From gnutls-devel at lists.gnutls.org Wed Oct 1 06:58:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Oct 2025 04:58:48 +0000 Subject: [gnutls-devel] GnuTLS | ktls: Expose gnutls_ktls_send_handshake_msg (!2022) References: Message-ID: Alistair Francis created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2022 Project:Branches: alistair23/gnutls:alistair/ktls-msg to gnutls/gnutls:master Author: Alistair Francis The gnutls_ktls_send_handshake_msg() is used as the handshake read function when using kTLS. We also need to use the function in ktls-utis when handling a KeyUpdate with tlshd, so let's expose the function publicly so ktls-utils can set it with gnutls_handshake_set_read_function(). ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [X] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 2 01:04:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Oct 2025 23:04:34 +0000 Subject: [gnutls-devel] GnuTLS | certtool says 'warning: signed using a broken signature algorithm that can be forged.' on cert signed with ML-DSA-44 (#1743) References: Message-ID: Stefan Berger created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1743 ## Description of problem: I modified swtpm EK certificate creation code to allow for a CA that has an ML-DSA-44 (or -87) signing key. It looked like the only choice for a hash algorithm was SHAKE-256. The created certificate shows a warning : ``` $ certtool --inder --infile /tmp/ek-secp384r1.crt -i [...] Signature Algorithm: ML-DSA-87 warning: signed using a broken signature algorithm that can be forged. Signature: [...] ``` My guess is it has something to do with slevel = _INSECURE here: ``` 484 if (se->hash != GNUTLS_DIG_UNKNOWN && (gdb) print *se $1 = {name = 0x7ffff7dd90b3 "ML-DSA-87", oid = 0x7ffff7dd90bd "2.16.840.1.101.3.4.3.19", id = GNUTLS_SIGN_MLDSA87, pk = GNUTLS_PK_MLDSA87, hash = GNUTLS_DIG_SHAKE_256, priv_pk = GNUTLS_PK_UNKNOWN, cert_pk = GNUTLS_PK_UNKNOWN, flags = 5, curve = GNUTLS_ECC_CURVE_INVALID, aid = { id = "\t\006", tls_sem = 4 '\004'}, slevel = _INSECURE, hash_output_size = 256} ``` Which part is 'insecure'? ## Version of gnutls used: gnutls-3.8.10-1.fc42.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora 42 ## How reproducible: Here's the base64 encoded cert: ``` MIIT3TCCAbSgAwIBAgIJAP2qqFDaISdNMAsGCWCGSAFlAwQDEzAYMRYwFAYDVQQDEw1zd3RwbS1s b2NhbGNhMCAXDTI1MTAwMTIyNTkwNVoYDzk5OTkxMjMxMjM1OTU5WjASMRAwDgYDVQQDEwd1bmtu b3duMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuKwHRDSlJUcegInn8iu8mWVIF8BKIJq3UANssftS ryorhfoMDxTBM+vwFGZSRGCDwhObGeOW8UOZS4et+kAnNkzvT9yWv61PXfEPjWEalE+2espvwMU9 dJhQd2aaqcs2o4HMMIHJMBAGA1UdJQQJMAcGBWeBBQgBMFIGA1UdEQEB/wRIMEakRDBCMRYwFAYF Z4EFAgEMC2lkOjAwMDAxMDE0MRAwDgYFZ4EFAgIMBXN3dHBtMRYwFAYFZ4EFAgMMC2lkOjIwMjQw MTI1MAwGA1UdEwEB/wQCMAAwIgYDVR0JBBswGTAXBgVngQUCEDEOMAwMAzIuMAIBAAICALcwHwYD VR0jBBgwFoAULyUrqYRv9I44sIyh4eww3rZAi5YwDgYDVR0PAQH/BAQDAgMIMAsGCWCGSAFlAwQD EwOCEhQAFlqS+YIw2ezNE+JUGm1eOMGGHeDGq8ifz2QPspzEZywUJ1BnbEhVbW6IiS/XSeo7Pc7E Cgcba5cxqa2OHKn1ZWUENFGlt7BIuz2YhXwBrzPSaYuzgXnKFPovwXFry4Uz5Oi3fbRhT7hJKNdt VvGM5cBRU+L86IjeYPv7PQSh/oX6mgi1Cwg/Ti6DkTQQMuUsBnRxBuFvlZp5XtlQA+PgmvYaVIAI N6gsYmbmJxCHrubm+YJ3tjr0VZUmMBfiHJzmxb+gB5ZLeQE+2zykp0TvF3cNv1cODr4dCJw9L8bs tyqmdp8j3BHs0mA5sIagqsFMz3ZOaFcvk1GZkQKQpqhEEVWuaVBuBUx8iBDkKzy76Y7AwuSU64Lo 10fhayXZDlua4Nb0uED8K6lT7PNw2bIl3tR6TRLUo3+liMe/rQ4V7oIkAPy8rsg8NaVvZDLX8STW InTO7SnQI4ekQqOL8hy+gUYQlA5bAgpa4tZqWeE2KMRI+9utSekDq5Fzkq5KgLVlxQyBmsjV1uGy eswOl3IpOxUE6lTZucEZADkjOuoKYXgfmJNJLdo/hUPBjQebfupgzuVCb/Tqy4V87IQw2IL/0xDN keJ3UdtGjHYY+Wd6ldGKyFU9Z20Hg4pGJ0rLhshVwHulA80zo4TkOOlXyY/XsBnrowGts9UwYXI2 CuA8D1C4yvR5A95JTaeLAkumrydYQxfX/QeAqR6qqJYLpU8lu2iRHYIdjXkM0Q6S6jseKU/2chp1 AnnIsZHFvjzF7loOJR7g4adOdI/pxSMo+OtbMkkPcAtkYNGhkZ0v+PC0PpN0npjzJ2xR9OAHo86k feuW1YZ7xz7raFT4EvXVivNdKWeESkDcgQXARN8btTBaeTaf8bc+ahUBYwvjfFb2i10bxx3brn1W alJ3ZpuqZp8zeEfebJfiY2gv/45GR3COZyJXc+8MdNN/rUDLlDIwyISIg7F6lcwalr42HWvI+ltb hMrOZEnbxT1V+v95Ob2qlm/IAwfjX9KyEsjz7q7bFDLbU13jQ9DD34UG2Y0r/8mtZBc3O53NHjV/ S3fC9g3el35voVsmoQelC+AcWJxUJXBOBYzvvGL1O+NVA4llsPxILHvo+wS3ep2ytq7ScH8hT+uI OjLf8yWDqjSSJJCHf7tYFV92uYlxbJAONDi4M/BWU+/tOr3E1A16XpUOco3xWXrMRvxCjqCucpxL 4BZoSd+1GHmQZPGaxaItMS/tZJT0EH+ivS1jxfP8glRkF/6ZWCpNTkzPaX+jQBjJNqu3plsz1mg0 SrUffMKjEMxAQ62tDAbVXbzKtS1/IwnBfAuhwAHZQKwOkb/gBN+eoz7/zmsELjDt593wifmSC53W psztyiTRMmaDQlLIpIUUT65bGkDW20IrOlJca7GUoP1Nufek+s0IkPO8Y85BPjLN49GAIlTrVnST dLmeePKFNyvN8lvttUSBSHNf1FaQYv3GvsbjweNteNGnxptvuCQeIBjf1d5n1EwESFkOFnPhqIk3 H0ZZOE85RdJEGZfyyS4XLC8Tao7JuGtm2P/lCDs7ms8g8MsXehmmJqgOEZHtFz8c4EAiDJiB4QwY MKEbA5HKodEXKkVuNPthiRHrQHJ7K3++wRk9ZFKhwryEt8o+itTG78Shu1CV9p4zDoCn/MHBLrGA j8QYgleGyagub82q3RGl4X8Tm/IWM5u/66jRPXHPl+id1krQGPE1lqiYlVY9+WiDWkWPLlXj/pOI OtkUo4v9s8riBiqKJ4iumiuq895x/n2I6QOmNhjPQ5ExjyAM5f/GMuz0YMAzlYgNk54A/BRkYgLn dbajtxbmFgS/AkQRrvdzQbB8KSsEGxED5pYb3c0kubX7xC/jPSFG2VF/ZJ6XjYRiqCqVMwggoPUV M6HtwFMDBMa0J5pnLH8vn5MhDg4yqD+cceLQhLbymU7FPKI5ATwu81rXJx1wKguRPH+kSNhjzb0p G8g1fKwZ/0OSl/Vrl3lUYigFhh6K1Je6/2MVmax9/1w+uHiAbRoVim8Ot+v47ImsyC9AvCIbnHHQ 4EMYW1dmhwJFoaU+Wx/6s6qA4FYNDHmzZlTjRrLQL8smcz0dwvwfaFR6itwD2VgY7hBp4ZW36os9 Pxn11mZ5PY9qYAx6XndnBzkw6fPQtnAdj+cF1OgkE7/IiXLTYvEMMLne5r78PIhF7qQ9LzAsOSH1 cwdyVeMb9kvxZPazzcdtPYm2jgf4V0DDv4NtX/uxeOQ9m9/rOBNhbVlqOZL7e89tBtxoh8+0ZHes OcI8nuhhwu7TZW8mDUNnDzMHbU+64+SxSkkJJbaHH5rGy8E2P4vlYPPL/XVHi6qYOdXoVOOFm6Dc ovDBtGFszH3kuOgrK/y5ZTXj+bMHGKTsy4KMOcHJ9W8I/tcR00iaZrhjG/jzsSEcPbyKhuVxnRRy qZdSI6rTx+NLtx40X+2ad6jW28FUpaeYRwbC2tTttR1vC0DrzHt3xHJGC3a4e93YvqJPydTqrWGX 6Bn/nXPS/UlHIvHGEHXI9V8+05LqJbeIa/i7nnejOZa+dYm5wV9Az1cXdjaKsNcDmLECsbfIXHJq lItN+oRxqWKlBlQyeF9XRxz7B7xBz+aMKGCxhEYuEImIS8B5Jj1fFuxrYUEcFWvX1ZekGeRTiaPk UXhXWz+0OtidboBiPKCoGgm7bWV42UY/V4MwJfXBijZPHyjdq/iDrD0H1J0wb2C3CSPZf/nmh2sW r7yBfRU3q43WDszNarOIe6IO19RngfCnIjFX8L6GPeUiHOUdsEFUjNQUACo/ihwsRx3GARrtEZ/D Ewqv1Az0RzAaeZW1h2036nW6pjGMAjonLLZozHbYSzEsUElDwVtQmIaeyS5ODux6DrhnkMYeWhrY AY63CeVSKNh9XAeSqIsUDLrZ6A0DNXZF6a2hAWIEiCuLEuUUsEZBMc3IvMoHtCe0GZXX7e05kTcQ FNFJK2DKbwvA+iqPA6hxS/yXnGe84/Ts3tOyB5eDvGodSrwxzfvnsr613FfsYYb9UDGyDGSNcIQl 4oPqesYn3hVvU7a2Ad5NUWacX3cuBkCVucRdkH6Eu8vzezB5Y27mMdSs77hqeV4N1wcibThrhqFh ZbDMZsMjXuvdRJZqAd6droHgh4cma0drbmjNYLGDe0ivejYc65ZIP6YTDXpuJ+22Zo0hH+2twDhf hyK8m+iy9iU31mxWsNFl1BnsWtur5ay9Fi/YYj8GVKE77Sh+97PPCh4EOxHaELGEYCOJ3AQnxYIF j6cqEA8rrCNdsyJWna4jqUu5Q79Q3rjkdsbqsJGF0YVhVypiHNnYSCmrVBSLXbZm0SXWBYfrsuvg dCMlgS2skJym3rmus7cTQ6P+3jVdwwjspQydGGowWWgF/UT0U8Ss+4tl+7YHPlHn8cdy5yazJXNO ujhhBanP7rN5NHXs9uZfTnn7FiGfYfEloSzNxDIhfgudkNcgUfsZG/j+2nyxSpKfCQGTyTHla1Zr RoaAvW1AT3nAOTUfr+mnuH0r0BrDyIkzp7LHeMKhfdHNU44k9ABQt97oP7eyFkzBb/SMkBZ1fKtP ASHmOO+JFrHaNDNssPIhoASF7rlzM4YxxJ2SXmSujCXCpqc3w8+3N1caf9fq7CVheJNyRLFgqPef 5bWQs1Kh8whbOwsVEPg95TnJM0SOoF7Bvzpskvmph82chI6W18PaecgG8lgkqXluHYV4EXkRKhcu VVU8Y5PillU2FSkmOxuQp9+h1DfkgpeKZMroWev7vAH5+0ltb635hZctFJxwp0sqgSRO6ufjnlhF erk6C6H/xR5PhTPyRks8qHJUSBHSo0v2m+7gxIh/aSganqS+0nDoXTZKw/lQDBANWY44xwvy8HJ+ grTDVCkJAFqitJWB5M/yyqG1h0LjU6X8yN432fjMml3+X1METCDVeOA6DBx+Y7awJWXHuCAaHOwb Fu7wPWpshP7Fz+Qg0K+OZf0ek7s69bEFxDGVw+FzVo9EdEIsRD6vsni3UPB8xUiMnba4vPmyRHPH DO8GD/0HI6ZBRBXmTObGjXiOsi5Rh2CDVA3tSRR5FlarLcyx/vQZB/1pRezhHyDu/HM0dqKBvyEj naFbO6+p3DDB7V96NMqL3PpwAZw6RGxfPjJMN3uS109D1kyVkTN3c8vLLn0qepLYGEsuAV4zrVxE U2HHNPAlD4QB4cBTxS0YjrlScYUoLhOTkXXe9pAUR6XgvBNlkzEqFbHPfR60QgYfRXoUJ7vJ5yQx fe5p83p+i+xWNYKLfP5Zidmz0aKnLYtfA0gJXwuEcLE1sE92R7esIMNkygNHNfK3sWlzfMajPwPC vIJ+pc6mGVgnacxI6TTZnuqRXEbTJPBYf5qF/h9hBK8K14qrf9/Jp7Ii8jA2V0bhm7i/RWsl/+3W hM6jRUBiTw0WM2MqaMFhP5bR8ocDrjVAOjaf+N3230yFgABRxAaCaxOGDHLaxFr0ypP7OindrOkq +72QZFrRJJUDP7ahf6pNS8z0FCstEPYhaChZZ0bk497MTqzDtuugPyiMApMXLvExS71j+WPDofwa W8k9ZPF2iB+uj50nkYRtK3vxIt8+qPuxCcQqruQJXWBhQj3X2gep2JO2fvIth5RiQ0c52yLvviBo oTpXyESZZsVBfhgNx2JWfXjmQeADZsGl4ilKqa/OM7xwSqqJzGkyd26h8v8lH/QgRIJeNssUHIsO dVi5hc5/Hm8c7XXHr1199oHexRT7pPb3g8l2W5xpmpDFWMd/rIOO9tm7nfnUP2jr55yGmuWPMIWq Ybfnn/Ha8wAHGlaA7R1cpgGkrxG5en5mL0BiHlW7gRTEo4YmcbDnb2gIwlTzyEFJ5VKVPX2bzLpG Bez5wKzuy79AQMFB9PYecBlkel6nzwijrXGMT+TfAFVMFQAL96BHhO05PRj7yfnWabwXHceRktUR XvSK+llNRNfrM/dnRfLF1T//CmOWooBfDocDjuVemRSyVtZJJ6z01b30zPBmPSbosDK+aDsSLuaL spm9jeXsYbv2wxjG9dk8Hac7MFPMwmO6llV6VMJgsTVEksLDATI7eVVcjTEjWiTDO1UfG3n8mfPk S6ZjIJUN+AlVTPVl7FI8sOj8Tkc8Li2pVubu4krnlJnYQiISLd4rvM+Ws76JaMOLaiLDCZPcIl2i zDGgXojMgcifbt+WUy+dwgvOdmXw5GesUssP4Jxph1c4fT0TCBrhqgdfqCUiZfFWnK6v7sc4o4L4 +31Rqq5HRGkZ4IBrgsYypsBtHcisZZavwUbGJtBj+pQWEtOr9H6dKeONf5NMrTIQBwe56kIRoyJa On5SjKk3ijlgNLuR5rcb7LxQxlDeQysy6wg/wKRO4hwVdF5V+NTkw2DcYiB26Ue1RYQRlo6aD44r 0d2b866+k+jN0qndBjFpYvQwKK1sv7hnv5jaRWc0Qtp252o7wsoOpDC12yaJx4f/7ALDg67ch+Om Aj2BitUMzZSd05yXlQi6xn5wgVWESFkysYnxsxYFLo1X+rNTUG87CziguuSfgihDKeU2ilsxQa6W C7KKMj8TEuEl9Gz2xHLd4Hddw5N0IVFv0bWrHtEtJOujl0RAYu0JpngPcUylunIvqoXps11zU4Dt slBuFiaF0WFnlGWHjyb0zE0VUL6EKYFmNxCrVDHMjCTlRZISJw8dli5CE5XRNq9d5sDQG3yW4aF0 NaMB3y0YRxGj1je6oJAbpcq6hL6kXXRj3i+XrjzPO24E9lgX6/raGxk+9OyWGB9JFYKmji7b/60F +Uu3EHeKMlXcBhGRVGc4+OYWiu12gXNnbSE85u/LnTNIPh1lUKY24vCmItJmWJCfKgj3G7l1tcT/ MUakK1PFFZsK4AawfuHzB9Hq0ir+2B63vT79Engi9xLBfiV5CDVmTZl0sJtN/sFjbxsMSNZkjWHo fRlCMli6RFajd+GOkGszNdpRKHHGLlvfwt9TeMEBNeNrViYQc5hbL+tp5eIPj5D1tYEWE7VD+Evo H44mHb9YFXyfZe9cwvLetjtBBmnkKBMueNPNwcRetqre5xkBTIbuRhi8j1mo/9FSd4DE2fEPEiUn j6Xz+ViXmKO2ztnjGifg8fMNcYH1Glo4i46509r+HSxHcXOLmrvW/QAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAGDhYbHyEoMg== ``` ## Expected results: It shouldn't display the warning. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 2 17:16:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Oct 2025 15:16:57 +0000 Subject: [gnutls-devel] GnuTLS | x509: Remove extraneous asn1_delete (!2023) References: Message-ID: Samuel Zeter created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023 Project:Branches: szeter/gnutls:fix-prvk-pkcs8 to gnutls/gnutls:master Author: Samuel Zeter * x509: Remove extraneous asn1_delete No need for deletion given we already call asn1_delete_structure2. Signed-off-by: Samuel Zeter ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 2 17:45:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Oct 2025 15:45:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli reports bad values for the "Ephemeral EC Diffie-Hellman parameters" with hybrid ML-KEM (#1725) In-Reply-To: References: Message-ID: Samuel Zeter commented: https://gitlab.com/gnutls/gnutls/-/issues/1725#note_2794028032 I tried to reproduce this issue but got stuck trying with the handshake. I built gnutls with leancrypto, but not sure of what gnutls-serv options I should be putting as `./gnutls-serv --http --priority "NORMAL:+GROUP-X25519-MLKEM768" -g` didn't work. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1725#note_2794028032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 3 09:59:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Oct 2025 07:59:17 +0000 Subject: [gnutls-devel] GnuTLS | x509: Remove extraneous asn1_delete (!2023) In-Reply-To: References: Message-ID: Merge request !2023 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023 Project:Branches: szeter/gnutls:fix-prvk-pkcs8 to gnutls/gnutls:master Author: Samuel Zeter Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 3 09:59:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Oct 2025 07:59:29 +0000 Subject: [gnutls-devel] GnuTLS | x509: Remove extraneous asn1_delete (!2023) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023#note_2795386431 LGTM, thank you for spotting this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023#note_2795386431 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 3 10:44:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Oct 2025 08:44:53 +0000 Subject: [gnutls-devel] GnuTLS | record: Allow setting/restoring all record state (!1968) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1968#note_2795477609 As for this and other MRs (!2021 and !2022), to get them merged I would probably need to have a better understanding of how NVMe-TCP works through ktls-utils. Would it be possible for you to point me to any design document or implementation? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1968#note_2795477609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 3 11:42:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Oct 2025 09:42:33 +0000 Subject: [gnutls-devel] GnuTLS | certtool says 'warning: signed using a broken signature algorithm that can be forged.' on cert signed with ML-DSA-44 or -87 (#1743) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1743#note_2795629985 I suspect this is an issue in the crypto-policies package in Fedora 42, as we had a similar [issue](https://issues.redhat.com/browse/RHEL-107471) on RHEL-10. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1743#note_2795629985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 3 12:37:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Oct 2025 10:37:17 +0000 Subject: [gnutls-devel] GnuTLS | record: Allow setting/restoring all record state (!1968) In-Reply-To: References: Message-ID: Alistair Francis commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1968#note_2795758494 The ktls-utils (tlshd) patches have been submitted here: https://lore.kernel.org/kernel-tls-handshake/CAKmqyKNpFhPtM8HAkgRMKQA8_N7AgoeqaSTe2=0spPnb+Oz2ng at mail.gmail.com/T/#mb277f5c998282666d0f41cc02f4abf516fcc4e9c [Patch 8](https://lore.kernel.org/kernel-tls-handshake/CAKmqyKNpFhPtM8HAkgRMKQA8_N7AgoeqaSTe2=0spPnb+Oz2ng at mail.gmail.com/T/#m0997645cdedfaf832d02c91e05e47cfc64d8794a) is the main implementation -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1968#note_2795758494 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 3 13:45:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Oct 2025 11:45:04 +0000 Subject: [gnutls-devel] GnuTLS | certtool says 'warning: signed using a broken signature algorithm that can be forged.' on cert signed with ML-DSA-44 or -87 (#1743) In-Reply-To: References: Message-ID: Stefan Berger commented: https://gitlab.com/gnutls/gnutls/-/issues/1743#note_2795893901 Yes, it looks like there's no entry with ML-DSA in secure-sig-for-cert in the gnutls.txt files. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1743#note_2795893901 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 3 13:45:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Oct 2025 11:45:03 +0000 Subject: [gnutls-devel] GnuTLS | certtool says 'warning: signed using a broken signature algorithm that can be forged.' on cert signed with ML-DSA-44 or -87 (#1743) In-Reply-To: References: Message-ID: Issue was closed by Stefan Berger Issue #1743: https://gitlab.com/gnutls/gnutls/-/issues/1743 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 06:33:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 04:33:29 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free() (!2024) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2024 Project:Branches: dueno/gnutls:wip/purdue-university1/gnutls-free to gnutls/gnutls:master Author: Daiki Ueno This is a clone of !2012 to pacify the CI. * lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free() Replace free() with gnutls_free() for consistent memory deallocation. Fixes: 1421e31ff ("Added DRBG submitted to nettle in gnutls.") ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2024 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 06:33:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 04:33:50 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free() (!2012) In-Reply-To: References: Message-ID: All discussions on merge request !2012 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2012 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2012 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 06:34:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 04:34:17 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free() (!2012) In-Reply-To: References: Message-ID: Merge request !2012 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2012 Project:Branches: purdue-university1/gnutls:patch30 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2012 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 06:34:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 04:34:23 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free() (!2012) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2012#note_2799864901 Cloned as !2024 for CI purposes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2012#note_2799864901 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 10:10:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 08:10:32 +0000 Subject: [gnutls-devel] GnuTLS | Instrument crypto-auditing probes (!2019) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !2019 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 10:32:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 08:32:24 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free() (!2024) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2024#note_2800218158 Merging without approval, as the original MR has already reviewed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2024#note_2800218158 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 10:32:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 08:32:30 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free() (!2024) In-Reply-To: References: Message-ID: Merge request !2024 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2024 Project:Branches: dueno/gnutls:wip/purdue-university1/gnutls-free to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2024 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 10:36:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 08:36:57 +0000 Subject: [gnutls-devel] GnuTLS | x509: Remove extraneous asn1_delete (!2025) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2025 Project:Branches: dueno/gnutls:wip/szeter/fix-prvk-pkcs8 to gnutls/gnutls:master Author: Daiki Ueno This is a clone of !2023, created to pacify the CI. * x509: Remove misleading comments These comments were originally from an old function called check_schema() which has since been removed. * x509: Remove extraneous asn1_delete No need for deletion given we already call asn1_delete_structure2. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2025 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 10:38:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 08:38:54 +0000 Subject: [gnutls-devel] GnuTLS | x509: Remove extraneous asn1_delete (!2023) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023#note_2800235342 Cloned as !2025 for CI purposes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023#note_2800235342 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 10:38:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 08:38:55 +0000 Subject: [gnutls-devel] GnuTLS | x509: Remove extraneous asn1_delete (!2023) In-Reply-To: References: Message-ID: Merge request !2023 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023 Project:Branches: szeter/gnutls:fix-prvk-pkcs8 to gnutls/gnutls:master Author: Samuel Zeter Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 10:45:22 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 08:45:22 +0000 Subject: [gnutls-devel] GnuTLS | Instrument crypto-auditing probes (!2019) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2019#note_2800254230 Looks good. Haven't seen any mistakes -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2019#note_2800254230 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 10:45:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 08:45:32 +0000 Subject: [gnutls-devel] GnuTLS | Instrument crypto-auditing probes (!2019) In-Reply-To: References: Message-ID: Merge request !2019 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2019 Project:Branches: dueno/gnutls:wip/dueno/usdt2 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 12:59:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 10:59:13 +0000 Subject: [gnutls-devel] GnuTLS | x509: Remove extraneous asn1_delete (!2025) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2025#note_2800649588 Merging without approval, as the original MR has already been reviewed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2025#note_2800649588 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 12:59:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 10:59:21 +0000 Subject: [gnutls-devel] GnuTLS | x509: Remove extraneous asn1_delete (!2025) In-Reply-To: References: Message-ID: Merge request !2025 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2025 Project:Branches: dueno/gnutls:wip/szeter/fix-prvk-pkcs8 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2025 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 15:07:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 13:07:29 +0000 Subject: [gnutls-devel] GnuTLS | Instrument crypto-auditing probes (!2019) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2019#note_2801137579 Thank you for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2019#note_2801137579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 6 15:07:46 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 13:07:46 +0000 Subject: [gnutls-devel] GnuTLS | Instrument crypto-auditing probes (!2019) In-Reply-To: References: Message-ID: Merge request !2019 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2019 Project:Branches: dueno/gnutls:wip/dueno/usdt2 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 7 00:11:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 22:11:56 +0000 Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API [BASE+PSK] (!1976) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1976 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2802493624 > + GNUTLS_HPKE_MODE_PSK, > + GNUTLS_HPKE_MODE_PSK_AUTH, > +} gnutls_hpke_mode_t; This enum is not used anywhere. Shall we drop it? -- Daiki Ueno started a new discussion on lib/nettle/hpke/hpke-hkdf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2802493636 > +#include "hpke-internal.h" > + > +#include "ecc-internal.h" I haven't closely looked at this code, but it seems "ecc-internal.h" is only used for accessing `ecc->q`, so we can reuse it. I guess we could simply embed the [constants](https://www.rfc-editor.org/rfc/rfc9180.html#section-7.1.3) defined in the RFC instead. -- Daiki Ueno started a new discussion on lib/includes/gnutls/abstract.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2802493640 > +int gnutls_privkey_decap_with_psk(const gnutls_privkey_t skR, > + const gnutls_datum_t psk, > + const gnutls_pk_encapsulate_flags_t flags, We usually put the `flags` argument last. -- Daiki Ueno started a new discussion on lib/nettle/hpke/hpke-gmp.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2802493647 > + assert(n > 0); > + > + mp_get_memory_functions(&alloc_func, NULL, NULL); This probably interfere with the other parts of GnuTLS, as it also uses it. -- Daiki Ueno started a new discussion on lib/nettle/hpke/nettle-alloca.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2802493648 > +/* nettle-internal.h lib/nettle/int/nettle-internal.h has these definitions already. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 7 00:11:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Oct 2025 22:11:55 +0000 Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API [BASE+PSK] (!1976) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2802493655 Thank you for the update, @d-Dudas! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2802493655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 7 09:42:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Oct 2025 07:42:53 +0000 Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API [BASE+PSK] (!1976) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2803293415 By the way, looking at the code, it feels to me that it might be easier/cleaner to implement HPKE using the cryptographic API of GnuTLS itself (or public API of Nettle) as a building block. Of course it would be a significant rewrite, so we can do that in a second iteration after merging this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2803293415 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: