2296219171 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 16:45:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 15:45:10 +0000 Subject: [gnutls-devel] GnuTLS | Optimize FIPS power-on self-tests (!1907) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1907#note_2296471660 > } > > /* PK */ > - if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) { > - ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA); > - if (ret < 0) { > - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); > - } > + ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA_PSS); @smuellerDD could you confirm if it is acceptable to have only RSA-PSS coverage? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1907#note_2296471660 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 03:18:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 02:18:02 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 Project:Branches: dueno/gnutls:wip/dueno/license-files to gnutls/gnutls:master Author: Daiki Ueno * maint: consolidate licensing information to top-level directory ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 03:18:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 02:18:49 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2297349099 That makes sense; thank you for the suggestion. Filed !1923 for that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2297349099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 03:19:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 02:19:06 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Simon Josefsson was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 09:45:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 08:45:48 +0000 Subject: [gnutls-devel] GnuTLS | Certificate Validation Differences (#1631) In-Reply-To: References: Message-ID: dulanshuangqiao commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1631#note_2297692147 My report is why the verification result of gnutls shows two situations: passed and failed, while the openssl results are consistent. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1631#note_2297692147 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 13:51:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 12:51:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Merge request !1920 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 16 01:02:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Jan 2025 00:02:44 +0000 Subject: [gnutls-devel] GnuTLS | Parallel build failures in doc: mv: cannot stat '.deps/common.Tpo': No such file or directory (#1635) In-Reply-To: References: Message-ID: Maxim Cournoyer commented: https://gitlab.com/gnutls/gnutls/-/issues/1635#note_2299238453 Thanks, Daiki! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1635#note_2299238453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 16 03:49:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Jan 2025 02:49:55 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 Project:Branches: dueno/gnutls:wip/dueno/liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno * pkcs8: remove HAVE_LIBOQS ifdefs The key encoding and decoding operations currently do not use liboqs functions. Remove unnecessary HAVE_LIBOQS ifdefs so it will be easier to port to other implementations. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 18 17:29:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Jan 2025 16:29:55 +0000 Subject: [gnutls-devel] GnuTLS | fuzz mlkem (#1647) References: Message-ID: Loganaden Velvindron created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1647 @dueno Can we adapt the handshake fuzz target to include ML-KEM hybrids for fuzzying the ML-KEM code ? Would you be willing to review it ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 19 02:10:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Jan 2025 01:10:00 +0000 Subject: [gnutls-devel] GnuTLS | Enable test-tls13-mlkem.py in tests/suite/tls-fuzzer (#1648) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1648 Now that we have support for all proposed key exchanges from [draft-kwiatkowski-tls-ecdhe-mlkem](https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/), it would be nice to enable the [test-tls13-mlkem.py](https://github.com/tlsfuzzer/tlsfuzzer/blob/f6390eb40cac8cdf9018de0aa1013cbbd69a4907/scripts/test-tls13-mlkem.py) tlsfuzzer script in our CI. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1648 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 19 02:11:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Jan 2025 01:11:19 +0000 Subject: [gnutls-devel] GnuTLS | fuzz mlkem (#1647) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1647#note_2304628018 Do you have any existing effort on this? If yes, I'd be happy to review and integrate it. Otherwise, it might make more sense to enable tlsfuzzer tests for ML-KEM in tests/suite/tls-fuzzer, which is not really a fuzzing but should cover most of the scenarios at the handshake level. I've filed #1648 for that; feel free to take it if you are interested. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1647#note_2304628018 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 19 05:03:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Jan 2025 04:03:50 +0000 Subject: [gnutls-devel] GnuTLS | Enable test-tls13-mlkem.py in tests/suite/tls-fuzzer (#1648) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/issues/1648#note_2304760467 We are working on it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1648#note_2304760467 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 03:42:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 02:42:08 +0000 Subject: [gnutls-devel] libtasn1 | run out of memory (#53) References: Message-ID: Fanny-wen created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/53 ## Description of problem: run out of memory at asn1Coding _asn1_add_single_node ## Version of libtasn1 used: version:4.19.0.39-99e3 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) env: ubuntu20.04 ## How reproducible: Steps to Reproduce: * one ?use afl-gcc compile libasan1 with AFL_USE_ASAN=1 * tow ?asn1Coding poc /path/to/libasan1/example/asn1Coding_test.asg --output=/dev/null ## Actual results: ==1837==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x98 bytes #0 0x7f0e170b9a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153 #1 0x5586fcfb1867 in _asn1_add_single_node /home/compiler/libtasn1-asan/lib/structure.c:52 #2 0x5586fcfb1867 in _asn1_copy_structure3 /home/compiler/libtasn1-asan/lib/structure.c:458 ==1837==HINT: if you don't care about these errors you may set allocator_may_return_null=1 SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153 in __interceptor_calloc ==1837==ABORTING ## Expected results: ## poc? [poc.zip_c9b49f41-24d6-42ac-9e5c-c016928bfed1.zip](/uploads/304efcdb1442e2575708592bc0000163/poc.zip_c9b49f41-24d6-42ac-9e5c-c016928bfed1.zip) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/53 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 06:37:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 05:37:58 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdef (!1925) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 Project:Branches: dueno/gnutls:wip/dueno/lc to gnutls/gnutls:master Author: Daiki Ueno * leancrypto: support leancrypto for post-quantum algorithms This adds support for leancrypto as an additional and the preferred backend for now, until Nettle gains the proper support for PQC algorithms. There are a few advantages over liboqs, namely: - It already has required input validations for ML-KEM as in FIPS 203, such as Modulus check, which are currently missing in liboqs - It provides an API to generate ML-KEM/ML-DSA key pairs from a seed, which is required to support the seed-only private key format proposed in draft-ietf-lamps-dilithium-certificates-05 and later - No need to avoid undesired OpenSSL dependency; all the symmetric algorithms are implemented by leancrypto itself The supposed use-case of this is to statically link to leancrypto, though that would slightly increase the installation footprint. Signed-off-by: Daiki Ueno * pkcs8: remove HAVE_LIBOQS ifdefs The key encoding and decoding operations currently do not use liboqs functions. Remove unnecessary HAVE_LIBOQS ifdefs so it will be easier to port to other implementations. Signed-off-by: Daiki Ueno ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 06:39:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 05:39:23 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2305270038 Note: this includes changes from !1924. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2305270038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 13:11:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 12:11:11 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924#note_2305896200 Looks good. No issues found. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924#note_2305896200 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 13:10:45 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 12:10:45 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) In-Reply-To: References: Message-ID: Merge request !1924 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 Project:Branches: dueno/gnutls:wip/dueno/liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 15:03:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 14:03:18 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306107878 Looks nice overall, but I found some issues. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306107878 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 15:03:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 14:03:18 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306107847 > + if (ret < 0) { > + _gnutls_free_datum(ciphertext); > + _gnutls_free_key_datum(shared_secret); I think this could invalid free if `ciphertext` allocation fails and `shared_secret` datum is not zeroized. -- Zolt?n Fridrich started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306107863 > + if (ret < 0) { > + _gnutls_free_key_datum(raw_priv); > + _gnutls_free_key_datum(raw_pub); again possible invalid free as I mentioned previously, there might be more of these. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 15:39:45 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 14:39:45 +0000 Subject: [gnutls-devel] GnuTLS | tls-interop: update (!1926) References: Message-ID: Stanislav ?idek created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926 Project:Branches: ep69/gnutls:interop-update to gnutls/gnutls:master Author: Stanislav ?idek * tls-interop: update Signed-off-by: Stanislav Zidek ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 18:09:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 17:09:05 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306471446 > the supposed use-case of this is to statically link leancrypto The homepage says > extractable: the algorithms can be extracted and compiled as part of a separate project, Wouldn't this mode of use be a better fit for GnuTLS than statically linking against the full library? I suspect there is tradeoff here and you have already thought about it. (Like "This is a lot less work and we only want to use this as a stop-gap measure for testing") -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306471446 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: