From gnutls-devel at lists.gnutls.org Mon Jul 1 06:32:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 04:32:59 +0000 Subject: [gnutls-devel] GnuTLS | Test failure in test-ciphers-api.sh (#764) In-Reply-To: References: Message-ID: Issue was closed by GnuTLS bot Issue #764: https://gitlab.com/gnutls/gnutls/issues/764 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/764 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 06:32:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 04:32:59 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Test failure in test-ciphers-api.sh (#764) In-Reply-To: References: Message-ID: GnuTLS bot commented: @wizeman This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/764#note_186897672 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 13:46:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 11:46:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | OCSP response generation (#796) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: While gnutls as library can parse the OCSP responder packets, there is no responder application included with it. The tests we have internally are on https://gitlab.com/gnutls/gnutls/tree/master/tests/ocsp-tests and in some cases they use openssl's ocsp server. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/796#note_187039332 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 13:46:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 11:46:32 +0000 Subject: [gnutls-devel] GnuTLS | OCSP response generation (#796) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #796: https://gitlab.com/gnutls/gnutls/issues/796 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/796 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 14:07:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 12:07:14 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/pkcs11/list-objects.c: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_187047570 > + /* initialize auto - i.e., do module loading */ > + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL); > + if (ret != 0) { > + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); > + exit(1); > + } > + break; > + case 't': > + /* do trusted module loading */ > + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO_TRUSTED, NULL); > + if (ret != 0) { > + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); > + exit(1); > + } > + break; > + case 'v': Do we need to define these options that are not used by the test program that calls it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_187047570 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 14:21:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 12:21:02 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | OCSP response generation (#796) In-Reply-To: References: Message-ID: Kumar Mallikarjuna commented: I see. Thank you! :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/796#note_187054734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 22:04:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 20:04:50 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | gnutls-cli-debug: test whether RSA key exchange is supported (!1039) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1039#note_187235116 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 22:05:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 20:05:10 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug: test whether RSA key exchange is supported (!1039) In-Reply-To: References: Message-ID: Merge Request !1039 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1039 Project:Branches: nmav/gnutls:tmp-cli-debug to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 00:08:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 22:08:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug: test whether RSA key exchange is supported (!1039) In-Reply-To: References: Message-ID: Merge Request !1039 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1039 Project:Branches: nmav/gnutls:tmp-cli-debug to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 00:08:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Jul 2019 22:08:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug should test whether RSA key exchange is enabled (#449) In-Reply-To: References: Message-ID: Issue was closed by Dmitry Eremin-Solenikov via merge request !1039 (https://gitlab.com/gnutls/gnutls/merge_requests/1039) Issue #449: https://gitlab.com/gnutls/gnutls/issues/449 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/449 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 3 20:58:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Jul 2019 18:58:53 +0000 Subject: [gnutls-devel] GnuTLS | Improve the OCSP (status request) and interop testing (!1024) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1024 https://gitlab.com/gnutls/gnutls/merge_requests/1024 * 2f6defa1...594572ab - 50 commits from branch `master` * 83ad5f26 - tests: status-request-missing: run for all TLS versions * 3bc136c2 - tests: status-request: cleanup * 5f160198 - status-request-ext: run under all TLS versions * 7876e18d - tests: status-request-missing: renamed to rfc7633-missing * 3494ef86 - tests: added sanity check for rfc7633 behavior * a8455890 - testcompat-openssl: added interop test with DTLS 1.2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1024 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 16:38:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Jul 2019 14:38:04 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @stefanberger do you happen to have some example script which sets up a swtpm with tpm2 similarly as you did with the test in https://gitlab.com/gnutls/gnutls/merge_requests/807? I'm bringing the tpm2 code from @dwmw2 in gnutls, but I'm stuck into trying to make the tpm2-tools talk to swtpm instead of the system tpm. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_188514029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 17:34:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Jul 2019 15:34:49 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: For the record, you have my permission to use any of **my** TPMv2 code in OpenConnect's `gnutls_tpm2*.c` under LGPLv2.1 "or later" as opposed to merely OpenConnect's LGPLv2.1. Part of `gnutls_tpm2_esys.c` are lifted from tpm2-tss-engine.c where they were under a more permissive licence so that's OK. However, parts of `gnutls_tpm2_ibm.c` for the IBM TSS were taken from James Bottomley's `openssl_tpm2_engine` which is LGPLv2.1-only. You would have to ask James for permission to use that under LGPLv2.1+, or reimplement those parts. Or just not support the IBM TSS, of course. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_188540449 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 17:38:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Jul 2019 15:38:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: > Do we have some agreement on the URI form which can allow brining that to gnutls? No, I think we should help to drive the standardisation effort there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_188541743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 18:03:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Jul 2019 16:03:34 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1029 was reviewed by Dmitry Eremin-Solenikov -- Dmitry Eremin-Solenikov started a new discussion on README.md: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_188549291 > > +__NOTE:__ Some software versions might not be available in older releases, e.g. `nettle-dev`. > +APT-Pinning or source code compilating can be used to install these versions (and dependencies) from a newer release. Could you please change the phrase to 'Using backports repo, APT-Pinning or source code compilation'? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 18:46:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Jul 2019 16:46:28 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Stefan Berger commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/594#note_188559824 I think the tpm2-tools probably prepend a header to the TPM 2 commands when they talk over a socket. So that's why it doesn't work. There are a couple of options: - modify the TPM 2 tools to support sending raw TPM 2 commands - add an option to swtpm 2 to strip the header on incoming commands and prepend on responses - use the TCG TPM 2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_188559824 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 18:49:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Jul 2019 16:49:04 +0000 Subject: [gnutls-devel] GnuTLS | gnutls | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Stefan Berger commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/594#note_188560369 - use swtpm's CUSE TPM (not currently packaged) that creates a /dev/xyz ; cannot run in a container -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_188560369 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 5 17:08:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Jul 2019 15:08:21 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: FWIW there's still a lot of duplication between the IBM TSS and TCG TSS implementations. If we were to settle on the TCG version then implement IBM TSS support as wrappers around its TSS_Execute() which just happen to look a lot like the Esys_*() functions, that might make things simpler. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_188856638 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 5 22:00:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Jul 2019 20:00:58 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Stefan Berger commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/594#note_188922756 I plan on extending swtpm to handle this header but it will take another release for this to become available. Can you wait this long, @nmav ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_188922756 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 6 03:19:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 06 Jul 2019 01:19:10 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @stefanberger that is certainly ok. I didn't reply reply before because I haven't yet verified that the issue was not on my part. About selecting a tss version I have not spent time thinking about it. I used what you had @dwmw2 quite blindly. I would put as selection criteria to be widely available, reasonably used. Ideally it should not depend on another crypto lib, or we should switch to dlopen to avoid interdependencies. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_188950934 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 16:54:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 14:54:22 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Stefan Berger commented: @nmav I added the (transparent) handling of the TPM 2 command 'prefix header' to swtpm now; it's merged into master and will be part of swtpm 0.3 that I intend to release later this month; if you wanted to build it from the tree, here's the pointer to the git tree: https://github.com/stefanberger/swtpm/commits/master -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_189454710 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 17:00:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 15:00:00 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1040 Branches: tmp-session-ticket-valgrind to master Author: Daiki Ueno Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 17:13:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 15:13:43 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Stefan Berger commented: ... it works with the IBM TSS 2 stack and tools but DOES NOT WORK with the Intel TSS tools and stack. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_189463773 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 17:18:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 15:18:13 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Stefan Berger commented: The best bet would be to use the CUSE interface of the TPM 2 but this requires root rights to create a char device in /dev/ and due to this is cannot be run in a container. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_189465843 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 18:08:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 16:08:53 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Stefan Berger commented: Actually, we can fake the control channel that the TSS tools are using with `nc -l 10001 -k -c "xargs --null -n1 printf '\x00\x00\x00\x00'"` and still use `swtpm --tpm2 ...` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_189507688 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 19:12:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 17:12:44 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: that seems to me like breaking encapsulation, thus making the code less maintainable; r- -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040#note_189527869 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 19:35:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 17:35:27 +0000 Subject: [gnutls-devel] GnuTLS | encode_ber_digest_info: added sanity check (!1041) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1041 Project:Branches: nmav/gnutls:tmp-var to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: This introduces a sanity check to ensure that input is not incorrectly handled by libtasn1. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 19:37:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 17:37:26 +0000 Subject: [gnutls-devel] GnuTLS | encode_ber_digest_info: added sanity check (!1041) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1041 https://gitlab.com/gnutls/gnutls/merge_requests/1041 * b50f6c63 - 1 commit from branch `master` * ed93d5f0 - encode_ber_digest_info: added sanity check -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 20:09:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 18:09:30 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1029 https://gitlab.com/gnutls/gnutls/merge_requests/1029 * 50d9042f - Notes about Ubuntu specific software versions not available. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 20:13:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 18:13:22 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: Karsten Ohme commented on a discussion on README.md: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_189547937 > apt-get install -y texinfo texlive texlive-generic-recommended texlive-extra-utils > ``` > > +__NOTE:__ Some software versions might not be available in older releases, e.g. `nettle-dev`. > +APT-Pinning or source code compilating can be used to install these versions (and dependencies) from a newer release. Done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029#note_189547937 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 20:13:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 18:13:29 +0000 Subject: [gnutls-devel] GnuTLS | Notes about Ubuntu specific software versions not available. (!1029) In-Reply-To: References: Message-ID: All discussions on Merge Request !1029 were resolved by Karsten Ohme https://gitlab.com/gnutls/gnutls/merge_requests/1029 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 20:17:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 18:17:45 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1040 https://gitlab.com/gnutls/gnutls/merge_requests/1040 * 52ed97aa - ext/session_ticket: eliminate redundant memcpy -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 20:22:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 18:22:26 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Daiki Ueno commented: There is !446 already to simplify the code, but I don't think it's worth doing that just for fixing this minor issue. I've just replaced memcpy with memmove so it at least suppress valgrind. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040#note_189550185 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 22:43:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 20:43:52 +0000 Subject: [gnutls-devel] GnuTLS | encode_ber_digest_info: added sanity check (!1041) In-Reply-To: References: Message-ID: Merge Request !1041 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1041 Project:Branches: nmav/gnutls:tmp-var to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 22:56:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 20:56:16 +0000 Subject: [gnutls-devel] GnuTLS | Improve the OCSP (status request) and interop testing (!1024) In-Reply-To: References: Message-ID: Merge Request !1024 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1024 Project:Branches: nmav/gnutls:tmp-fix-ocsp to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1024 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 23:01:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Jul 2019 21:01:11 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/ext/session_ticket.c: https://gitlab.com/gnutls/gnutls/merge_requests/1040#note_189589054 > _gnutls_write_uint16(ticket->encrypted_state_len, p); > p += 2; > > - memcpy(p, ticket->encrypted_state, ticket->encrypted_state_len); > + /* Encrypted state shall already be filled in by the caller. */ IMO, you should put an explanation here, like in the issue's description. That makes it much clearer what happens any why memmove is used. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040#note_189589054 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 06:16:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 04:16:12 +0000 Subject: [gnutls-devel] GnuTLS | Improve the OCSP (status request) and interop testing (!1024) In-Reply-To: References: Message-ID: Merge Request !1024 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1024 Project:Branches: nmav/gnutls:tmp-fix-ocsp to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1024 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 06:16:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 04:16:20 +0000 Subject: [gnutls-devel] GnuTLS | Improve the OCSP (status request) and interop testing (!1024) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1024#note_189650465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 06:16:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 04:16:54 +0000 Subject: [gnutls-devel] GnuTLS | encode_ber_digest_info: added sanity check (!1041) In-Reply-To: References: Message-ID: Merge Request !1041 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1041 Project:Branches: nmav/gnutls:tmp-var to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 09:07:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 07:07:43 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12: switch default encryption to AES (#799) References: Message-ID: Nikos Mavrogiannopoulos created an issue: By default we used encrypt PKCS#12 and PKCS#8 files using 3DES for compatibility with other libs. We should switch to a more modern encryption standard like PBES2-AES256-CBC as part of a minor version update. Where: `_gnutls_pkcs_flags_to_schema()` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 09:59:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 07:59:18 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve coverage of CRQ related functions (!1042) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1042 Branches: tmp-coverage to master Author: Nikos Mavrogiannopoulos Assignees: That adds sanity check of crq-related functions that were not included in the testsuite at all. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Test suite updated with functionality tests * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1042 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 10:09:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 08:09:22 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1043 Branches: tmp-mark-infinite-loops to master Author: Nikos Mavrogiannopoulos Assignees: There were few infinite loop constructions which were checking for an always true condition. Make sure that this construction is marked explicitly as while(1) to assist static analysers, or reviewers. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 10:32:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 08:32:47 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189740598 > } > > tmp.data = NULL; > - } while (ret >= 0); Is there a reason not to use `for (;;) {` ? Assuming you read code from top to bottom, the reader knows right from the beginning that it is an endless loop. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189740598 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 10:49:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 08:49:00 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 7 alerts** when merging 0995f30b8ce9b26c9fa8da3a21122111a79efecf into 7ff1e5b51560302d24b1e078520ec58e20ae4081 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-de8e58ba5dee5af29e596f66b82954d50c2b3a4a) **fixed alerts:** * 7 for Comparison result is always the same --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189748476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 11:06:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 09:06:24 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1043 https://gitlab.com/gnutls/gnutls/merge_requests/1043 * 5677b1ab - lib: mark infinite loops explicitly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 11:07:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 09:07:28 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189757847 > } > > tmp.data = NULL; > - } while (ret >= 0); I used the while() because it was simpler to update. I updated the MR with for loops now, but the changes are bigger now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189757847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 11:53:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 09:53:55 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189781280 > } > > tmp.data = NULL; > - } while (ret >= 0); IMO, that looks much cleaner. Did you forget the first do/while !? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189781280 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 12:28:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 10:28:33 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 8 alerts** when merging 5677b1ab280ba588594797304a5f64c419a9f0cf into 7ff1e5b51560302d24b1e078520ec58e20ae4081 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-5473bad4ca7794f1e3e9e5404eaf4226c5c24530) **fixed alerts:** * 8 for Comparison result is always the same --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189797209 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 12:36:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 10:36:15 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve coverage of CRQ related functions (!1042) In-Reply-To: References: Message-ID: Merge Request !1042 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1042 Branches: tmp-coverage to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1042 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 12:58:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 10:58:14 +0000 Subject: [gnutls-devel] GnuTLS | MINGW : multiple definition of `inet_ntop' (#800) References: Message-ID: StalderT created an issue: ## Description of problem: `inet_ntop` is defined in `libgnutls.a` and in `libws2_32.a` ## Version of gnutls used: 3.6.8, 3.6.7 Works with gnutls 3.6.6 ## Distributor of gnutls Debian 10 ## How reproducible: Steps to Reproduce: Compile gnutls in static library Compile and link a sample application with `x86_64-w64-mingw32-gcc` ## Actual results: ``` /usr/bin/x86_64-w64-mingw32-ld: /usr/lib/gcc/x86_64-w64-mingw32/8.3-win32/../../../../x86_64-w64-mingw32/lib/libws2_32.a(libws2_32s00182.o):(.text+0x0): multiple definition of `inet_ntop'; /home/btc/vc/x86_64-w64-mingw32-vc/lib/libgnutls.a(inet_ntop.o):inet_ntop.c:(.text+0x30): first defined here collect2: error: ld returned 1 exit status ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/800 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 13:29:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 11:29:34 +0000 Subject: [gnutls-devel] GnuTLS | tests: improve coverage of CRQ related functions (!1042) In-Reply-To: References: Message-ID: Merge Request !1042 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1042 Branches: tmp-coverage to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1042 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 13:34:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 11:34:13 +0000 Subject: [gnutls-devel] GnuTLS | MINGW : multiple definition of `inet_ntop' (#800) In-Reply-To: References: Message-ID: Tim R?hsen commented: Gnulib recently fixed some `inet_ntop` related issues. Could you rebuild gnutls with the latest gnulib and report back ? To update gnulib cd into your gnutls/ directory and ``` git checkout master git checkout -b test-gnulib cd gnulib git checkout master cd .. git commit -m "Update gnulib" gnulib ./bootstrap ./configure ... and so on ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/800#note_189825519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 15:22:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 13:22:29 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189877513 > } > > tmp.data = NULL; > - } while (ret >= 0); Which one do you mean? Could you comment inline to point it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189877513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 15:51:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 13:51:55 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189892042 > } > > tmp.data = NULL; > - } while (ret >= 0); I did - right here at L167 does Gitlab still shows `+ } while (1);`. Is it a Gitlab issue ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189892042 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 16:39:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 14:39:41 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1043 https://gitlab.com/gnutls/gnutls/merge_requests/1043 * 9ef6b083 - lib: mark infinite loops explicitly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 16:39:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 14:39:52 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189915913 > } > > tmp.data = NULL; > - } while (ret >= 0); Right! Missed it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189915913 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 16:40:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 14:40:03 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: All discussions on Merge Request !1043 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/1043 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 17:00:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 15:00:47 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189926159 > * not a CA. We do this check only on certificates marked as WWW server, > * because that's where the CN check is only performed. */ > if (_gnutls_check_key_purpose(cert, GNUTLS_KP_TLS_WWW_SERVER, 0) != 0) > do { When at it... This `if () do { } while (0)` construction looks pretty weird :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189926159 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 17:01:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 15:01:56 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189926675 > * not a CA. We do this check only on certificates marked as WWW server, > * because that's where the CN check is only performed. */ > if (_gnutls_check_key_purpose(cert, GNUTLS_KP_TLS_WWW_SERVER, 0) != 0) > do { At least it allows that `break;` instead of using an if block or a goto. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189926675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 17:02:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 15:02:30 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Merge Request !1043 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1043 Branches: tmp-mark-infinite-loops to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 17:18:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 15:18:53 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Ross Burton commented: Gentle ping, this does solve a CVE... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_189934137 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 17:19:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 15:19:18 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 8 alerts** when merging 9ef6b0833ee80012fb6411041b89f1d716e44294 into 4171be91af3e5f06cdf6d26143ceaadc5699c985 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-f48d2ad6e79900213e82ec57b07028e7ca8d87c5) **fixed alerts:** * 8 for Comparison result is always the same --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189934276 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:23:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:23:17 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/x509/name_constraints.c: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189995109 > * not a CA. We do this check only on certificates marked as WWW server, > * because that's where the CN check is only performed. */ > if (_gnutls_check_key_purpose(cert, GNUTLS_KP_TLS_WWW_SERVER, 0) != 0) > do { I think the use of break was the reason for this construction. Do you think we should open a bug for this code? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_189995109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:33:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:33:16 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1043 https://gitlab.com/gnutls/gnutls/merge_requests/1043 * a3235def...4171be91 - 2 commits from branch `master` * 6369deed - lib: mark infinite loops explicitly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:44:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:44:27 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_190013409 It seems I missed that. Sorry. Is it correct you are addressing #4? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_190013409 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:48:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:48:39 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_190017195 > p4 = p4->right; > } > move = DOWN; > - continue; > + tries++; Could you provide some more context in the commit message or in the code on this solution? I understand that this makes the reproducer not to work, but why 3? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_190017195 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:49:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:49:05 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Reassigned Merge Request 8 https://gitlab.com/gnutls/libtasn1/merge_requests/8 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:50:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:50:08 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_190018670 That was clear now from the description. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_190018670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:51:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:51:11 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: > Gentle ping, this does solve a CVE... Thanks for pinging, it seems I have missed that. Are you affected by this CVE? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_190019456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:55:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:55:47 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Ross Burton commented: Only in that it?s an open CVE. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_190023449 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 19:58:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 17:58:53 +0000 Subject: [gnutls-devel] libtasn1 | Detecting Bug in libtasn1-4.13 by fuzzing. (#4) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I believe that's what most distributions do today. In Fedora you can have libtasn1-tools and libtasn1 as separate packages. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/4#note_190025564 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 20:13:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 18:13:28 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 8 alerts** when merging 6369deed1386b52818e02ba9fa544c3de8bf1261 into 4171be91af3e5f06cdf6d26143ceaadc5699c985 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-e29197bbad46b58790a196cd6f0a79b27e03658d) **fixed alerts:** * 8 for Comparison result is always the same --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_190032993 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 20:28:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Jul 2019 18:28:54 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190039832 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, How will this work with existing software? Would they need to change the type on every call? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190039832 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 07:18:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 05:18:45 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1043 https://gitlab.com/gnutls/gnutls/merge_requests/1043 * e64327a7 - lib: mark infinite loops explicitly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 07:59:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 05:59:13 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 8 alerts** when merging e64327a7f78ee183c0766631be171c2d8cd4f042 into 4171be91af3e5f06cdf6d26143ceaadc5699c985 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-ec71ab7fc1b9b6c986030f7b76eeb6594b640ec9) **fixed alerts:** * 8 for Comparison result is always the same --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_190170694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 09:37:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 07:37:33 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: All discussions on Merge Request !1043 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/1043 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 09:38:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 07:38:00 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Tim R?hsen commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043#note_190206427 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 10:31:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 08:31:50 +0000 Subject: [gnutls-devel] GnuTLS | lib: mark infinite loops explicitly (!1043) In-Reply-To: References: Message-ID: Merge Request !1043 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1043 Branches: tmp-mark-infinite-loops to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 12:26:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 10:26:22 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Tim R?hsen commented: No why ? a const argument is just a promise that the called function doesn't change the memory it points to. Same with char pointers: you can give a 'char *' to a function argument that is 'const char *'. But if you try it the other way round, you'll see a warning (giving a 'const char *' to a 'char *' function argument). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190287598 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 12:26:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 10:26:42 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190287741 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, No why ? a const argument is just a promise that the called function doesn't change the memory it points to. Same with char pointers: you can give a 'char *' to a function argument that is 'const char *'. But if you try it the other way round, you'll see a warning (giving a 'const char *' to a 'char *' function argument). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190287741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 12:50:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 10:50:13 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190297163 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, Example: ``` #include typedef const char *char_const; void func(char_const p) { printf("%s\n", p); } void main(void) { const char *p = "hi"; char buf[16]; func(p); func(buf); } ``` Both calls to func() are fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190297163 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 14:43:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 12:43:13 +0000 Subject: [gnutls-devel] libtasn1 | CI updates (!10) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/10 Branches: tmp-ci-updates to master Author: Nikos Mavrogiannopoulos Assignees: Minor CI updates. ## Checklist * [x] Code modified for feature ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 14:47:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 12:47:57 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190349157 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, I was thinking whether a compile could warn about different types, but it seems neither gcc or clang do that. My next question is why typedef to a different type, and not prepent the const? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190349157 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 15:13:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 13:13:37 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1040 https://gitlab.com/gnutls/gnutls/merge_requests/1040 * 1f6bbcee - ext/session_ticket: avoid calling memcpy on overlapping memory areas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 15:15:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 13:15:09 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/ext/session_ticket.c: https://gitlab.com/gnutls/gnutls/merge_requests/1040#note_190362415 > _gnutls_write_uint16(ticket->encrypted_state_len, p); > p += 2; > > - memcpy(p, ticket->encrypted_state, ticket->encrypted_state_len); > + /* Encrypted state shall already be filled in by the caller. */ Thanks, I've expanded the comment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040#note_190362415 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 15:25:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 13:25:36 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190367268 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, That doesn't work out the way asn1_node is typedef'ed. Adding just a 'const' results *NOT* in 'const asn1_node_st *' (as wanted) but in 'asn1_node_st * const' which is semantically different. That's how C works, I couldn't work around it other than creating/typedefing 'asn1_node_const'. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190367268 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 16:16:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 14:16:03 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1031 https://gitlab.com/gnutls/gnutls/merge_requests/1031 * 8e968d72 - pkcs11: ignore login error when traversing tokens * 83ed2ed2 - tests: remove unused destructive/p11-kit-load.sh -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 16:17:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 14:17:32 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1031 https://gitlab.com/gnutls/gnutls/merge_requests/1031 * 3098ba2f - pkcs11: ignore login error when traversing tokens * bfcd576b - tests: remove unused destructive/p11-kit-load.sh -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 16:20:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 14:20:49 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: All discussions on Merge Request !1031 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/1031 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 16:20:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 14:20:48 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/pkcs11/list-objects.c: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_190396289 > + /* initialize auto - i.e., do module loading */ > + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL); > + if (ret != 0) { > + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); > + exit(1); > + } > + break; > + case 't': > + /* do trusted module loading */ > + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO_TRUSTED, NULL); > + if (ret != 0) { > + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); > + exit(1); > + } > + break; > + case 'v': No, removed unused options and add a test to exercise `-l all`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_190396289 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 21:36:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 19:36:38 +0000 Subject: [gnutls-devel] GnuTLS | Checked-in files in devel/ contain local paths that result in merge conflicts (#797) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Hi Tom, I'm removing the confidential because there is nothing sensitive here. This file is generated using the libabigail tools. Would you like to report this on the upstream abigail? https://sourceware.org/libabigail/#bugs -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/797#note_190502564 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 21:40:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Jul 2019 19:40:20 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190503326 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, Ok, makes sense. Let me however first add an ABI check into CI in !10 first, to ensure we are not breaking anything. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190503326 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 06:39:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 04:39:48 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1031 https://gitlab.com/gnutls/gnutls/merge_requests/1031 * fa5147c8 - pkcs11: ignore login error when traversing tokens * 49da45a3 - tests: remove unused destructive/p11-kit-load.sh -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 07:24:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 05:24:23 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Merge Request !1031 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1031 Branches: tmp-pkcs11-login-error to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 07:24:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 05:24:29 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031#note_190592641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 09:40:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 07:40:35 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: ignore login error when traversing tokens (!1031) In-Reply-To: References: Message-ID: Merge Request !1031 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1031 Branches: tmp-pkcs11-login-error to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1031 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 10:39:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 08:39:35 +0000 Subject: [gnutls-devel] libtasn1 | CI updates (!10) In-Reply-To: References: Message-ID: Merge Request !10 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/10 Branches: tmp-ci-updates to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 10:40:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 08:40:04 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190667548 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, Would you like to rebase on master? LGTM, so if it passes we can merge. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190667548 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 10:40:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 08:40:09 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: All discussions on Merge Request !9 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/libtasn1/merge_requests/9 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 10:50:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 08:50:05 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190672554 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, Rebased -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190672554 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 12:48:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 10:48:47 +0000 Subject: [gnutls-devel] GnuTLS | support: DTLS connection ID (#801) References: Message-ID: Nikos Mavrogiannopoulos created an issue: There is a DTLS protocol extension which counters the following problem. When a client changes IPs or ports (e.g., roaming, or firewall state times out and client changes port), it provides a constant connection ID for the server to track the client. - https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-06 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/801 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 12:49:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 10:49:37 +0000 Subject: [gnutls-devel] GnuTLS | support: DTLS connection ID (#801) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: A potential "customer" for this is openconnect server https://gitlab.com/openconnect/ocserv/issues/99 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/801#note_190729515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 12:55:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 10:55:18 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190732063 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, The ABI check seems to catch the type change, though it mentions `type size hasn't changed` and it looks safe to me. Instead of adding suppressions would you like to regenerate those abi dump files (run `make abi-dump-latest abi-dump-versioned`)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190732063 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 13:10:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 11:10:21 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190737736 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, Added a second commit for that. Or would you like to have this in the same commit ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190737736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 14:55:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 12:55:04 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190786050 > * length needed. > **/ > int > -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, > +asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, That's fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9#note_190786050 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 14:55:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 12:55:05 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: All discussions on Merge Request !9 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/libtasn1/merge_requests/9 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 14:56:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 12:56:12 +0000 Subject: [gnutls-devel] libtasn1 | Make use of const variant of asn1_node (!9) In-Reply-To: References: Message-ID: Merge Request !9 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/9 Branches: tmp-asn1_node_const to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 16:26:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 14:26:40 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @stefanberger seems to work great! @dwmw2 the code from openconnect is parsing keys in PEM form "BEGIN TSS2", but I cannot find any reference on how to generate them. `tpm2_create` seems to create a blob, which even if I put it under base64 under these headers it cannot be parsed. Any hints? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_190832975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 16:26:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 14:26:53 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Reassigned Issue 594 https://gitlab.com/gnutls/gnutls/issues/594 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 16:48:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 14:48:36 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: See https://gitlab.com/openconnect/openconnect/blob/master/gnutls_tpm2.c for the ASN.1 structure. There was an email thread with James a while back where we defined that and pinned down the correct OIDs. Hence the legacy structure for compatibility with his original engine, -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_190844068 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 17:16:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 15:16:52 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: But how could one generate these files? The tpm2-tools don't seem to generate them, and thus the value of a PEM parser seems quite low to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_190868293 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 18:13:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 16:13:37 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: Both OpenSSL ENGINEs (the TCG tss2-tpm-engine and James's IBM TSS openssl_tpm2_engine) create them. Only the latter can do so by wrapping existing keys; the TCG one is limited to creating new keys. A standalone tool to convert the bare pub and priv blobs and additional metadata into this form would also be a useful contribution to the TCG tools. We have also talked about making the TCG PKCS#11 capable of exporting and importing keys in this form. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_190890078 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 19:05:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 17:05:24 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Merge Request !1040 was approved by Hubert Kario (@mention me if you need reply) Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1040 Branches: tmp-session-ticket-valgrind to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 19:05:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 17:05:31 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: r+ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040#note_190908272 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 19:10:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 17:10:14 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: All discussions on Merge Request !1040 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/1040 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 19:10:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 17:10:20 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040#note_190909681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 19:10:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 17:10:27 +0000 Subject: [gnutls-devel] GnuTLS | ext/session_ticket: eliminate redundant memcpy (!1040) In-Reply-To: References: Message-ID: Merge Request !1040 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1040 Branches: tmp-session-ticket-valgrind to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 19:38:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 17:38:03 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: You have made me want to clean up some of the duplication and some of the gratuitous differences between my TCG and IBM implementations. Should I do that now or wait for what you are doing? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_190918618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 20:39:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 18:39:52 +0000 Subject: [gnutls-devel] GnuTLS | nettle/gost: support building with GOST-enabled Nettle (!1044) References: Message-ID: Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1044 Project:Branches: GostCrypt/gnutls:fix-gost to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1044 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 21:35:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Jul 2019 19:35:06 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Found the issue. The fact that the value was an OID was making processing with libtasn1 more tricky. Could you amend your patch with the following, and fix the line breaks in the commit message? [patch2.txt](/uploads/4f2aba674d5f3c55186a8fb77b5f368e/patch2.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_190957570 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 02:52:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 00:52:09 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Mike Gorse commented on a discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191014623 > p4 = p4->right; > } > move = DOWN; > - continue; > + tries++; Yes, issue 4. I had no particular reason for allowing 3 tries specifically. I was just trying to make the code bail rather than loop infinitely. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191014623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 07:08:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 05:08:31 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191050438 > p4 = p4->right; > } > move = DOWN; > - continue; > + tries++; Thanks. Would you like to add the Signoff-by in your commit? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191050438 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 07:09:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 05:09:54 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191050594 > p4 = p4->right; > } > move = DOWN; > - continue; > + tries++; I think increasing the recursion to something like 16 would solve the issue as well, and ensure less regressions to existing code. I'd also use a `define` to set the number. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191050594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 07:12:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 05:12:29 +0000 Subject: [gnutls-devel] libtasn1 | WIP: add reproducer for cve-2018-1000654 (!11) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/11 Branches: tmp-fix-cve-2018-1000654 to master Author: Nikos Mavrogiannopoulos Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 07:15:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 05:15:10 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you @mgorse for checking that. If you can update with the signoff I'll merge it. The reproducer, I'll use the one from !11 which is made separate from any existing tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191051325 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 07:24:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 05:24:18 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: > Both OpenSSL ENGINEs (the TCG tss2-tpm-engine and James's IBM TSS openssl_tpm2_engine) create them. Only the latter can do so by wrapping existing keys; the TCG one is limited to creating new keys. > A standalone tool to convert the bare pub and priv blobs and additional metadata into this form would also be a useful contribution to the TCG tools. We have also talked about making the TCG PKCS#11 capable of exporting and importing keys in this form. Ideally `tpm2-tools` output this form, so that a user doesn't need to figure out what to do with the output file. For the purpose of gnutls we can modify `certtool` to do this conversion but that is a usability nightmare. > You have made me want to clean up some of the duplication and some of the gratuitous differences between my TCG and IBM implementations. Should I do that now or wait for what you are doing? I'm only using the TCG implementation in that branch due to license. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_191052573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 10:31:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 08:31:45 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: civodul commented: Hey @nmav and @rockdaboot! I'd really like to get these patches merged. Please let me know if anything is missing. TIA! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191110486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 10:34:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 08:34:11 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: civodul commented: @rockdaboot I think we should be all set now. Please let me know if there's anything missing before this can be merged. TIA! :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_191111701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 11:06:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 09:06:09 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: All discussions on Merge Request !1026 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/1026 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 11:07:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 09:07:09 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: Tim R?hsen commented: Sorry, I might have missed your last update... LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_191134433 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 11:08:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 09:08:27 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: Merge Request !1026 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1026 Project:Branches: civodul/gnutls:guile-reauth to gnutls/gnutls:master Author: civodul Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 11:08:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 09:08:43 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: Merge Request !1026 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1026 Project:Branches: civodul/gnutls:guile-reauth to gnutls/gnutls:master Author: civodul Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 11:12:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 09:12:03 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Tim R?hsen commented: I have to leave this to @nmav - still a Fedora issue as it seems. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191139623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 12:48:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 10:48:24 +0000 Subject: [gnutls-devel] GnuTLS | Support post-handshake reauthentication in the Guile bindings (!1026) In-Reply-To: References: Message-ID: civodul commented: Awesome, thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1026#note_191186020 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 15:31:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 13:31:39 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: I was assuming you'd provide a tpm2tool which handled wrapping and creating keys etc.? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_191251985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 18:04:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 16:04:04 +0000 Subject: [gnutls-devel] GnuTLS | priority: add new option to allow small records (>= 64) (!1006) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: @dueno yes, that's what I had in mind. Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1006#note_191314596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 21:42:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Jul 2019 19:42:57 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Given that there are already a multitude of tools doing that is, I see little value in such a tool. One can use a pkcs11 wrapper to get the p11tool interface. What we miss in gnutls is a way to use keys generated by the TPM2 tools. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_191364662 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 13 09:38:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Jul 2019 07:38:39 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: What do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_191423818 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 13 12:45:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Jul 2019 10:45:51 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I want to help but I am not sure how. I have removed guile 2.2 from fedora30. Please advice if anything else is needed to change on gitlab.com/gnutls/build-images -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191441138 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 13 12:51:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Jul 2019 10:51:26 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Sorry I left guile 2.2 as you advised. Maybe because nothing depends on it the interpreter is 2.0. So should we move to 2.0 only? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191441524 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 13 17:46:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Jul 2019 15:46:22 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: civodul commented: Hello Nikos. I would advise testing first and foremost with Guile 2.2 because that's the current stable version, and only optionally (and separately) with Guile 2.0. I'm not familiar with Fedora so I cannot say by looking at the Dockerfile whether the result contains only 2.2, or whether it also contains 2.0. Thoughts? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191472642 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 11:19:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 09:19:50 +0000 Subject: [gnutls-devel] GnuTLS | nettle/gost: support building with GOST-enabled Nettle (!1044) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !1044 https://gitlab.com/gnutls/gnutls/merge_requests/1044 * da8e1b83 - nettle/gost: support building with GOST-enabled Nettle * 5df63c6f - nettle/backport: fix xts-backport guarding check -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1044 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 16:34:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 14:34:11 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: That's what we have now (2.2 devel files), and it fails because fedora applications like autogen build with 2.0, and that's why the updated script/m4 that you have fails as far as I understand. Unless we can solve this, let's go with 2.0 in fedora; would you like to check if we can test 2.2 on debian or any other of the systems we have? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191609620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 16:51:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 14:51:00 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Done now the f30 image has only the 2.0 version. Could you please restart the pipeline? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191611021 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 20:39:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 18:39:52 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Only the 3rd commit has a signoff-by header. There is also no need for multiple commits, could you merge the first and 3rd commit to a single one? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191629377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 21:57:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 19:57:11 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Mike Gorse commented: Fixes an infinite loop that can occur when calling asn1_parser2tree on a crafted file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191634525 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 22:02:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 20:02:12 +0000 Subject: [gnutls-devel] GnuTLS | Tests with RSA-PSS private_key and rsae/rsa-pss signature schemes. (#646) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #646: https://gitlab.com/gnutls/gnutls/issues/646 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/646 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 22:02:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 20:02:11 +0000 Subject: [gnutls-devel] GnuTLS | Tests with RSA-PSS private_key and rsae/rsa-pss signature schemes. (#646) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I've retested and I am unable to reproduce. Closing. [patch.txt](/uploads/d6f9ad2ac0e81f14b2f2ebcad6b899f0/patch.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/646#note_191634861 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 22:03:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 20:03:26 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Mike Gorse commented: Not sure if there's a way for me to do that other than closing the merge request, deleting my branch, creating a new branch, and opening a new merge request, so I guess I'll do that. (I had squash on merge enabled, but not sure what the commit message would look like if that is done, so I'll open a new request to be safe.) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191634943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 22:03:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 20:03:26 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Merge Request !8 was closed by Mike Gorse Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/8 Project:Branches: mgorse/libtasn1:master to gnutls/libtasn1:master Author: Mike Gorse Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 22:12:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 20:12:51 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!12) References: Message-ID: Mike Gorse created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/12 Project:Branches: mgorse/libtasn1:master to gnutls/libtasn1:master Author: Mike Gorse Assignees: Fixes issues/4 / CVE-2018-1000654Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/12 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 22:30:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 20:30:25 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fixed alerts returned on TLS1.3 corner cases (!1045) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1045 Project:Branches: nmav/gnutls:tmp-tls-fuzzer to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: This patch ensures that our alerts sent during TLS 1.3 certificate verify parsing conform to the spec. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with negative tests * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 22:30:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 20:30:35 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect error returned in TLS 1.3 when an unsupported signature algorithm is used by a client for Certificate Verify message signatures (#682) In-Reply-To: References: Message-ID: Reassigned Issue 682 https://gitlab.com/gnutls/gnutls/issues/682 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 14 22:30:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Jul 2019 20:30:40 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect error returned in TLS 1.3 when an unsupported signature algorithm is used by a client for Certificate Verify message signatures (#682) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.9 (May 29, 2019?Jul 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/22 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 06:31:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 04:31:28 +0000 Subject: [gnutls-devel] GnuTLS | Name Constraints applied to intermediate CA CN because CA certificate does not have Extended key usage (2.5.29.37) (#776) In-Reply-To: References: Message-ID: GnuTLS bot commented: @luizluca This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776#note_191673692 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 06:31:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 04:31:30 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: GnuTLS bot commented: @dwmw2 This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_191673694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 06:31:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 04:31:29 +0000 Subject: [gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139) In-Reply-To: References: Message-ID: Issue was closed by GnuTLS bot Issue #139: https://gitlab.com/gnutls/gnutls/issues/139 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 06:31:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 04:31:29 +0000 Subject: [gnutls-devel] GnuTLS | Name Constraints applied to intermediate CA CN because CA certificate does not have Extended key usage (2.5.29.37) (#776) In-Reply-To: References: Message-ID: Issue was closed by GnuTLS bot Issue #776: https://gitlab.com/gnutls/gnutls/issues/776 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 08:07:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 06:07:03 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos pushed new commits to merge request !1045 https://gitlab.com/gnutls/gnutls/merge_requests/1045 * b3ca79d8 - Fixed alerts returned on TLS1.3 corner cases -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 08:07:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 06:07:17 +0000 Subject: [gnutls-devel] GnuTLS | Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.9 (May 29, 2019?Jul 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/22 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 08:14:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 06:14:10 +0000 Subject: [gnutls-devel] libtasn1 | Detecting Bug in libtasn1-4.13 by fuzzing. (#4) In-Reply-To: References: Message-ID: Reassigned Issue 4 https://gitlab.com/gnutls/libtasn1/issues/4 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 09:43:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 07:43:27 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!12) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you! Merged with !11 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/12#note_191716545 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 09:43:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 07:43:27 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!12) In-Reply-To: References: Message-ID: Merge Request !12 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/12 Project:Branches: mgorse/libtasn1:master to gnutls/libtasn1:master Author: Mike Gorse Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/12 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 10:12:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 08:12:07 +0000 Subject: [gnutls-devel] libtasn1 | Fix and reproducer for cve-2018-1000654 (!11) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: It seems that more is necessary for fix. There is a crash when freeing the memory allocated internally due to the recursion. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/11#note_191727763 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 11:09:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 09:09:41 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: civodul commented: Hi! I've restarted it. Note that I'm testing with Guile 2.0, 2.2, and 2.9 (aka. "3.0") using Guix, so maybe it's fine if the Fedora image remains at 2.0. (Fedora package maintainers should consider upgrading to 2.2, but that's another story.) Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191754347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 12:04:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 10:04:30 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Ok, the problem seems to be more complex. autogen depends on guile 2.0 while other components in fedora depend on guile 2.2. That is, we must have both of them in the CI system as /usr/bin/guile and /usr/bin/guile2.2. Why does configure after the update needs only one version present? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_191780035 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 13:18:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 11:18:37 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) References: Message-ID: Tim R?hsen created an issue: To decode recorded TLS communication using Wireshark, one needs the session key (see https://wiki.wireshark.org/TLS#TLS_Decryption). How to do that with gnutls-cli (or an alternative gnutls tool) ? We currently need this for the Wget GSOC project to track down issues with stapled OCSP responses. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 13:22:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 11:22:49 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!12) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Unfortunately the fix doesn't seem to be sufficient. If an error is returned instead of success there is a crash while freeing the allocated memory. I suspect that the recursion is mapped to allocated memory too. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/12#note_191811890 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 13:31:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 11:31:14 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Daiki Ueno commented: GnuTLS is also capable of the `SSLKEYLOGFILE` envvar mentioned in the link. So something like this should work: ```sh $ tshark -o "tls.desegment_ssl_records: TRUE" \ -o "tls.desegment_ssl_application_data: TRUE" \ -o "tls.keylog_file: $PWD/keylog.txt" \ -i lo -Px -O tls -Y "tcp.port == 5556" ``` and connect with gnutls-cli: ```sh $ SSLKEYLOGFILE=$PWD/keylog.txt gnutls-cli ... ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191815021 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 15:02:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 13:02:04 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented: Oh, nice - thank you @dueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191857008 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 15:02:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 13:02:05 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #802: https://gitlab.com/gnutls/gnutls/issues/802 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 15:24:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 13:24:46 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented: BTW, the code of `_gnutls_nss_keylog_write()` in `lib/kx.c` is not thread safe. It uses global and static variables without mutex locking. Potential leak of `keylog` file pointer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191867911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 15:40:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 13:40:44 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Are you sure about it? There is a keylog_mutex in the same file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191876004 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 15:56:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 13:56:13 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented: It's obvious. `keylog = fopen()` is outside the mutex lock/unlock. It's protected by a global state variable - that is set and checked also outside the mutex. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191884045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 15:57:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 13:57:23 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented: I can suggest a fix, if you like. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191884582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 16:15:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 14:15:31 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Daiki Ueno commented: I guess one way to fix this is to move that part to the global initializer (`_gnutls_global_init`) which shall be called only once from the ELF constructor. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191893574 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 16:35:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 14:35:31 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented: Technically yes. But that adds overhead to anyone who is using libgnutls, while addressing this in `_gnutls_nss_keylog_write()` only has overhead if your path of execution comes here. Some kind of 'lazy loading'. One possible fix would be ``` diff --git a/lib/kx.c b/lib/kx.c index 69374908e..9b509ccbc 100644 --- a/lib/kx.c +++ b/lib/kx.c @@ -78,17 +78,22 @@ void _gnutls_nss_keylog_write(gnutls_session_t session, static unsigned checked_env = 0; if (!checked_env) { - checked_env = 1; - keylogfile = secure_getenv("SSLKEYLOGFILE"); - if (keylogfile != NULL) - keylog = fopen(keylogfile, "a"); + GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex); + + if (!checked_env) { + checked_env = 1; + keylogfile = secure_getenv("SSLKEYLOGFILE"); + if (keylogfile != NULL) + keylog = fopen(keylogfile, "a"); + } + + GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex); } if (keylog) { char client_random_hex[2*GNUTLS_RANDOM_SIZE+1]; char secret_hex[2*MAX_HASH_SIZE+1]; - GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex); fprintf(keylog, "%s %s %s\n", label, _gnutls_bin2hex(session->security_parameters. @@ -98,8 +103,9 @@ void _gnutls_nss_keylog_write(gnutls_session_t session, _gnutls_bin2hex(secret, secret_size, secret_hex, sizeof(secret_hex), NULL)); fflush(keylog); - GNUTLS_STATIC_MUTEX_UNLOCK(keylog_mutex); } + + GNUTLS_STATIC_MUTEX_UNLOCK(keylog_mutex); } void _gnutls_nss_keylog_deinit(void) ``` It adds an additional lock/unlock for the very first call. We could fine-tune it down to one lock/unlock with some slight additional code complexity. WDYT ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191905039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 16:52:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 14:52:06 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented: Sorry, didn't save my changes. Updated the above patch/code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191924345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 16:58:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 14:58:09 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented: And possibly `checked_env` should be a `volatile`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191928694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 18:21:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 16:21:57 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/802#note_191968390 > But that adds overhead to anyone who is using libgnutls, while addressing this in _gnutls_nss_keylog_write() only has overhead if your path of execution comes here. Some kind of 'lazy loading'. Hmm, I'm not sure. Even if the user doesn't want the keylog file feature, the additional overhead in the init function would be just one call of `secure_getenv`. > It adds an additional lock/unlock for the very first call. We could fine-tune it down to one lock/unlock with some slight additional code complexity. WDYT ? I was thinking to emulate `pthread_once` somehow (though iirc we can't use that function directly because of the libpthread dependency on glibc systems). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_191968390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 15 19:33:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 17:33:41 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191993557 Mike Gorse @mgorse ? 21 hours ago > Not sure if there's a way for me to do that other than closing the merge request, deleting my branch, creating a new branch, and opening a new merge request, so I guess I'll do that. (I had squash on merge enabled, but not sure what the commit message would look like if that is done, so I'll open a new request to be safe.) Using a bigger hammer should work. ;-) git push --force -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_191993557 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 00:50:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Jul 2019 22:50:01 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: Sure. Will do this. Can take a week. Currently OOO. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_192075273 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 10:12:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 08:12:03 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/802#note_192201926 > Even if the user doesn't want the keylog file feature, the additional overhead in the init function would be just one call of secure_getenv. Since `_gnutls_nss_keylog_deinit()` is already called from `_gnutls_global_deinit()`, we can split out `gnutls_nss_keylog_init()` and call it from ` _gnutls_global_init()`. Then we wouldn't need `pthread_once()`. WDYT ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_192201926 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 10:18:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 08:18:06 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/802#note_192204605 Since fprintf() and fflush() are documented as thread safe, do we need a mutex at all ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_192204605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 11:02:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 09:02:37 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/802#note_192225571 Moving the code to `_gnutls_global_init()` means that `SSLKEYLOGFILE` has to be set before library initialization. This breaks `tests/keylog-env`. You can't use `setenv("SSLKEYLOGFILE")` inside a program any more, e.g. to switch key saving on and off. Even currently, key saving can only be switched on and never be switched off during a program run. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_192225571 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 11:47:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 09:47:43 +0000 Subject: [gnutls-devel] GnuTLS | Fix race condition when logging keys (!1046) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1046 Branches: tmp-keylog-threadsafe to master Author: Tim R?hsen Assignees: Moves keylog initialization to _gnutls_global_init() as discussed in #802 That means SSLKEYLOGFILE has to be set before starting the application - or more exactly - before library initialization. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 11:48:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 09:48:08 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/802#note_192252111 See my code suggestion in !1046 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_192252111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 14:44:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 12:44:39 +0000 Subject: [gnutls-devel] GnuTLS | Fix documented params for gnutls_certificate_retrieve_function3() (!1047) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1047 Branches: tmp-fix-doc-gnutls_certificate_set_retrieve_function3 to master Author: Tim R?hsen Assignees: In our GSOC project we had a hard time to figure this out. There was no crash, just the stapled OCSP response wasn't send. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1047 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 15:15:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 13:15:39 +0000 Subject: [gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/802#note_192353463 > Moving the code to _gnutls_global_init() means that SSLKEYLOGFILE has to be set before library initialization. Sorry for contradicting myself, but this might be actually a limitation as it removes a way for an application to enable SSLKEYLOGFILE after startup. I've checked how other libraries do: OpenSSL doesn't do writing but leaves application to do the job through [a callback](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_keylog_callback.html), and NSS delays the initialization until the default settings are applied. Either approach seems sensible to me, as well as introducing a lock as you did in the original patch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_192353463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 16:18:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 14:18:42 +0000 Subject: [gnutls-devel] libtasn1 | Fix and reproducer for cve-2018-1000654 (!11) In-Reply-To: References: Message-ID: Merge Request !11 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/11 Branches: tmp-fix-cve-2018-1000654 to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 16:18:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 14:18:48 +0000 Subject: [gnutls-devel] libtasn1 | Detecting Bug in libtasn1-4.13 by fuzzing. (#4) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !11 (https://gitlab.com/gnutls/libtasn1/merge_requests/11) Issue #4: https://gitlab.com/gnutls/libtasn1/issues/4 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 16:18:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 14:18:44 +0000 Subject: [gnutls-devel] libtasn1 | Detecting Bug in libtasn1-4.13 by fuzzing. (#4) In-Reply-To: References: Message-ID: Issue was closed by Mike Gorse via commit 1213efef01cd0e58dff341e126b1af180cc27a1e Issue #4: https://gitlab.com/gnutls/libtasn1/issues/4 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 16:40:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 14:40:39 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Stefan Berger commented: @nmav FYI: swtpm-0.2.0 should become available on F{F29,30,rawhide}'s updates-testing repos soon. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_192405382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 17:10:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 15:10:32 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: The TPM2 tools currently provide two separate opaque blobs which lack any indication of how they're supposed to be used (parent key, etc.). We should fix them to use the ASN.1 format that we've defined. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_192430095 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 17:12:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Jul 2019 15:12:24 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: David Woodhouse commented: All my testing was done with keys created by the two ENGINE implementations. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_192430966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 07:58:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 05:58:05 +0000 Subject: [gnutls-devel] GnuTLS | Name Constraints applied to intermediate CA CN because CA certificate does not have Extended key usage (2.5.29.37) (#776) In-Reply-To: References: Message-ID: Luiz Angelo Daros de Luca commented: > (3) I'm not sure whether that adds any value. What is the actual problem you are pointing? Are there valid certificate chains that will fail this name constraints check? You can have a server certificate without a SubAltName.DNS and with an not DNS-usable CN value. OpenVPN, for example, does not validate certificate name by default. It is common to have VPN server with something like: "CN=Server" or even "CN=VPN Server". As this CN is not an usable DNS name (does not have a dot), you can skip DNS name constraint test. Windows and OpenSSL does not reject with it but gnutls will reject it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776#note_192632005 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 07:58:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 05:58:08 +0000 Subject: [gnutls-devel] GnuTLS | Name Constraints applied to intermediate CA CN because CA certificate does not have Extended key usage (2.5.29.37) (#776) In-Reply-To: References: Message-ID: Issue was reopened by Luiz Angelo Daros de Luca Issue 776: https://gitlab.com/gnutls/gnutls/issues/776 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 09:54:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 07:54:58 +0000 Subject: [gnutls-devel] GnuTLS | Fix race condition when logging keys (!1046) In-Reply-To: References: Message-ID: Merge Request !1046 was closed by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1046 Branches: tmp-keylog-threadsafe to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 10:06:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 08:06:29 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I moved the CI to guile 2.0 only and I had to revert that because `make dist` requires guile 2.2... I opened a bug in fedora to move autogen to 2.2, that may at least remove the 2.0 interpreter from our CI in the future, but for now we have to live with multiple being present. Ludo is there some way to tell configure which one to use so the error you see is gone? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_192672130 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 10:13:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 08:13:28 +0000 Subject: [gnutls-devel] GnuTLS | Name Constraints applied to intermediate CA CN because CA certificate does not have Extended key usage (2.5.29.37) (#776) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: So is the issue here that name constraints in gnutls apply to CN when no SubAltName.DNS is present and the CN is not a valid DNS name? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776#note_192675129 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 11:19:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 09:19:53 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: The status of the code in `tmp-tpm2` branch is that it incorporates the tpm2 code and will load (non-legacy) files with the TSS header from `gnutls_privkey_import_x509_raw` (and other high level functions which use it). There is an incomplete test of this functionality which uses tpm2-tools, but I'm stuck with being able to convert from the form `tpm2-tools` outputs, to the PEM form and the TSS header. There are few options at this point: - One option is to extend tpm2-tools to output the PEM form. I've opened https://github.com/tpm2-software/tpm2-tools/issues/1599 - Give up transparent loading and have a tpm2 specific routine (looks like a usability nightmare) - Give up on direct usage of tpm2 keys and rely on https://github.com/tpm2-software/tpm2-pkcs11 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_192707142 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 11:24:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 09:24:53 +0000 Subject: [gnutls-devel] GnuTLS | Fix documented params for gnutls_certificate_retrieve_function3() (!1047) In-Reply-To: References: Message-ID: Merge Request !1047 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1047 Branches: tmp-fix-doc-gnutls_certificate_set_retrieve_function3 to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1047 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 11:25:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 09:25:01 +0000 Subject: [gnutls-devel] GnuTLS | Fix documented params for gnutls_certificate_retrieve_function3() (!1047) In-Reply-To: References: Message-ID: Merge Request !1047 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1047 Branches: tmp-fix-doc-gnutls_certificate_set_retrieve_function3 to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1047 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 12:49:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 10:49:42 +0000 Subject: [gnutls-devel] libtasn1 | gnulib: keep a single gnulib in the repo (!13) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/13 Branches: tmp-single-gnulib-copy to master Author: Nikos Mavrogiannopoulos Assignees: This reduces the complexity in the library by removing the two copies of gnulib. ## Checklist * [x] Code modified for feature ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 14:26:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 12:26:28 +0000 Subject: [gnutls-devel] GnuTLS | Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: > "comment" : "tlsfuzzer doesn't like our set of algorithms (e.g., ed25519)", and the `-s` option to the test script doesn't work because...? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045#note_192786107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 15:16:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 13:16:52 +0000 Subject: [gnutls-devel] GnuTLS | Possible code simplifications using gnulib's pthread modules (#803) References: Message-ID: Tim R?hsen created an issue: Two days ago, Bruno Haible announced a bunch of new modules for gnulib, which look very promising. It means, we could get rid off our own thread checking/compat code (configure.ac, lib/locks.h). Bruno's message from the gnulib ML: I'm committing a set of gnulib modules that support the essential portion of POSIX and its functions. * pthread-h: A POSIX-like . * pthread-thread: Creating and controlling POSIX threads. * pthread-once: POSIX once-only control. * pthread-mutex: POSIX mutexes (locks). * pthread-rwlock: POSIX read-write locks. * pthread-cond: POSIX condition variables. * pthread-tss: POSIX thread-specific storage. * pthread-spin: POSIX spin locks. * pthread: Now merely a convenience wrapper for all of the above. This has been tested on all customary platforms, from glibc systems up to native Windows with MSVC, and Android. Like for the older 'thread', 'lock', 'cond', 'tls' modules, on mingw systems the installing user can choose among --enable-threads=posix (which uses the mingw winpthreads library) and --enable-threads=windows (which uses native Windows code, like on MSVC). The default currently is --enable-threads=posix. The package developer can change the default by placing an invocation to gl_AVOID_WINPTHREAD in the configure.ac file. Why is this useful? Because the pthread-tss test hangs with --enable-threads=posix but works fine with --enable-threads=windows -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/803 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 17:15:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 15:15:33 +0000 Subject: [gnutls-devel] GnuTLS | Please add new function gnutls_ocsp_resp_set_single() to allow building an OCSP responder (#804) References: Message-ID: Tim R?hsen created an issue: Looking at https://www.gnutls.org/manual/html_node/OCSP-certificate-status-checking.html, there seems to be missing a function to generate OCSP responses (or fill the response structure with values). It would be very nice to have a pure GnuTLS OCSP responder for the GNU Wget2 test suite. Currently we manually start the 'openssl ocsp' tool and save the OCSP response to disk for later use. This adds OpenSSL as maintainer dependency and is clumsy - not talking about outdating time values in the response. What we basically need is ``` int gnutls_ocsp_resp_set_single (gnutls_ocsp_resp_t resp, unsigned indx, gnutls_digest_algorithm_t digest, gnutls_datum_t * issuer_name_hash, gnutls_datum_t * issuer_key_hash, gnutls_datum_t * serial_number, unsigned int cert_status, time_t this_update, time_t next_update, time_t revocation_time, unsigned int revocation_reason) ``` plus an example. (Don't nail me for the details of such a function). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/804 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 17:19:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 15:19:16 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Daiki Ueno commented: This might be unrelated, but FYI: I had to set some envvars (`guile_snarf`, `GUILD`) to build gnutls package with guile 2.2 in Fedora rawhide: https://src.fedoraproject.org/rpms/gnutls/c/863812f9e4bbb8ca36462fe1f799721226c0824e?branch=master Those programs are checked manually in configure.ac (not m4/guile.m4) but the checks don't take into account of the version suffix. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_192878619 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 18:46:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 16:46:21 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !920 https://gitlab.com/gnutls/gnutls/merge_requests/920 * bc8f21b3...4416da13 - 56 commits from branch `master` * 48d72b5e - lib: define TC26 GOST curves * a6d73873 - nettle/gost: provide GOST 28147-89 CNT mode * 0749327f - nettle/gost: provide GOST 28147-89 IMIT MAC mode * 438f7b42 - lib: provide GOST 28147-89 CNT mode support * 53093139 - lib: provide GOST 28147-89 IMIT MAC support * 81a021e2 - nettle: provide GOST 28147-89 CNT mode support * e874e940 - nettle: provide GOST 28147-89 IMIT MAC support * badf6e50 - nettle/gost: provide GOST keywrapping support * 42dfb9e5 - nettle/gost: add support for GOST VKO algorithm * 3324bc30 - _gnutls_pk_derive: add argument for nonce * 60a9ee6b - nettle: add support for GOST key derivation * 5dab91e2 - mpi: add _gnutls_mpi_bprint_size_le() * 9995aac0 - pk: support little endian GOST signatures * 959c4f9b - Allow using implicit IV for stream ciphers with TLS * b09d8439 - Support GOST certificate request values * b424a965 - Add GOST key transport support * c688da13 - groups: add function to return group by curve * 54677e96 - Add support for VKO GOST key exchange * 3f38ad7a - Support GOST cipher suite MAC calculation * 5996f746 - Add GOST cipher suites * 2cf86bca - Declare groups corresponding to GOST curves * 04aa98d2 - Add GOST values to cipher suites priorities * ba4b45aa - Swap TLS signatures in case we are signing them with GOST keys * f4d191c4 - prf: add GOST R 34.11-94 and Streebog PRF support * 53e9ef11 - tests: add tests for KX-GOST-VKO using different key variants * 439d573f - lib: fix group selection in case of GOST cipher suites * cc708a4f - tests: added testcases for ciphersuite/KX negotiation with VKO-GOST * ff20913d - lib/algorithms: add AID values assigned by IANA * 1909347a - lib: pubkey vs TLS signature compatibility for GOST algorithms * 587b16f7 - cli-debug: include GOST VKO into KX list * 495782fc - priority: add GROUP-GOST-ALL keyword * 2cc62f97 - psk-file: fix dhe test * a55857c9 - nettle/pk: add support for "new" TC26 256 B curve * 30d4baa3 - ecc: define curve->group relationship * 9cfded4d - ext/supported_groups: don't consider non-EC groups for EC * 4153f7b9 - ext/signature: use GOST signatures for GOST ciphersiuites -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 18:50:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 16:50:08 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/nettle/cipher.c: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192921234 > gost28147_set_key(ctx, key); > gost28147_set_param(ctx, &gost28147_param_CryptoPro_D); > } > + > +static void > +_gost28147_cnt_set_key_tc26z(void *ctx, const uint8_t *key) > +{ I'd prefer to keep them separate: one touches common nettle-related code, other one touches 'backport' code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192921234 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 18:50:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 16:50:21 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/nettle/mac.c: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192921349 > set_nonce_func set_nonce; > }; > > +#if ENABLE_GOST And this one too. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192921349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 18:51:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 16:51:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/nettle/gost/gostdsa-vko.c: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192921600 > + not, see http://www.gnu.org/licenses/. > +*/ > + > +#if HAVE_CONFIG_H > +# include "config.h" > +#endif > + > +#include > + > +#include > + > +#include "ecc-internal.h" > +#include "gostdsa.h" > + > +int > +gostdsa_vko(const struct ecc_scalar *key, Work in progress. For the curves I'm waiting for ed488 branch to settle in, then I can submit my changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192921600 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 18:51:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 16:51:44 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/crypto-backend.h: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192921749 > gnutls_mac_output_func output; > gnutls_mac_deinit_func deinit; > gnutls_mac_fast_func fast; > + gnutls_mac_copy_func copy; We now have `mac_copy` in mainline, resolving. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192921749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 18:53:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 16:53:31 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/includes/gnutls/abstract.h: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192922259 > * @GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT: Keys generated or imported as provable require an extended format which cannot be read by previous versions > * of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way, > * even if the information about the seed used will be lost. > + * @GNUTLS_PRIVKEY_SIGN_FLAG_GOST_RS_LE: Swap generated GOST 34.10 signature byte order (mainly for TLS CertificateVerify message). This one is tricky. The problem is that in all other places (certificates, CMS, etc) GOST signature uses other byte order. Only TLS CertificateVerify message uses this byteorder. I can move support for this "feature" back to packet generation and byteswap the signature there. What would you recommend? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192922259 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 18:56:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 16:56:53 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/auth/vko_gost.c: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192923153 > + i += len; > + > + cek.data = &data[i]; > + cek.size = ret; > + > + DECR_LEN(data_size, ret); > + > + if (data_size != 0) > + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); > + > + ret = calc_ukm(session, &ukm); > + if (ret < 0) > + return gnutls_assert_val(ret); > + > + if (!privkey || privkey->type != GNUTLS_PRIVKEY_X509) { > + gnutls_assert(); We have to do a VKO operation (basically `priv * pub` operation). I can restructure the code if you suggest a way to abstract that operation. For now I have to call `_gnutls_pk_derive_nonce()` internally. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192923153 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 19:30:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 17:30:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **introduces 1 alert** when merging 4153f7b9a7189263fcb47a72ff52a0f6c14ef7e4 into 4416da13f0975476d83452c9d6d093aec9ebb27e - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-83a3de8c2485c1e4cc733bc35e56911b20ed825d) **new alerts:** * 1 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192935568 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 22:15:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 20:15:06 +0000 Subject: [gnutls-devel] GnuTLS | Possible code simplifications using gnulib's pthread modules (#803) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Seeing that windows is a low priority [and rarely tested platform for gnulib](https://www.gnu.org/software/gnulib/manual/html_node/Target-Platforms.html), and the fact that the code we have now is well tested and minimal, I do not see a significant benefit from moving that code. I understand that we will "delegate" this code to gnulib, but unless we have a reason to (e.g., too complex, or too convoluted), I see little benefit from doing so. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/803#note_192982648 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 22:27:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 20:27:30 +0000 Subject: [gnutls-devel] GnuTLS | Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I did not claim it does not work. I just do not enable this test similarly to `test-rsa-pss-sigs-on-certificate-verify.py`. That could be done in a different MR, but would require additional changes to share the list of algorithms and possibly a better way to visualize the input. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045#note_192986289 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 22:36:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 20:36:56 +0000 Subject: [gnutls-devel] GnuTLS | Please add new function gnutls_ocsp_resp_set_single() to allow building an OCSP responder (#804) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: It may not be that hard to add and we can take advantage of it internally too for our testsuite. It will also need a function to sign the response as well (and in that case some of the parameters passed in the example prototype you have above will be unnecessary). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/804#note_192988536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 22:53:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 20:53:12 +0000 Subject: [gnutls-devel] libtasn1 | gnulib: keep a single gnulib in the repo (!13) In-Reply-To: References: Message-ID: Merge Request !13 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/13 Branches: tmp-single-gnulib-copy to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 23:35:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 21:35:32 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on tests/psk-file.c: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_193005146 > run_test2("NORMAL:+PSK", NULL, "jas", &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); > run_test2("NORMAL:-KX-ALL:+PSK", NULL, "non-hex", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_KEYFILE_ERROR); > > - run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL", "jas", &key, 0, 0); > + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL:-GROUP-GOST-ALL", "jas", &key, 0, 0); Should be fixed now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_193005146 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 23:36:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 21:36:14 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_193005556 Resolved now. I've just removed usage of group->curve mapping from VKO_GOST auth. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_193005556 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 00:11:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 22:11:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov pushed new commits to merge request !920 https://gitlab.com/gnutls/gnutls/merge_requests/920 * 4dc93734 - fixup! pk: support little endian GOST signatures * 5d4a8f42 - fixup! Add support for VKO GOST key exchange * da25b99b - fixup! psk-file: fix dhe test -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 00:16:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 22:16:00 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_193012633 > GNUTLS_GROUP_FFDHE4096, > GNUTLS_GROUP_FFDHE6144, > GNUTLS_GROUP_FFDHE8192, > +#ifdef ENABLE_GOST > + GNUTLS_GROUP_GC256A, > + GNUTLS_GROUP_GC256B, > + GNUTLS_GROUP_GC256C, Why not? They are just groups/curves. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_193012633 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 01:01:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Jul 2019 23:01:12 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **introduces 1 alert** when merging da25b99b9f597a288a8b74b0b37e84b502519693 into 4416da13f0975476d83452c9d6d093aec9ebb27e - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-6170fd5dc43019dd1786d3a1958ceced2a4224e7) **new alerts:** * 1 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_193020767 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 04:06:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 02:06:31 +0000 Subject: [gnutls-devel] GnuTLS | Name Constraints applied to intermediate CA CN because CA certificate does not have Extended key usage (2.5.29.37) (#776) In-Reply-To: References: Message-ID: Luiz Angelo Daros de Luca commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/776#note_193055184 Yes, that is the one issue. Second, I'm not sure if the verify_crt() assumptions if one use it validating an CA certificate, not a server one. Is it meant to be used for that too? And also, as you mentioned, gnutls missing directory validation. Adding that will require some change in the verify_crt() function logic. Does this more a feature request than a bug. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776#note_193055184 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 10:20:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 08:20:33 +0000 Subject: [gnutls-devel] libtasn1 | Tmp remove m4 gl (!14) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/14 Branches: tmp-remove-m4-gl to master Author: Tim R?hsen Assignees: Remove bootstrap-generated files from the git repo ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 10:43:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 08:43:49 +0000 Subject: [gnutls-devel] libtasn1 | Added code coverage capture which is included in web site (!15) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/15 Branches: tmp-coverage to master Author: Nikos Mavrogiannopoulos Assignees: This auto-generates a coverage report. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/15 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 10:47:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 08:47:48 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/16 Branches: tmp-include-version to master Author: Tim R?hsen Assignees: Created version number defines for version checking. Introduces new version numbering scheme minor.major.patch. Closes #7 ## Checklist * [*] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 11:05:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 09:05:22 +0000 Subject: [gnutls-devel] libtasn1 | Fix syntax-check (!17) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/17 Branches: tmp-fix-syntax-check to master Author: Tim R?hsen Assignees: Fix syntax-check ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/17 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 11:07:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 09:07:34 +0000 Subject: [gnutls-devel] libtasn1 | Fix syntax-check (!17) In-Reply-To: References: Message-ID: Merge Request !17 was closed by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/17 Branches: tmp-fix-syntax-check to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/17 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 11:15:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 09:15:38 +0000 Subject: [gnutls-devel] libtasn1 | Remove maint.mk from repo (!18) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/18 Branches: tmp-remove-maint.mk to master Author: Tim R?hsen Assignees: maint.mk is auto-generated by bootstrap ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/18 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 11:41:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 09:41:07 +0000 Subject: [gnutls-devel] libtasn1 | Tmp remove m4 gl (!14) In-Reply-To: References: Message-ID: Merge Request !14 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/14 Branches: tmp-remove-m4-gl to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 13:33:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 11:33:35 +0000 Subject: [gnutls-devel] libtasn1 | Remove maint.mk from repo (!18) In-Reply-To: References: Message-ID: Merge Request !18 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/18 Branches: tmp-remove-maint.mk to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/18 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 13:33:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 11:33:37 +0000 Subject: [gnutls-devel] libtasn1 | Remove maint.mk from repo (!18) In-Reply-To: References: Message-ID: Merge Request !18 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/18 Branches: tmp-remove-maint.mk to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/18 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 13:36:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 11:36:37 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on configure.ac: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193252265 > # along with this program. If not, see . > > AC_PREREQ([2.63]) > -AC_INIT([GNU Libtasn1],[4.14],[help-libtasn1 at gnu.org]) > +AC_INIT([GNU Libtasn1],[4.14.0],[help-libtasn1 at gnu.org]) Is 4.14.0 > 4.13? Most likely yes, but if there are distributions which this cannot be answered by their infrastructure they will not be able to move to 4.14 easily and it is a bug fix release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193252265 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 13:37:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 11:37:37 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on configure.ac: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193252583 > # along with this program. If not, see . > > AC_PREREQ([2.63]) > -AC_INIT([GNU Libtasn1],[4.14],[help-libtasn1 at gnu.org]) > +AC_INIT([GNU Libtasn1],[4.14.0],[help-libtasn1 at gnu.org]) I'd suggest to wait for a major version update to change the numbering scheme, or at least for a neutral time release (without significant changes). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193252583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 13:41:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 11:41:36 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: The windows build errors may be because of the mingw package being present. Maybe we should do a `dnf remove -y mingw32-libtasn1 mingw64-libtasn1`, to ensure compilation there happens with the right headers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193254214 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 13:51:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 11:51:08 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on configure.ac: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193258350 > # along with this program. If not, see . > > AC_PREREQ([2.63]) > -AC_INIT([GNU Libtasn1],[4.14],[help-libtasn1 at gnu.org]) > +AC_INIT([GNU Libtasn1],[4.14.0],[help-libtasn1 at gnu.org]) What do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193258350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 14:34:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 12:34:11 +0000 Subject: [gnutls-devel] libtasn1 | Added code coverage capture which is included in web site (!15) In-Reply-To: References: Message-ID: Merge Request !15 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/15 Branches: tmp-coverage to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/15 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 14:39:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 12:39:24 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on configure.ac: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193278855 > # along with this program. If not, see . > > AC_PREREQ([2.63]) > -AC_INIT([GNU Libtasn1],[4.14],[help-libtasn1 at gnu.org]) > +AC_INIT([GNU Libtasn1],[4.14.0],[help-libtasn1 at gnu.org]) We could use `4.14` in configure.ac and hard-code ASN1_VERSION_PATCH to 0. That way we have both, backwards compatibility and reasonable version information. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193278855 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 14:42:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 12:42:10 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193280182 Hmmm, maybe better fix this in the appropriate Makefile.am. It means that the include paths are not set correctly. And it's pretty common that we have a system libtasn1+includes *and* a custom build. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193280182 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 14:55:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 12:55:16 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) References: Message-ID: Daiki Ueno created an issue: ## Description of problem: Maybe this is a false-positive in valgrind, but it reports "Conditional jump or move depends on uninitialised value(s)" when I access a certain position of CHOICE node name returned by `asn1_read_value`, i.e., ```c data_size = sizeof(data); result = asn1_read_value (node2, "", data, &data_size); if (result != ASN1_SUCCESS) { printf ("error in %d\n", __LINE__); exit (1); } if (strcmp (data, "012345678901234") == 0) // <-- { printf ("error in %d\n", __LINE__); exit (1); } ``` Interestingly, valgrind doesn't complain if the needle is shorter than 16 nor the program is compiled with -O0. ## Version of libtasn1 used: git master ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) ## How reproducible: * Apply [libtasn1-valgrind.patch](/uploads/8308e39fc5d84559862c5c0cfbdff6be/libtasn1-valgrind.patch) to `tests/Test_choice.c` and do the following: ```sh $ ./configure CFLAGS="-O2 -g3 -Wall" $ make $ make check LOG_COMPILER="valgrind --error-exitcode=1" TESTS=Test_choice V=1 $ cat tests/Test_choice.log ``` ## Actual results: The log contains: ``` ==1297== Conditional jump or move depends on uninitialised value(s) ==1297== at 0x4013DD: main (Test_choice.c:122) ``` ## Expected results: The log shouldn't contain the error. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 15:14:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 13:14:55 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193294953 I guess the issue is: libtasn1.h is generated from libtasn1.h.in, and the $(builddir) wasn't included in AM_CPPFLAGS. Let's make another try... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193294953 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 15:32:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 13:32:09 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Tim R?hsen commented: Not reproducible here (Debian unstable). gcc 8.3.0, valgrind 3.15.0, libc 2.28-10. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_193303573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:16:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:16:07 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: The libtasn1 node contains the following: ``` #define ASN1_SMALL_VALUE_SIZE 16 struct asn1_node_st { /* public fields: */ char name[ASN1_MAX_NAME_SIZE + 1]; /* Node name */ unsigned int name_hash; unsigned int type; /* Node type */ unsigned char *value; /* Node value */ int value_len; asn1_node down; /* Pointer to the son node */ asn1_node right; /* Pointer to the brother node */ asn1_node left; /* Pointer to the next list element */ /* private fields: */ unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */ /* values used during decoding/coding */ int tmp_ival; unsigned start; /* the start of the DER sequence - if decoded */ unsigned end; /* the end of the DER sequence - if decoded */ }; ``` It can store data <16 bytes inside the node (small_value), or allocate more data if larger. That from what you write seems to be related to allocated data in `_asn1_set_value`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_193327009 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:18:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:18:50 +0000 Subject: [gnutls-devel] libtasn1 | Remove maint.mk from repo (!18) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Hmmm, is that necessary? `make autoreconf` no longer works, and the oss-fuzz testing of gnutls will break. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/18#note_193328830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:28:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:28:01 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: btw. if I add a printf() of data before strcmp() the warning is printed on strcmp(), but not on printf. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_193336201 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:30:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:30:10 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/libtasn1/issues/9#note_193338199 I should have written down the version numbers but it can only be reproduced with: - valgrind-3.15.0-9.fc30.x86_64 - glibc-2.29-15.fc30.x86_64 - gcc-9.1.1-1.fc30.x86_64 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_193338199 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:34:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:34:19 +0000 Subject: [gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/libtasn1/issues/9#note_193341717 Looks like so and if I replace `strcmp` with a length check + `memcmp` the error is gone. Here is the disassembly gathered by Mark Wielaard: ``` $ ASN1CHOICE=choice.asn libtool --mode=execute valgrind --vgdb-error=0 ./Test_choice ==18694== Memcheck, a memory error detector ==18694== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==18694== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==18694== Command: ./Test_choice ==18694== ==18694== (action at startup) vgdb me ... ==18694== ==18694== TO DEBUG THIS PROCESS USING GDB: start GDB like this ==18694== /path/to/gdb ./Test_choice ==18694== and then give GDB the following command ==18694== target remote | /usr/libexec/valgrind/../../bin/vgdb --pid=18694 ==18694== --pid is optional if only one valgrind process is running ==18694== ==18694== Conditional jump or move depends on uninitialised value(s) ==18694== at 0x40128D: main (Test_choice.c:122) ==18694== ==18694== (action on error) vgdb me ... ... $ ASN1CHOICE=choice.asn libtool --mode=execute gdb ./Test_choice [...] Reading symbols from ./Test_choice... (gdb) target remote | vgdb Remote debugging using | vgdb relaying data between gdb and process 18694 warning: remote target does not support file transfer, attempting to access files from local filesystem. (gdb) c Continuing. Program received signal SIGTRAP, Trace/breakpoint trap. 0x000000000040128d in main (argc=, argv=) at Test_choice.c:122 122 if (strcmp (data, "012345678901234") == 0) (gdb) disassemble Dump of assembler code for function main: [...] 0x0000000000401216 <+326>: mov 0x4(%rsp),%edx 0x000000000040121a <+330>: lea 0x20(%rsp),%rcx 0x000000000040121f <+335>: lea 0x18(%rsp),%rdi 0x0000000000401224 <+340>: lea 0xa0(%rsp),%rsi 0x000000000040122c <+348>: callq 0x401080 0x0000000000401231 <+353>: test %eax,%eax 0x0000000000401233 <+355>: jne 0x4012ca 0x0000000000401239 <+361>: mov 0x18(%rsp),%rdi 0x000000000040123e <+366>: lea 0x4(%rsp),%rcx 0x0000000000401243 <+371>: lea 0xa0(%rsp),%rdx 0x000000000040124b <+379>: mov $0x402030,%esi 0x0000000000401250 <+384>: movl $0x400,0x4(%rsp) 0x0000000000401258 <+392>: callq 0x401040 0x000000000040125d <+397>: test %eax,%eax 0x000000000040125f <+399>: jne 0x4012c3 0x0000000000401261 <+401>: movabs $0x34333231303938,%rdx 0x000000000040126b <+411>: xor 0xa8(%rsp),%rdx 0x0000000000401273 <+419>: mov $0x7c,%esi 0x0000000000401278 <+424>: movabs $0x3736353433323130,%rax 0x0000000000401282 <+434>: xor 0xa0(%rsp),%rax 0x000000000040128a <+442>: or %rax,%rdx => 0x000000000040128d <+445>: jne 0x4012a5 0x000000000040128f <+447>: mov $0x402024,%edi 0x0000000000401294 <+452>: xor %eax,%eax 0x0000000000401296 <+454>: callq 0x401060 0x000000000040129b <+459>: mov $0x1,%edi 0x00000000004012a0 <+464>: callq 0x4010a0 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_193341717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:36:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:36:02 +0000 Subject: [gnutls-devel] libtasn1 | Tmp fix scan build (!19) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/19 Branches: tmp-fix-scan-build to master Author: Tim R?hsen Assignees: Closes #10 ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/19 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:45:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:45:35 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes in apps (!20) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/20 Branches: tmp-fixes to master Author: Nikos Mavrogiannopoulos Assignees: This addresses some unchecked allocation errors and other minor issues in tools. ## Checklist * [x] Code modified for feature ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/20 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:49:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:49:49 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on configure.ac: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193352213 > # along with this program. If not, see . > > AC_PREREQ([2.63]) > -AC_INIT([GNU Libtasn1],[4.14],[help-libtasn1 at gnu.org]) > +AC_INIT([GNU Libtasn1],[4.14.0],[help-libtasn1 at gnu.org]) Makes sense. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193352213 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:49:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:49:51 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: All discussions on Merge Request !16 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/libtasn1/merge_requests/16 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:51:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:51:30 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on .gitignore: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193353337 > *.gcov > gtk-doc.m4 > INSTALL We do not require bison for building in the repo. If we do such a change we should first document it, and secondly ensure that gnutls' oss-fuzz build will not fail due to that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193353337 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:56:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:56:02 +0000 Subject: [gnutls-devel] libtasn1 | WIP: .gitlab-ci.yml: ensure that we don't have libtasn1 installed in windows build (!21) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/21 Branches: tmp-mingw32 to master Author: Nikos Mavrogiannopoulos Assignees: Ensure mingw32-libtasn1 is not present. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/21 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:56:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:56:17 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on .gitignore: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193357277 > *.gcov > gtk-doc.m4 > INSTALL I see, commit removed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193357277 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:56:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:56:16 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: All discussions on Merge Request !16 were resolved by Tim R?hsen https://gitlab.com/gnutls/libtasn1/merge_requests/16 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:56:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 14:56:40 +0000 Subject: [gnutls-devel] libtasn1 | Tmp fix scan build (!19) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I indentified few more issues in !20 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/19#note_193357628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 17:10:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 15:10:47 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes in apps (!20) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on src/asn1Coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/20#note_193365759 > checkSyntaxOnly = 1; > break; > case 'o': /* OUTPUT */ > - outputFileName = (char *) malloc (strlen (optarg) + 1); > - strcpy (outputFileName, optarg); > + assert(optarg != NULL); > + outputFileName = strdup(optarg); > + if (outputFileName == NULL) > + { > + fprintf(stderr, "Memory error\n"); > + exit(1); In general we should use exit (EXIT_...). I believe we need a full code review at some point... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/20#note_193365759 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 17:12:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 15:12:01 +0000 Subject: [gnutls-devel] libtasn1 | Tmp fix scan build (!19) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/libtasn1/merge_requests/19#note_193366308 Ok, I leave it to you bring the commits together (eventually just close my MR). I am out for today. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/19#note_193366308 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 21:00:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 19:00:25 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes in apps (!20) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on src/asn1Coding.c: https://gitlab.com/gnutls/libtasn1/merge_requests/20#note_193439507 > checkSyntaxOnly = 1; > break; > case 'o': /* OUTPUT */ > - outputFileName = (char *) malloc (strlen (optarg) + 1); > - strcpy (outputFileName, optarg); > + assert(optarg != NULL); > + outputFileName = strdup(optarg); > + if (outputFileName == NULL) > + { > + fprintf(stderr, "Memory error\n"); > + exit(1); I'm following what is already there. I have no opinion for 0 vs EXIT_SUCCESS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/20#note_193439507 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 21:00:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 19:00:30 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes in apps (!20) In-Reply-To: References: Message-ID: All discussions on Merge Request !20 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/libtasn1/merge_requests/20 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/20 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 21:03:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 19:03:58 +0000 Subject: [gnutls-devel] libtasn1 | Tmp fix scan build (!19) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Ok, Merged both. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/19#note_193440274 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 21:04:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 19:04:08 +0000 Subject: [gnutls-devel] libtasn1 | Tmp fix scan build (!19) In-Reply-To: References: Message-ID: Merge Request !19 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/19 Branches: tmp-fix-scan-build to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/19 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 21:51:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 19:51:46 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes in apps (!20) In-Reply-To: References: Message-ID: Merge Request !20 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/20 Branches: tmp-fixes to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/20 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 21:52:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Jul 2019 19:52:02 +0000 Subject: [gnutls-devel] libtasn1 | .gitlab-ci.yml: ensure that we don't have libtasn1 installed in windows build (!21) In-Reply-To: References: Message-ID: Merge Request !21 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/21 Branches: tmp-mingw32 to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/21 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 11:53:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 09:53:23 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Tim R?hsen commented: @nmav WDYT ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193684444 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 12:01:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 10:01:56 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Enable valgrind in tests/ when enabled by configure (!22) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/22 Branches: tmp-enable-valgrind-tests to master Author: Tim R?hsen Assignees: The valgrind tests weren't performed so far. This WIP because several tests fail here... ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/22 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 12:10:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 10:10:16 +0000 Subject: [gnutls-devel] libtasn1 | Remove maint.mk from repo (!18) In-Reply-To: References: Message-ID: Tim R?hsen commented: Let's not put auto-generated files into the repo - for that we have the tarball. Let's use ./bootstrap in oss-fuzz as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/18#note_193691366 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 13:03:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 11:03:59 +0000 Subject: [gnutls-devel] GnuTLS | Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Merge Request !1045 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1045 Project:Branches: nmav/gnutls:tmp-tls-fuzzer to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 13:04:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 11:04:05 +0000 Subject: [gnutls-devel] GnuTLS | Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045#note_193712456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 13:07:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 11:07:17 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect error returned in TLS 1.3 when an unsupported signature algorithm is used by a client for Certificate Verify message signatures (#682) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1045 (https://gitlab.com/gnutls/gnutls/merge_requests/1045) Issue #682: https://gitlab.com/gnutls/gnutls/issues/682 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 13:07:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 11:07:19 +0000 Subject: [gnutls-devel] GnuTLS | Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Merge Request !1045 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1045 Project:Branches: nmav/gnutls:tmp-tls-fuzzer to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 13:18:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 11:18:37 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/23 Branches: tmp-fix-endless-loop to master Author: Tim R?hsen Assignees: While hunting down a memleak, I stepped over an endless loop in _asn1_check_identifier(). Added a fix and a regression test. ## Checklist * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 13:20:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 11:20:47 +0000 Subject: [gnutls-devel] libtasn1 | Remove maint.mk from repo (!18) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I have created https://github.com/google/oss-fuzz/pull/2620 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/18#note_193718403 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:02:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:02:02 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: civodul commented: @nmav, like @ueno suggests, you could pass `GUILE=guile2.2` and similar (?) to `configure`. I think it's more of a downstream issue though, and I still don't quite see how it relates to the patch at hand. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_193732709 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:07:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:07:02 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/endless_loop.c: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193734531 > + * You should have received a copy of the GNU General Public License > + * along with this program. If not, see . > + * > + */ > + > +/****************************************************************/ > +/* Description: reproducer for of endless loop */ > +/****************************************************************/ > + > +#include > +#include > +#include > + > +#include > + > +const asn1_static_node endless_asn1_tab[] = { What's the ASN.1 that generates that? Would you like to paste it as comment? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193734531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:10:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:10:34 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/Makefile.am: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193735938 > strict-der Test_choice_ocsp decoding decoding-invalid-x509 \ > ocsp-basic-response octet-string coding-long-oid object-id-decoding \ > spc_pe_image_data decoding-invalid-pkcs7 coding setof \ > - CVE-2018-1000654 parser.sh > + CVE-2018-1000654 parser.sh endless_loop `endless_loop` is kind of generic name and `CVE-2018-1000654` is also of this type. What about a name more tied on how to cause this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193735938 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:11:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:11:58 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on NEWS: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193736489 > GNU Libtasn1 NEWS -*- outline -*- > > -* Noteworthy changes in release 4.14 (unreleased) [stable] > +* Noteworthy changes in release 4.14.0 (unreleased) [stable] shouldn't this be 4.14? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193736489 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:18:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:18:59 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Enable valgrind in tests/ when enabled by configure (!22) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Nice catch! @rockdaboot are you checking the issues found or should I? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/22#note_193739402 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:45:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:45:41 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193750415 > strict-der Test_choice_ocsp decoding decoding-invalid-x509 \ > ocsp-basic-response octet-string coding-long-oid object-id-decoding \ > spc_pe_image_data decoding-invalid-pkcs7 coding setof \ > - CVE-2018-1000654 parser.sh > + CVE-2018-1000654 parser.sh endless_loop Sure, any suggestion ? (If I had a better name I would have used it :-)) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193750415 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:47:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:47:23 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on NEWS: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193751330 > GNU Libtasn1 NEWS -*- outline -*- > > -* Noteworthy changes in release 4.14 (unreleased) [stable] > +* Noteworthy changes in release 4.14.0 (unreleased) [stable] Arg, pushed now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193751330 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:48:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:48:20 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Enable valgrind in tests/ when enabled by configure (!22) In-Reply-To: References: Message-ID: Tim R?hsen commented: If you could chime in, that'll be perfect. I won't have time before next week. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/22#note_193751924 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:58:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:58:27 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Enable valgrind in tests/ when enabled by configure (!22) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: ok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/22#note_193756678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 14:59:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 12:59:21 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193758172 > strict-der Test_choice_ocsp decoding decoding-invalid-x509 \ > ocsp-basic-response octet-string coding-long-oid object-id-decoding \ > spc_pe_image_data decoding-invalid-pkcs7 coding setof \ > - CVE-2018-1000654 parser.sh > + CVE-2018-1000654 parser.sh endless_loop I'd use something that is based on the syntax that causes. But I don't know what is it :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193758172 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 15:08:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 13:08:54 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193765890 > strict-der Test_choice_ocsp decoding decoding-invalid-x509 \ > ocsp-basic-response octet-string coding-long-oid object-id-decoding \ > spc_pe_image_data decoding-invalid-pkcs7 coding setof \ > - CVE-2018-1000654 parser.sh > + CVE-2018-1000654 parser.sh endless_loop Basically the endless loop happens on a node with up,down,right(,left) fields being NULL. That is IMO a tree with just single node. Should we call it 'single_node' then ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193765890 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 15:12:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 13:12:26 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193769414 > strict-der Test_choice_ocsp decoding decoding-invalid-x509 \ > ocsp-basic-response octet-string coding-long-oid object-id-decoding \ > spc_pe_image_data decoding-invalid-pkcs7 coding setof \ > - CVE-2018-1000654 parser.sh > + CVE-2018-1000654 parser.sh endless_loop makes sense -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193769414 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 16:43:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 14:43:01 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Fixes and cleanups in the yacc parser (!24) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/24 Branches: tmp-parsing-fixes to master Author: Nikos Mavrogiannopoulos Assignees: This introduces various memory leak fixes and cleanups in the parser. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/24 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 16:43:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 14:43:31 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/endless_loop.c: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193810500 > + * You should have received a copy of the GNU General Public License > + * along with this program. If not, see . > + * > + */ > + > +/****************************************************************/ > +/* Description: reproducer for of endless loop */ > +/****************************************************************/ > + > +#include > +#include > +#include > + > +#include > + > +const asn1_static_node endless_asn1_tab[] = { Other than this missing text LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193810500 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 19:07:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 17:07:58 +0000 Subject: [gnutls-devel] GnuTLS | Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/1045#note_193881928 my point is that running the script _without_ valid -s makes the result of the test basically usless -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045#note_193881928 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 21:05:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 19:05:57 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Merged manually, thanks. I think I will make a release with the current code, because any other fixes require substantial changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16#note_193913413 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 21:06:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 19:06:00 +0000 Subject: [gnutls-devel] libtasn1 | Add version number defines for libtasn1.h (!16) In-Reply-To: References: Message-ID: Merge Request !16 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/16 Branches: tmp-include-version to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/16 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 21:09:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 19:09:04 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Merge Request !23 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/23 Branches: tmp-fix-endless-loop to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 21:09:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 19:09:08 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: All discussions on Merge Request !23 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/libtasn1/merge_requests/23 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 21:09:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 19:09:04 +0000 Subject: [gnutls-devel] libtasn1 | Fix endless loop in _asn1_check_identifier() (!23) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Merged manually. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/23#note_193913939 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 21:09:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 19:09:33 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Enable valgrind in tests/ when enabled by configure (!22) In-Reply-To: References: Message-ID: Merge Request !22 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/22 Branches: tmp-enable-valgrind-tests to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/22 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 21:09:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Jul 2019 19:09:33 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Enable valgrind in tests/ when enabled by configure (!22) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Moved it to !24 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/22#note_193914022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 20 10:31:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Jul 2019 08:31:53 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: You can pass it by editing .gitlab-ci.yml on the failing tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_193989743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 20 10:40:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Jul 2019 08:40:31 +0000 Subject: [gnutls-devel] GnuTLS | Fixed alerts returned on TLS1.3 corner cases (!1045) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: These scripts are added to reproduce the issue reported above, and in that they are useful. You are referring to a different test which these scripts can do but this is not addressed by this MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1045#note_193990352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 20 16:13:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Jul 2019 14:13:55 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: civodul pushed new commits to merge request !1020 https://gitlab.com/gnutls/gnutls/merge_requests/1020 * ff316e76 - .gitlab-ci.yml: doc-dist.Fedora: Pass "GUILE", "GUILD", and "guile_snarf" to 'configure'. * 8ddbf8d8 - .gitlab-ci.yml: minimal.Fedora.x86_64: Pass '--disable-guile' the 2nd time as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 01:31:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Jul 2019 23:31:31 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * bc8f21b3...b539b984 - 58 commits from branch `master` * 9b203a91 - Support for Generalname registeredID from RFC 5280 in subject alt name * 79a3e4c2 - update auto-generated files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 01:41:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Jul 2019 23:41:04 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: Done. Please check now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194048852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 03:05:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 01:05:56 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: Several OCSP tests have failed, but I see no relationship to my work. Ideas??? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194051417 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 06:45:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 04:45:50 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: No idea either, but did you try a rebase on current master? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194057094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 06:56:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 04:56:55 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: Actually yes. I fast forwarded the master and then rebased in my branch the changes and patch on top of it. Most likely these are the 58 commits before my additions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194057399 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 07:26:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 05:26:46 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: It is because of this change. It seems that the OCSP part of the code depends on `x509_read_value` returning sizes with null termination included :( Not sure whether these values are also returned to callers, but if yes, well need a different solution. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194058355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 09:03:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 07:03:25 +0000 Subject: [gnutls-devel] GnuTLS | OCSP: in several cases OID values contain null terminated byte (#805) References: Message-ID: Nikos Mavrogiannopoulos created an issue: The APIs in `lib/x509/ocsp*.c` rely on several cases on the fact that `_gnutls_x509_read_value` will incorrectly include the null terminated byte into the size for object identifier strings. This is sometimes reflected to exported APIs and thus a fix in the handling of the original function cannot happen without changing assumptions by user programs. The functions that are affected are: - `gnutls_ocsp_req_get_extension()` - `gnutls_ocsp_resp_get_response()` - `gnutls_ocsp_resp_get_extension()` I recommend to fix that deficiency in `_gnutls_x509_read_value` (see attached patch) in a minor release update (3.7.0), and document the change on the affected functions. [patch.txt](/uploads/d48d06f9c56595640322e16ec9a7687b/patch.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/805 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 09:12:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 07:12:23 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: It seems that part of the API relies on this behavior I've opened: https://gitlab.com/gnutls/gnutls/issues/805 So let's work around it and fix it for registered ID only. I attach a patch which reverts part of my addition, and works-around the presence of the null byte.[patch.txt](/uploads/2c471857a085f6b77074eec63e5a9588/patch.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194063126 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 09:12:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 07:12:53 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: With this the OCSP part will remain unaffected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194063158 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 09:47:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 07:47:33 +0000 Subject: [gnutls-devel] GnuTLS | nettle/gost: support building with GOST-enabled Nettle (!1044) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: The changes make sense to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1044#note_194065046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 09:47:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 07:47:34 +0000 Subject: [gnutls-devel] GnuTLS | nettle/gost: support building with GOST-enabled Nettle (!1044) In-Reply-To: References: Message-ID: Merge Request !1044 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1044 Project:Branches: GostCrypt/gnutls:fix-gost to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1044 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 10:08:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 08:08:59 +0000 Subject: [gnutls-devel] GnuTLS | handle OID 1.3.6.1.4.1.11129.2.4.2 (x.509 extension for certificate transparency SCTs) (#232) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 10:11:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 08:11:03 +0000 Subject: [gnutls-devel] GnuTLS | Certtool doesn't add CDP from the template (#765) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.10 (Jul 26, 2019?Sep 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/24 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/765 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 10:11:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 08:11:51 +0000 Subject: [gnutls-devel] GnuTLS | fuzzying: enable raw public keys (#687) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.10 (Jul 26, 2019?Sep 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/24 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 10:12:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 08:12:34 +0000 Subject: [gnutls-devel] GnuTLS | fuzzying: enable raw public keys (#687) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Moved to the next release as 3.6.9 is going to be released the next few days. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/687#note_194066291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 10:17:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 08:17:12 +0000 Subject: [gnutls-devel] GnuTLS | Add const to function arguments in lib/x509 (!1007) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: There is a suppression mechanism in `devel/libgnutls.abignore`. Its syntax is documented at https://sourceware.org/libabigail/manual/libabigail-concepts.html#suppr-spec-label -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1007#note_194066535 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 10:21:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 08:21:53 +0000 Subject: [gnutls-devel] GnuTLS | Add const to function arguments in lib/x509 (!1007) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Most likely something like: ``` [suppress_type] type_kind = typedef name = gnutls_ocsp_resp_const_t ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1007#note_194066849 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 10:24:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 08:24:10 +0000 Subject: [gnutls-devel] GnuTLS | Add const to function arguments in lib/x509 (!1007) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Alternatively we can regenerate the ABI dump files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1007#note_194066982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 13:25:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 11:25:39 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Fixes and cleanups in the yacc parser (!24) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on tests/Makefile.am: https://gitlab.com/gnutls/libtasn1/merge_requests/24#note_194079336 > > CVE_2018_1000654_SOURCES = CVE-2018-1000654-1_asn1_tab.h CVE-2018-1000654-2_asn1_tab.h CVE-2018-1000654.c > > +LOG_PARSER = $(VALGRIND) Isn't this `LOG_COMPILER` !? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/24#note_194079336 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 15:43:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 13:43:34 +0000 Subject: [gnutls-devel] libtasn1 | Add manywarnings module (!25) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/25 Branches: tmp-gcc-manywarnings to master Author: Tim R?hsen Assignees: This wasn't implemented correctly. Now we just have to reduce / review the warnings. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/25 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 17:33:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 15:33:41 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: This patch cannot be applied. Against which version must in be applied? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194100829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 17:52:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 15:52:25 +0000 Subject: [gnutls-devel] libtasn1 | Fix uint overflow using explicit casts (!26) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/26 Branches: tmp-fix-uint-overflow to master Author: Tim R?hsen Assignees: Closes #11 ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/26 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 17:55:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 15:55:11 +0000 Subject: [gnutls-devel] libtasn1 | Add manywarnings module (!25) In-Reply-To: References: Message-ID: Merge Request !25 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/25 Branches: tmp-gcc-manywarnings to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/25 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 18:35:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 16:35:55 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I think it replaces the first patch completely -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194105350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 18:57:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 16:57:19 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: I tried it a top of the other patch and without it, but it does not run cleanly. I get: error: patch failed: NEWS:10 error: NEWS: patch does not apply error: patch failed: lib/includes/gnutls/gnutls.h.in:2579 error: lib/includes/gnutls/gnutls.h.in: patch does not apply error: patch failed: lib/x509/common.c:537 error: lib/x509/common.c: patch does not apply error: patch failed: lib/x509/output.c:144 error: lib/x509/output.c: patch does not apply error: patch failed: tests/Makefile.am:50 error: tests/Makefile.am: patch does not apply error: tests/certs-interesting/cert10.der: already exists in working directory error: cannot apply binary patch to 'tests/certs-interesting/cert5.der' without full index line error: tests/certs-interesting/cert5.der: patch does not apply Do I have to merge it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194107579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 20:50:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 18:50:37 +0000 Subject: [gnutls-devel] libtasn1 | Fix uint overflow using explicit casts (!26) In-Reply-To: References: Message-ID: Merge Request !26 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/26 Branches: tmp-fix-uint-overflow to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/26 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 21:03:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 19:03:44 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: It seems it applied to a specific tip. I've rebased it on current master. Try this on current master: [0001-Support-for-Generalname-registeredID-from-RFC-5280-i.patch](/uploads/f86f2f0bdc82642c4d97461797ae7de5/0001-Support-for-Generalname-registeredID-from-RFC-5280-i.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194116946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 21:07:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 19:07:24 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Fixes and cleanups in the yacc parser (!24) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/Makefile.am: https://gitlab.com/gnutls/libtasn1/merge_requests/24#note_194117241 > > CVE_2018_1000654_SOURCES = CVE-2018-1000654-1_asn1_tab.h CVE-2018-1000654-2_asn1_tab.h CVE-2018-1000654.c > > +LOG_PARSER = $(VALGRIND) Correct. Updated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/24#note_194117241 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 21:07:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 19:07:25 +0000 Subject: [gnutls-devel] libtasn1 | WIP: Fixes and cleanups in the yacc parser (!24) In-Reply-To: References: Message-ID: All discussions on Merge Request !24 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/libtasn1/merge_requests/24 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/24 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 21:11:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 19:11:48 +0000 Subject: [gnutls-devel] libtasn1 | Fix uint overflow using explicit casts (!26) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Why not the other way round and upgrade `name_hash` and `nhash` to `size_t`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/26#note_194117602 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 21:26:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 19:26:22 +0000 Subject: [gnutls-devel] libtasn1 | Fix uint overflow using explicit casts (!26) In-Reply-To: References: Message-ID: Tim R?hsen commented: That adds memory footprint and I can't foresee the side effects. I would rather directly include the hash function from gnulib (or take another one) and amend it it to return uint32_t (or unsigned int). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/26#note_194118514 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 21:34:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 19:34:30 +0000 Subject: [gnutls-devel] libtasn1 | Releases (#12) References: Message-ID: Nikos Mavrogiannopoulos created an issue: ## Description of problem: It seems that ftp.gnu.org does not accept my pgp key, and thus it is no longer possible to release libtasn1 at that site. I've already contacted the administrators of gnu.org, but if the issue is permanent we may need to switch to a different way of providing signed sources. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/12 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 21:38:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 19:38:28 +0000 Subject: [gnutls-devel] libtasn1 | Fix uint overflow using explicit casts (!26) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I believe the memory savings was the reason for the use of uint. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/26#note_194119462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 21:40:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 19:40:28 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme commented: Thanks. This worked with a 3 way merge. Testing this now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194119578 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 22:18:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 20:18:46 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Karsten Ohme pushed new commits to merge request !1030 https://gitlab.com/gnutls/gnutls/merge_requests/1030 * b619e595...db6b1e23 - 2 commits from branch `master` * 2ddaf313 - Support for Generalname registeredID from RFC 5280 in subject alt name * 632946a2 - update auto-generated files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 00:23:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 21 Jul 2019 22:23:57 +0000 Subject: [gnutls-devel] GnuTLS | Add support for Guile 3.0 (!1020) In-Reply-To: References: Message-ID: civodul commented: Hmm setting `GUILE` & co. at configure time didn't have the intended effect. Am I missing something, @ueno? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_194130679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 09:51:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 07:51:12 +0000 Subject: [gnutls-devel] libtasn1 | Fixes and cleanups in the yacc parser (!24) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I think this is complete. If @rockdaboot that's ok with you, let's merge it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/24#note_194221590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:02:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:02:53 +0000 Subject: [gnutls-devel] libtasn1 | Fixes and cleanups in the yacc parser (!24) In-Reply-To: References: Message-ID: Tim R?hsen commented: LGTM, merging... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/24#note_194227133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:02:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:02:58 +0000 Subject: [gnutls-devel] libtasn1 | Fixes and cleanups in the yacc parser (!24) In-Reply-To: References: Message-ID: Merge Request !24 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/24 Branches: tmp-parsing-fixes to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/24 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:09:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:09:14 +0000 Subject: [gnutls-devel] libtasn1 | Version numbers for libtasn1.h (#7) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #7: https://gitlab.com/gnutls/libtasn1/issues/7 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/7 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:09:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:09:14 +0000 Subject: [gnutls-devel] libtasn1 | Version numbers for libtasn1.h (#7) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: This was addressed by 4.14. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/7#note_194230171 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:09:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:09:55 +0000 Subject: [gnutls-devel] libtasn1 | Releases (#12) In-Reply-To: References: Message-ID: Tim R?hsen commented: If it's a technical issue, they'll fix it. If it is something 'political', let me know (but i'm pretty sure, it is not). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/12#note_194230505 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:34:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:34:49 +0000 Subject: [gnutls-devel] libtasn1 | Hash function triggers UBSAN (#13) References: Message-ID: Tim R?hsen created an issue: Assignee: Tim R?hsen Detected while writing the fuzzer integration: ``` hash-pjw-bare.c:39:14: runtime error: unsigned integer overflow: 255 + 18446744073709551361 cannot be represented in type 'unsigned long' #0 0x5497d3 in hash_pjw_bare /home/oms/src/libtasn1/lib/gl/hash-pjw-bare.c:39:14 #1 0x53e752 in asn1_find_node /home/oms/src/libtasn1/lib/parser_aux.c #2 0x54728a in _asn1_check_identifier /home/oms/src/libtasn1/lib/parser_aux.c:987:9 #3 0x4fa55a in asn1_array2tree /home/oms/src/libtasn1/lib/structure.c:245:16 #4 0x4f84d6 in LLVMFuzzerTestOneInput /home/oms/src/libtasn1/fuzz/libtasn1_array2tree_fuzzer.c:79:3 ``` This is expected behavior of hash functions. But it needs to be suppressed to not disguise other findings. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:55:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:55:40 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you. Merged manually. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030#note_194252296 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:55:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:55:43 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Merge Request !1030 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1030 Project:Branches: kaoh/gnutls:registeredidsupport to gnutls/gnutls:master Author: Karsten Ohme Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:55:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 08:55:52 +0000 Subject: [gnutls-devel] GnuTLS | Support for registeredID in subject alt name (!1030) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.9 (May 29, 2019?Jul 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/22 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 11:45:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 09:45:47 +0000 Subject: [gnutls-devel] libtasn1 | Use amended version of gnulib's hash_pjw_bare() (!27) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/27 Branches: tmp-amended-hash to master Author: Tim R?hsen Assignees: * Amended hash_pjw_bare() to return 'unsigned int' instead of 'size_t'. * Renamed the hash function to _asn1_hash(). * Added a suppression for clang's UBSAN, needed for fuzzing. Closes #13 ## Checklist * [*] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 13:02:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 11:02:56 +0000 Subject: [gnutls-devel] libtasn1 | Use amended version of gnulib's hash_pjw_bare() (!27) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/27#note_194311627 > > char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */ > > +/* Return a hash of the N bytes of X using the method described by > + Bruno Haible in https://www.haible.de/bruno/hashfunc.html. > + Note that while many hash functions reduce their result via modulo > + to a 0..table_size-1 range, this function does not do that. > + > + This implementation has been changed from size_t -> unsigned int. */ > + > +#ifdef __clang__ > +__attribute__((no_sanitize("integer"))) > +#endif > +_GL_ATTRIBUTE_PURE is that something that gnulib provides unconditionally? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/27#note_194311627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 14:02:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 12:02:41 +0000 Subject: [gnutls-devel] libtasn1 | Use amended version of gnulib's hash_pjw_bare() (!27) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/parser_aux.c: https://gitlab.com/gnutls/libtasn1/merge_requests/27#note_194335290 > > char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */ > > +/* Return a hash of the N bytes of X using the method described by > + Bruno Haible in https://www.haible.de/bruno/hashfunc.html. > + Note that while many hash functions reduce their result via modulo > + to a 0..table_size-1 range, this function does not do that. > + > + This implementation has been changed from size_t -> unsigned int. */ > + > +#ifdef __clang__ > +__attribute__((no_sanitize("integer"))) > +#endif > +_GL_ATTRIBUTE_PURE Good catch/question. It is included by gl_INIT/gl_COMMON used in configure.ac and appears in config.h. There are several other attribute definitions in config.h that we can make use of. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/27#note_194335290 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 14:21:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 12:21:30 +0000 Subject: [gnutls-devel] GnuTLS | nettle/gost: support building with GOST-enabled Nettle (!1044) In-Reply-To: References: Message-ID: Merge Request !1044 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1044 Project:Branches: GostCrypt/gnutls:fix-gost to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1044 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 15:11:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 13:11:59 +0000 Subject: [gnutls-devel] libtasn1 | Use amended version of gnulib's hash_pjw_bare() (!27) In-Reply-To: References: Message-ID: Merge Request !27 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/27 Branches: tmp-amended-hash to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 15:15:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 13:15:07 +0000 Subject: [gnutls-devel] libtasn1 | Use amended version of gnulib's hash_pjw_bare() (!27) In-Reply-To: References: Message-ID: All discussions on Merge Request !27 were resolved by Tim R?hsen https://gitlab.com/gnutls/libtasn1/merge_requests/27 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 15:15:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 13:15:24 +0000 Subject: [gnutls-devel] libtasn1 | Hash function triggers UBSAN (#13) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen via merge request !27 (https://gitlab.com/gnutls/libtasn1/merge_requests/27) Issue #13: https://gitlab.com/gnutls/libtasn1/issues/13 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 15:15:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 13:15:24 +0000 Subject: [gnutls-devel] libtasn1 | Use amended version of gnulib's hash_pjw_bare() (!27) In-Reply-To: References: Message-ID: Merge Request !27 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/27 Branches: tmp-amended-hash to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 15:48:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 13:48:39 +0000 Subject: [gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14) References: Message-ID: Tim R?hsen created an issue: There is another memory leak, a reproducer has been added in branch `tmp-memleak-a` (use `./configure --enable-valgrind-tests`: ``` ==25685== 152 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==25685== at 0x4837B65: calloc (vg_replace_malloc.c:762) ==25685== by 0x4851C0D: _asn1_add_static_node (parser_aux.c:71) ==25685== by 0x4853AAC: asn1_array2tree (structure.c:200) ==25685== by 0x10923B: main (reproducers.c:76) ``` The `asn1_static_node` is ``` const asn1_static_node tab[] = { { "a", CONST_DOWN, "" }, { "b", 0, "" }, { "c", 0, "" }, { NULL, 0, NULL } }; ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 21:39:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 19:39:28 +0000 Subject: [gnutls-devel] libtasn1 | Releases (#12) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thanks. If I manage to address it, would you like me to add you to the uploaders list? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/12#note_194520530 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 22:30:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 20:30:31 +0000 Subject: [gnutls-devel] libtasn1 | Releases (#12) In-Reply-To: References: Message-ID: Tim R?hsen commented: Sure, it's handy in case you aren't available / too busy for a release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/12#note_194535036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 23:01:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 21:01:01 +0000 Subject: [gnutls-devel] libtasn1 | Add manywarnings module (!25) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: This enabled way too many warnings to be useful. I get something like a page of warnings now -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/25#note_194542064 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 23:04:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 22 Jul 2019 21:04:01 +0000 Subject: [gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: What is the ASN.1 syntax that generates this tree? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14#note_194544134 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 09:43:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 07:43:06 +0000 Subject: [gnutls-devel] libtasn1 | Fix warnings and add a Werror build (!28) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/28 Branches: tmp-warnings to master Author: Nikos Mavrogiannopoulos Assignees: This makes the build warning free. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 10:14:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 08:14:38 +0000 Subject: [gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14) In-Reply-To: References: Message-ID: Tim R?hsen commented: It's from fuzzing, so I can hardly tell (I wrote a tool to convert fuzzer data into the above array. In this case I hand-tuned the fields to have the smallest possible reproducer). Since `asn1_array2tree()` is a public API, it should gracefully deal with any kind of input. The days of "please only serve proper input to my API" are over. The smallest glitches are meanwhile used for DOS attacks or (remote) code execution, directly or indirectly. I couldn't find any obvious bugs in `asn1_array2tree()` yesterday (hey, it just build a tree), so maybe it's in `asn1_delete_structure()` !? Will have a look, but any help appreciated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14#note_194671048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 10:22:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 08:22:44 +0000 Subject: [gnutls-devel] libtasn1 | Fix warnings and add a Werror build (!28) In-Reply-To: References: Message-ID: Tim R?hsen commented: Some files in `lib/` don't include config.h. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/28#note_194674406 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 10:30:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 08:30:42 +0000 Subject: [gnutls-devel] libtasn1 | Add manywarnings module (!25) In-Reply-To: References: Message-ID: Tim R?hsen commented: That's what `manywarnings` is for :-) I consider that good - of course it needs attention, either case-by-case (preferred) or by switching off certain warnings in configure.ac. I see you are already working on it (else I had addressed that in the next days). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/25#note_194677971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 11:09:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 09:09:04 +0000 Subject: [gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I think there are various levels of fuzzying for this project. 1. Input to be decoded by DER and BER decoders - `asn1_der_decoding2` 2. Input to simple BER and DER decoders - `asn1_decode_simple_d/ber`, `asn1_length_d/ber` 3. Input to the ASN.1 parser `asn1_parser2tree` 4. Intermediate input from `asn1_parser2array` to `asn1_array2tree` To my understanding from what you write above what you are fuzzying is 4. That is, you are trying to make the `asn1_array2tree` strong even if the intermediate input from `asn1_parser2array` is maliciously modified right? I wouldn't say these are not important, but for a first phase, I'll focus on fixing bugs from 1-2 because these are the most common interfaces for this library. Then I'd move to (3), and possibly to (4) as these bugs do not affect any applications I'm aware of. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14#note_194702091 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 11:12:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 09:12:47 +0000 Subject: [gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Having a modification safe intermediate output of `asn1_parser2array` is a challenging project by itself, I'd not just focus on it, before we understand why we are dealing with it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14#note_194703883 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 11:17:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 09:17:22 +0000 Subject: [gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14) In-Reply-To: References: Message-ID: Tim R?hsen commented: I understand your point and will continue with step 1 as soon as I finished this memleak. It's obvious that something with the basic code (tree building and destroying) here is wrong. The fuzzer didn't take more than 1s to detect it. I'll try to find some time to debug this today and then go on. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14#note_194705944 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 11:49:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 09:49:15 +0000 Subject: [gnutls-devel] libtasn1 | Fix warnings and add a Werror build (!28) In-Reply-To: References: Message-ID: Merge Request !28 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/28 Branches: tmp-warnings to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 12:13:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 10:13:00 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/29 Branches: tmp-memleak-a to master Author: Tim R?hsen Assignees: Closes #14 ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 12:19:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 10:19:39 +0000 Subject: [gnutls-devel] libtasn1 | warning: 'LDFLAGS' is a user variable, you should not override it (#15) References: Message-ID: Tim R?hsen created an issue: autoreconf (or bootstrap) prints ``` src/Makefile.am:24: warning: 'LDFLAGS' is a user variable, you should not override it; src/Makefile.am:24: use 'AM_LDFLAGS' instead ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/15 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 13:53:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 11:53:28 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Merge Request !29 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/29 Branches: tmp-memleak-a to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 13:53:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 11:53:28 +0000 Subject: [gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen via merge request !29 (https://gitlab.com/gnutls/libtasn1/merge_requests/29) Issue #14: https://gitlab.com/gnutls/libtasn1/issues/14 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 14:36:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 12:36:26 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194835704 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { indenting is incorrect here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194835704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 14:36:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 12:36:54 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194835920 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { (the gnu indenting style is too hard to use for me too) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194835920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 14:43:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 12:43:08 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194838997 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { That will happen more often, I'm sure. Is there a grep / sed rule to check that ? We could make it part of syntax-check then (custom syntax-check rule). In the long term, moving to linux-kind style with tab indentation (and space adjustment) would be nice. Like we do at GnuTLS, Wget2 and other projects. Basically it's only us two that have to agree, right ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194838997 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 14:43:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 12:43:32 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194839181 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { > + _asn1_delete_node_from_list (e_list, p_last->down); > + _asn1_remove_node (p_last->down, 0); > + } > _asn1_set_down (p_last, p); > - else if (move == RIGHT) > + } else if (move == RIGHT) { > + if (p_last && p_last->right) { > + _asn1_delete_node_from_list (e_list, p_last->right); > + _asn1_remove_node (p_last->down, 0); I wonder whether we can use here the [container_of](https://ccodearchive.net/info/container_of.html) to simplify and optimize this removal. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194839181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 14:44:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 12:44:12 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194839495 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { I guess so. I prefer the linux style as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194839495 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 14:46:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 12:46:35 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194840639 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { I am not aware of any tool to check for a particular indenting style. If we use indent on this project to move it to `-linux` we could check compliance by using it to check whether there are no changes after running it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194840639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 15:29:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 13:29:19 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194863727 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { > + _asn1_delete_node_from_list (e_list, p_last->down); > + _asn1_remove_node (p_last->down, 0); > + } > _asn1_set_down (p_last, p); > - else if (move == RIGHT) > + } else if (move == RIGHT) { > + if (p_last && p_last->right) { > + _asn1_delete_node_from_list (e_list, p_last->right); > + _asn1_remove_node (p_last->down, 0); Looks like `container_of` needs global memory to store the information. Which then includes mutexes / pthread library and so on... Interestingly, `asn1_array2tree()` has something similar for the error case. All allocated nodes are stored in a list (`list_type *e_list`). On error, a simple `_asn1_delete_list_and_nodes()` is called to free all memory (instead of traversing the tree via `asn1_delete_structure()`). We could carry that list (or an array / vector) around and use that in `asn1_delete_structure()`. It needs a new API but very similar to `asn1_array2tree()`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194863727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 15:31:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 13:31:28 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194864834 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { > + _asn1_delete_node_from_list (e_list, p_last->down); > + _asn1_remove_node (p_last->down, 0); > + } > _asn1_set_down (p_last, p); > - else if (move == RIGHT) > + } else if (move == RIGHT) { > + if (p_last && p_last->right) { > + _asn1_delete_node_from_list (e_list, p_last->right); > + _asn1_remove_node (p_last->down, 0); Bu maybe we should first get all the other things straight. E.g. fuzzing will provide us with many test cases for regression testing once we make up or rewrite the code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194864834 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 16:13:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 14:13:19 +0000 Subject: [gnutls-devel] libtasn1 | Tmp avoid eol brackets (!30) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/30 Branches: tmp-avoid-eol-brackets to master Author: Tim R?hsen Assignees: Check for trailing brackets (GNU code style) and fail if found. ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 16:13:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 14:13:42 +0000 Subject: [gnutls-devel] libtasn1 | Fix memleaks in asn1_array2tree() (!29) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194886189 > if (*definitions == NULL) > *definitions = p; > > - if (move == DOWN) > + if (move == DOWN) { > + if (p_last && p_last->down) { See !30 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/29#note_194886189 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 19:40:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 17:40:28 +0000 Subject: [gnutls-devel] libtasn1 | warning: 'LDFLAGS' is a user variable, you should not override it (#15) In-Reply-To: References: Message-ID: Andreas Metzler commented: Hello, thanks for finding this, I had just started wondering why lintian was suddenly warning about I: libtasn1-bin: hardening-no-bindnow usr/bin/asn1Coding I: libtasn1-bin: hardening-no-bindnow usr/bin/asn1Decoding I: libtasn1-bin: hardening-no-bindnow usr/bin/asn1Parser although I had -Wl,-z,now in LD_FLAGS. As suggested by automake s/LDFLAGS/AM_LDFLAGS/ does the trick. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/15#note_194965928 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 19:59:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 17:59:44 +0000 Subject: [gnutls-devel] libtasn1 | Tmp avoid eol brackets (!30) In-Reply-To: References: Message-ID: Merge Request !30 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/30 Branches: tmp-avoid-eol-brackets to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 20:01:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 18:01:09 +0000 Subject: [gnutls-devel] libtasn1 | Tmp avoid eol brackets (!30) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: LGTM. Should we move to the same review process as in gnutls for MRs? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/30#note_194971592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 20:13:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 18:13:41 +0000 Subject: [gnutls-devel] libtasn1 | Releases (#12) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Addressed. The issue was my previously expired subkey. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/12#note_194974540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 20:13:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 18:13:42 +0000 Subject: [gnutls-devel] libtasn1 | Releases (#12) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #12: https://gitlab.com/gnutls/libtasn1/issues/12 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/12 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 20:39:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 18:39:14 +0000 Subject: [gnutls-devel] libtasn1 | Tmp avoid eol brackets (!30) In-Reply-To: References: Message-ID: Tim R?hsen commented: > Should we move to the same review process as in gnutls for MRs? Maybe not yet. There is too much to do and the review process sometimes really takes long. I consider our work currently as 'development cycle' where small glitches etc can be fixed with following commit. At least it doesn't hurt anyone. Eventually we ask each other for a review (e.g. in the comment). Or roughly watch the other ones changes/MRs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/30#note_194981077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 20:42:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 18:42:16 +0000 Subject: [gnutls-devel] libtasn1 | warning: 'LDFLAGS' is a user variable, you should not override it (#15) In-Reply-To: References: Message-ID: Reassigned Issue 15 https://gitlab.com/gnutls/libtasn1/issues/15 Assignee changed to Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/15 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 20:45:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 18:45:02 +0000 Subject: [gnutls-devel] libtasn1 | Fix LDFLAGS to AM_LDFLAGS in src/Makefile.am (!31) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/31 Branches: tmp-am-ldflags to master Author: Tim R?hsen Assignees: Closes #15 ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/31 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 20:46:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 23 Jul 2019 18:46:24 +0000 Subject: [gnutls-devel] libtasn1 | Tmp avoid eol brackets (!30) In-Reply-To: References: Message-ID: Merge Request !30 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/30 Branches: tmp-avoid-eol-brackets to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 10:18:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 08:18:25 +0000 Subject: [gnutls-devel] libtasn1 | Fix LDFLAGS to AM_LDFLAGS in src/Makefile.am (!31) In-Reply-To: References: Message-ID: Merge Request !31 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/31 Branches: tmp-am-ldflags to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/31 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 10:18:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 08:18:25 +0000 Subject: [gnutls-devel] libtasn1 | warning: 'LDFLAGS' is a user variable, you should not override it (#15) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen via merge request !31 (https://gitlab.com/gnutls/libtasn1/merge_requests/31) Issue #15: https://gitlab.com/gnutls/libtasn1/issues/15 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/15 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 11:13:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 09:13:15 +0000 Subject: [gnutls-devel] libtasn1 | Send release announcements to info-gnu@gnu.org (#18) References: Message-ID: Tim R?hsen created an issue: There is no release announcement since 3.0 - we should make one for 4.14 and all following releases. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/18 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 12:11:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 10:11:13 +0000 Subject: [gnutls-devel] libtasn1 | Simplified hash function in lib/parser_aux.c (!32) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/32 Branches: tmp-simplify-hash to master Author: Tim R?hsen Assignees: Small cleanup to reduce code. ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/32 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 12:58:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 10:58:35 +0000 Subject: [gnutls-devel] libtasn1 | Simplified hash function in lib/parser_aux.c (!32) In-Reply-To: References: Message-ID: Merge Request !32 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/32 Branches: tmp-simplify-hash to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/32 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 15:43:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 13:43:31 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y functions can't be used twice in a process due to global variables (also there is no thread-safety) (#19) References: Message-ID: Tim R?hsen created an issue: - there is no global init (or deinit) function for libtasn1 to reset global variables after use - global variables are accessed without locking -> no thread-safety - calling asn1_parser2tree()/asn1_delete_structure() can only be done once due to global variable state - that means fuzzing with libFuzzer is currently now possible Just for fuzzing, there is a simple solution: adding a asn1_global_init() function to set all global variables to default values. There yacc options like `%option reentrant`. But I assume that we need a session struct and alloc/free functions to achieve parallel parser operations. I'm not deep enough into yacc/flex to quickly make this up. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/19 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 15:54:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 13:54:35 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y functions can't be used twice in a process due to global variables (also there is no thread-safety) (#19) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I think that's fine as a limitation and we only need to document it. I do the global init and a deinit functions should be avoided at any code. Nevertheless, we have no need for this as long as we document the limitation and we can make available some internal function for the fuzzer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/19#note_195327322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 16:01:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 14:01:03 +0000 Subject: [gnutls-devel] libtasn1 | Tmp fix memleak+ubsan (!33) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/33 Branches: tmp-fix-memleak+ubsan to master Author: Tim R?hsen Assignees: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/33 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 16:02:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 14:02:43 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y functions can't be used twice in a process due to global variables (also there is no thread-safety) (#19) In-Reply-To: References: Message-ID: Tim R?hsen commented: I make up a init function surrounded by `#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/19#note_195331666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 16:09:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 14:09:06 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y functions can't be used twice in a process due to global variables (also there is no thread-safety) (#19) In-Reply-To: References: Message-ID: Tim R?hsen commented: Correction: I just add variable init code to `asn1_parser2tree()`, surrounded by `#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/19#note_195334989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 18:17:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 16:17:48 +0000 Subject: [gnutls-devel] libtasn1 | Tmp fix memleak+ubsan (!33) In-Reply-To: References: Message-ID: Merge Request !33 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/33 Branches: tmp-fix-memleak+ubsan to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/33 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 18:23:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Jul 2019 16:23:13 +0000 Subject: [gnutls-devel] GnuTLS | Minor inaccuracy in gnutls_record_send() documentation? (#806) References: Message-ID: Michael Catanzaro created an issue: The documentation of gnutls_record_send() says: ``` If GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN is returned, you must call this function again, with the exact same parameters; alternatively you could provide a NULL pointer for data, and 0 for size. cf. gnutls_record_get_direction(). ``` But I think this is no longer accurate since gnutls_record_discard_queued() was added. Now you have three choices: call with exact same parameters, call with NULL and 0, or call gnutls_record_discard_queued() and then call gnutls_record_send() with whatever you want. Correct? Proposed revised text: ``` If GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN is returned, you must call this function again with the exact same parameters, or provide a NULL pointer for data and 0 for size, in order to write the same data as before. If you wish to discard the previous data instead of retrying, you must call gnutls_record_discard_queued() before calling gnutls_record_send() with different parameters. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/806 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 25 15:49:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Jul 2019 13:49:36 +0000 Subject: [gnutls-devel] GnuTLS | POSIX shell detection in libopts can't be preset (#807) References: Message-ID: Ross Burton created an issue: libopts.m4 looks for a POSIX shell but iterates through a hardcoded list of shells, there's no way to override this. In a cross-compilation environment the build host shell may not be the same as the target, so there needs to be a way to directly specify the shell to use. gnulib has something that looks useful: https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob_plain;f=m4/posix-shell.m4 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/807 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 25 16:16:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Jul 2019 14:16:52 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y functions can't be used twice in a process due to global variables (also there is no thread-safety) (#19) In-Reply-To: References: Message-ID: Tim R?hsen commented: Just cleaned up the code a bit and it fixes the issue for single-threaded apps. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/19#note_195863560 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 25 16:16:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Jul 2019 14:16:57 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y functions can't be used twice in a process due to global variables (also there is no thread-safety) (#19) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #19: https://gitlab.com/gnutls/libtasn1/issues/19 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/19 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 25 22:39:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Jul 2019 22:39:37 +0200 Subject: [gnutls-devel] gnutls 3.6.9 Message-ID: Hello, I've just released gnutls 3.6.9. This is a bug fix release on the stable 3.6.x branch. I'd like to thank everyone who contributed in this release: Andreas Metzler, Daiki Ueno, Dmitry Eremin-Solenikov, Karsten Ohme, Ludovic Court?s and Tim R?hsen. The detailed list of changes follows; they can be seen in more detail in our milestone tracker: https://gitlab.com/gnutls/gnutls/milestones/22 Changes ======= * Version 3.6.9 (released 2019-07-25) ** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy of digest or MAC context. Copying contexts for externally-registered digest and MAC contexts is unupported (#787). ** Marked the crypto implementation override APIs as deprecated. These APIs are rarely used, are for a niche use case, but have significant side effects, such as preventing any internal re-organization and extension of the internal cipher API. The APIs remain functional though a compiler warning will be issued, and a future minor version update may transform them to a no-op while keeping ABI compatibility (#789). ** libgnutls: Added support for AES-GMAC, as a separate to GCM, MAC algorithm (#781). ** libgnutls: gnutls_privkey_sign_hash2 now accepts the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag as documented. This makes it a complete replacement of gnutls_privkey_sign_hash(). ** libgnutls: Added support for Generalname registeredID. ** The priority configuration was enhanced to allow more elaborate system-wide configuration of the library (#587). The following changes were included: - The file is read as an ini file with '#' indicating a comment. - The section "[priorities]" or global follows the existing semantics of the configuration file, and allows to specify system-wide priority strings which are accessed with the '@' prefix. - The section "[overrides]" is added with the parameters "insecure-hash", "insecure-sig", "insecure-sig-for-cert", "disabled-curve", "disabled-version", "min-verification-profile", "tls-disabled-cipher", "tls-disabled-mac", "tls-disabled-group", "tls-disabled-kx", which prohibit specific algorithms or options globally. Existing algorithms in the library can be marked as disabled and insecure, but no hard-coded insecure algorithm can be marked as secure (so that the configuration cannot be abused to make the system vulnerable). - Unknown sections or options are skipped with a debug message, unless the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is set to 1. ** libgnutls: Added new flag for GNUTLS_CPUID_OVERRIDE - 0x20: Enable SHA_NI instruction set ** API and ABI modifications: gnutls_crypto_register_cipher: Deprecated gnutls_crypto_register_aead_cipher: Deprecated gnutls_crypto_register_digest: Deprecated gnutls_crypto_register_mac: Deprecated gnutls_get_system_config_file: Added gnutls_hash_copy: Added gnutls_hmac_copy: Added GNUTLS_MAC_AES_GMAC_128: Added GNUTLS_MAC_AES_GMAC_192: Added GNUTLS_MAC_AES_CMAC_256: Added GNUTLS_SAN_REGISTERED_ID: Added Getting the Software ==================== GnuTLS may be downloaded directly from Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.9.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.9.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From gnutls-devel at lists.gnutls.org Fri Jul 26 09:15:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 07:15:16 +0000 Subject: [gnutls-devel] GnuTLS | Check key purpose on gnutls_certificate_verify_peers3/2 (#808) References: Message-ID: Nikos Mavrogiannopoulos created an issue: Currently we don't verify that the purpose of the peer's certificate (server or client), matches the expected one, unless the application explicitly requests that. However there is no reason not to check the key purpose automatically, and the calling function has the entity (server or client) available to it. As this may be seen as breaking existing expectations, thus should go into a minor release update. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/808 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 09:37:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 07:37:24 +0000 Subject: [gnutls-devel] GnuTLS | Minor inaccuracy in gnutls_record_send() documentation? (#806) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.10 (Jul 26, 2019?Sep 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/24 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/806 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 09:37:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 07:37:12 +0000 Subject: [gnutls-devel] GnuTLS | Minor inaccuracy in gnutls_record_send() documentation? (#806) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I think what you write makes sense. Would you like to send a merge request for this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/806#note_196234922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 10:02:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 08:02:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: certtool: default to yes on signing certificates for CAs (!1048) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1048 Branches: tmp-sign-cas to master Author: Nikos Mavrogiannopoulos Assignees: When asking the questions for CA certificate generation, default to yes to signing certificates. This is because that's the most common type of CAs generated and defaulting to yes eliminates the need for restart on error. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 10:44:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 08:44:46 +0000 Subject: [gnutls-devel] GnuTLS | Name constraints apply to CN when no SubAltName.DNS is present and the CN is not a valid DNS name (#776) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.10 (Jul 26, 2019?Sep 25, 2019) ( https://gitlab.com/gnutls/gnutls/-/milestones/24 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 18:21:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 16:21:52 +0000 Subject: [gnutls-devel] GnuTLS | Improve documentation of gnutls_record_send() (!1049) References: Message-ID: Michael Catanzaro created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1049 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/#806 to gnutls/gnutls:master Author: Michael Catanzaro Assignees: Minor documentation update, fixes #806. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1049 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 21:54:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 19:54:03 +0000 Subject: [gnutls-devel] GnuTLS | Valid cert fails to verify due to different DN encodings (#553) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: A reproducer was given in #809 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/553#note_196557101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 21:54:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 19:54:35 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from b.cama@kerlink.fr): Re: String comparison for DN should by type-insensitive (#809) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you. I've updated #553 to link to the reproducer you have here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/809#note_196557215 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 21:54:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 19:54:35 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from b.cama@kerlink.fr): Re: String comparison for DN should by type-insensitive (#809) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #809: https://gitlab.com/gnutls/gnutls/issues/809 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/809 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 21:55:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 19:55:45 +0000 Subject: [gnutls-devel] GnuTLS | POSIX shell detection in libopts can't be preset (#807) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Hi, libopts.m4 is provided by the autogen project. Would you like to report this suggestion or send a fix directly to the project? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/807#note_196557479 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 21:58:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 19:58:32 +0000 Subject: [gnutls-devel] GnuTLS | POSIX shell detection in libopts can't be preset (#807) In-Reply-To: References: Message-ID: Ross Burton commented: Ah ok, my mistake. Filed https://sourceforge.net/p/autogen/bugs/195/, I'll close this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/807#note_196558090 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 21:58:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Jul 2019 19:58:33 +0000 Subject: [gnutls-devel] GnuTLS | POSIX shell detection in libopts can't be preset (#807) In-Reply-To: References: Message-ID: Issue was closed by Ross Burton Issue #807: https://gitlab.com/gnutls/gnutls/issues/807 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/807 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 05:03:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 03:03:49 +0000 Subject: [gnutls-devel] libtasn1 | typo fix: whith -> with (!34) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/34 Project:Branches: ametzler/libtasn1:tmp-20190727-typo-whith to gnutls/libtasn1:master Author: Andreas Metzler Assignees: Fix another (old) typo. (Found by lintian.) ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/34 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 11:01:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 09:01:53 +0000 Subject: [gnutls-devel] libtasn1 | typo fix: whith -> with (!34) In-Reply-To: References: Message-ID: Merge Request !34 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/34 Project:Branches: ametzler/libtasn1:tmp-20190727-typo-whith to gnutls/libtasn1:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/34 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 17:46:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 15:46:32 +0000 Subject: [gnutls-devel] GnuTLS | Improve documentation of gnutls_record_send() (!1049) In-Reply-To: References: Message-ID: Merge Request !1049 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1049 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/#806 to gnutls/gnutls:master Author: Michael Catanzaro Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1049 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 21:20:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 19:20:55 +0000 Subject: [gnutls-devel] GnuTLS | Minor inaccuracy in gnutls_record_send() documentation? (#806) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1049 (https://gitlab.com/gnutls/gnutls/merge_requests/1049) Issue #806: https://gitlab.com/gnutls/gnutls/issues/806 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/806 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 21:20:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 19:20:55 +0000 Subject: [gnutls-devel] GnuTLS | Improve documentation of gnutls_record_send() (!1049) In-Reply-To: References: Message-ID: Merge Request !1049 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1049 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/#806 to gnutls/gnutls:master Author: Michael Catanzaro Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1049 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 21:21:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 19:21:04 +0000 Subject: [gnutls-devel] GnuTLS | Improve documentation of gnutls_record_send() (!1049) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1049#note_196699615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 21:58:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 19:58:22 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: move old definitions to new; remove warnings (!35) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/35 Branches: tmp-no-yacc-warnings to master Author: Nikos Mavrogiannopoulos Assignees: Autotools pass by the default the posix yacc (-y) flag to bison, which causes lots of warnings to be printed. As libtasn1 was never posix-yacc compliant there is no reason for these warnings to be printed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/35 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 23:41:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 21:41:06 +0000 Subject: [gnutls-devel] libtasn1 | Tmp avoid eol brackets (!30) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Ok, but then let's force the MR process otherwise there is no way to discuss the changes. We can rely on self-review and update of the NEWS file to document changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/30#note_196706296 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 23:45:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 21:45:10 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/36 Branches: tmp-fix-memleak-b to master Author: Nikos Mavrogiannopoulos Assignees: The built-in types are now detected via the yacc syntax and not in the _asn1_yyerror() routine. This addresses a memory leak on invalid syntax, and also reduces the generated tree by eliminating unnecessary types. The existing test-suite is sufficient for this change. Resolves: #16 ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 00:05:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Jul 2019 22:05:12 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: move old definitions to new; remove warnings (!35) In-Reply-To: References: Message-ID: Merge Request !35 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/35 Branches: tmp-no-yacc-warnings to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/35 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 11:01:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 09:01:00 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/ASN1.y: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196731084 > ; > > type_constant: type_def {$$=$1;} > + | type_invalid {$$=NULL;} > | constant_def {$$=$1;} > ; > > type_constant_list : type_constant {$$=$1;} > | type_constant_list type_constant {$$=$1; > - _asn1_set_right(_asn1_get_last_right($1),$2);} > + if ($1 && $1) _asn1_set_right(_asn1_get_last_right($1),$2);} Why is it `if ($1 && $1)` ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196731084 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 11:05:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 09:05:27 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: Tim R?hsen commented: Except my question, LGTM. I am not into bison/yacc syntax very much, so your patch looks really impressing to me. I'll continue local fuzzing when the MR is merged. As soon as the immediate memleaks are done, I add DER coding and decoding as well... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196731357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:16:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:16:11 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/libtasn1/merge_requests/36 was reviewed by Nikos Mavrogiannopoulos -- Nikos Mavrogiannopoulos commented on a discussion on lib/ASN1.y: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196740125 > | type_constant_list type_constant {$$=$1; > - _asn1_set_right(_asn1_get_last_right($1),$2);} > + if ($1 && $1) _asn1_set_right(_asn1_get_last_right($1),$2);} A typo. It should have been `if ($1 && $2)`, i.e, if these two nodes are non-null. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:16:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:16:18 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/ASN1.y: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196740132 > ; > > type_constant: type_def {$$=$1;} > + | type_invalid {$$=NULL;} > | constant_def {$$=$1;} > ; > > type_constant_list : type_constant {$$=$1;} > | type_constant_list type_constant {$$=$1; > - _asn1_set_right(_asn1_get_last_right($1),$2);} > + if ($1 && $1) _asn1_set_right(_asn1_get_last_right($1),$2);} Updated -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196740132 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:17:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:17:25 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: My bison knowledge is very rusty; it feels decades since I last made something useful with it, and I guess my contributions are on that level. I'm pretty sure that there is a better way to achieve the same result here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196740199 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:18:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:18:59 +0000 Subject: [gnutls-devel] libtasn1 | Memory leak(s) in parser2tree_fuzzer() (#16) In-Reply-To: References: Message-ID: Reassigned Issue 16 https://gitlab.com/gnutls/libtasn1/issues/16 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/16 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:19:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:19:45 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: All discussions on Merge Request !36 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/libtasn1/merge_requests/36 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:21:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:21:30 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: btw, lgtm.com doesn't seem to provide badges for this project: https://lgtm.com/projects/gl/gnutls/libtasn1/ci/ Do you know why? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196740458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:29:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:29:19 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes based on LGTM.com input (!37) References: Message-ID: Nikos Mavrogiannopoulos created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/37 Branches: tmp-minor-fixes to master Author: Nikos Mavrogiannopoulos Assignees: Removed FIXME comment and added header guards. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/37 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:37:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:37:00 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: Tim R?hsen commented: Just asked (see https://discuss.lgtm.com/t/please-add-gnu-libtasn1/2225) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36#note_196741343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 13:38:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 11:38:30 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes based on LGTM.com input (!37) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 3 alerts** when merging 7deb6ae8265839a52ae3833648a9ff9e19ef9d31 into 480e6e94ae6974ad72d71a038ddc76947c5e504a - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/libtasn1/rev/pr-c53163a11c3fa7b0da8359eab058150b32bdc581) **fixed alerts:** * 2 for Missing header guard * 1 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/37#note_196741428 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 14:05:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 12:05:46 +0000 Subject: [gnutls-devel] libtasn1 | ASN1.y: improved detection of built-in types (!36) In-Reply-To: References: Message-ID: Merge Request !36 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/36 Branches: tmp-fix-memleak-b to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/36 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 14:05:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 12:05:49 +0000 Subject: [gnutls-devel] libtasn1 | Memory leak(s) in parser2tree_fuzzer() (#16) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !36 (https://gitlab.com/gnutls/libtasn1/merge_requests/36) Issue #16: https://gitlab.com/gnutls/libtasn1/issues/16 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/16 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 14:25:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 12:25:52 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes based on LGTM.com input (!37) In-Reply-To: References: Message-ID: Merge Request !37 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/37 Branches: tmp-minor-fixes to master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/37 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 19:44:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 17:44:33 +0000 Subject: [gnutls-devel] libtasn1 | Memory leak(s) in parser2tree_fuzzer() (#16) In-Reply-To: References: Message-ID: Milestone changed to Release of libtasn1 4.15.0 (started on Jul 24, 2019) ( https://gitlab.com/gnutls/libtasn1/-/milestones/1 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/16 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 28 19:45:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Jul 2019 17:45:16 +0000 Subject: [gnutls-devel] libtasn1 | warning: 'LDFLAGS' is a user variable, you should not override it (#15) In-Reply-To: References: Message-ID: Milestone changed to Release of libtasn1 4.15.0 (started on Jul 24, 2019) ( https://gitlab.com/gnutls/libtasn1/-/milestones/1 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/15 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 10:04:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 08:04:10 +0000 Subject: [gnutls-devel] GnuTLS | Check key purpose on gnutls_certificate_verify_peers3/2 (#808) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: They key purpose referenced above is: ``` id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } -- TLS WWW server authentication -- Key usage bits that may be consistent: digitalSignature, -- keyEncipherment or keyAgreement id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } -- TLS WWW client authentication -- Key usage bits that may be consistent: digitalSignature -- and/or keyAgreement ``` Note that I may be mistaken on that request since this is specific about `WWW` client and server auth, and not general authentication. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/808#note_196920887 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 10:35:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 08:35:28 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @juaristi do you need any help? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_196958103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 13:09:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 11:09:48 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/38 Branches: tmp-fuzzing to master Author: Tim R?hsen Assignees: This MR adds fuzzing incl. regression tests of the test data generated by fuzzing. The MR contains no fuzz corpora so far as there are still memory leaks in asn1_array2tree(). More fuzzers will follow. The MR also works with OSS-Fuzz - a commit for google/oss-fuzz is already prepared. ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 14:50:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 12:50:47 +0000 Subject: [gnutls-devel] libtasn1 | GTK-DOC warnings (#20) References: Message-ID: Tim R?hsen created an issue: ``` DOC Building XML ../../lib/includes/libtasn1.h:496: warning: asn1_retCode is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:505: warning: node_asn_struct is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:514: warning: node_asn is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:523: warning: ASN1_TYPE is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:532: warning: ASN1_TYPE_EMPTY is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:541: warning: static_struct_asn is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:550: warning: ASN1_ARRAY_TYPE is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:559: warning: asn1_static_node_t is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:568: warning: node_data_struct is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) ../../lib/includes/libtasn1.h:577: warning: ASN1_DATA_NODE is deprecated in the inline comments, but no deprecation guards were found around the declaration. (See the --deprecated-guards option for gtkdoc-scan.) unknown:0: warning: Field descriptions for struct asn1_static_node_st are missing in source code comment block. ./libtasn1-unused.txt:1: warning: 228 unused declarations. They should be added to libtasn1-sections.txt in the appropriate place. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/20 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 16:50:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 14:50:24 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Tim R?hsen commented: @nmav Please review if something obvious is missing or wrong. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_197224607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 17:54:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 15:54:50 +0000 Subject: [gnutls-devel] GnuTLS | Ship inih/LICENSE.txt in release tarball (!1050) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1050 Project:Branches: ametzler/gnutls:tmp-missing-inih-license to gnutls/gnutls:master Author: Andreas Metzler Assignees: inih's license terms say: > Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Do so by including the license file on make dist. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1050 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 18:36:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 16:36:31 +0000 Subject: [gnutls-devel] libtasn1 | doc: removed cyclo subdir (!39) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/39 Project:Branches: ametzler/libtasn1:tmp-20190727-delete-cyclo-subdir to gnutls/libtasn1:master Author: Andreas Metzler Assignees: Like gnutls (See https://gitlab.com/gnutls/gnutls/issues/727 ) libtasn tarballs include an outdated or empty cyclomatic complexity report. Drop it. ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/39 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 19:44:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 17:44:24 +0000 Subject: [gnutls-devel] libtasn1 | doc: removed cyclo subdir (!39) In-Reply-To: References: Message-ID: Merge Request !39 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/39 Project:Branches: ametzler/libtasn1:tmp-20190727-delete-cyclo-subdir to gnutls/libtasn1:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/39 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 19:44:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Jul 2019 17:44:34 +0000 Subject: [gnutls-devel] libtasn1 | doc: removed cyclo subdir (!39) In-Reply-To: References: Message-ID: Tim R?hsen commented: Thank you ! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/39#note_197316243 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 09:38:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Jul 2019 07:38:46 +0000 Subject: [gnutls-devel] GnuTLS | Ship inih/LICENSE.txt in release tarball (!1050) In-Reply-To: References: Message-ID: Merge Request !1050 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1050 Project:Branches: ametzler/gnutls:tmp-missing-inih-license to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1050 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 09:38:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Jul 2019 07:38:52 +0000 Subject: [gnutls-devel] GnuTLS | Ship inih/LICENSE.txt in release tarball (!1050) In-Reply-To: References: Message-ID: Merge Request !1050 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/1050 Project:Branches: ametzler/gnutls:tmp-missing-inih-license to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1050 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 14:48:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Jul 2019 12:48:52 +0000 Subject: [gnutls-devel] libtasn1 | docs: Fix path for ASN1.c (!40) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/libtasn1/merge_requests/40 Branches: tmp-fix-path to master Author: Tim R?hsen Assignees: Small docs issue in make distcheck ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/40 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 15:43:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Jul 2019 13:43:05 +0000 Subject: [gnutls-devel] libtasn1 | docs: Fix path for ASN1.c (!40) In-Reply-To: References: Message-ID: Merge Request !40 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/40 Branches: tmp-fix-path to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/40 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 12:43:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 10:43:55 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.9 fails to build: WARNING: 'autogen' is missing on your system. (#810) References: Message-ID: Emerson Bernier created an issue: ## Description of problem: gnutls 3.6.9 fails to build without autogen. gnutls 3.6.8 and earlier builds correctly. [Full buildlog](https://freedesktop-sdk.gitlab.io/-/freedesktop-sdk/-/jobs/262864262/artifacts/cache/buildstream/logs/freedesktop-sdk/components-gnutls/ca6a60d5-build.4805.log) I suspect this commit causes issues: https://gitlab.com/gnutls/gnutls/commit/d9a3653c9a58fcbc7d07bf0f142d646deccc3c65 however we don't pass `--enable-local-libopts` during build. I hope gnutls will keep building without autogen because we don't use autogen in the project. ## Version of gnutls used: 3.6.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Upstream tarball: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.8.tar.xz ## How reproducible: Always ## Actual results: ``` make[2]: Entering directory '/buildstream/freedesktop-sdk/components/gnutls.bst/bst_build_dir/src' No .bak files found; will call autogen No .bak files found; will call autogen No .bak files found; will call autogen No .bak files found; will call autogen No .bak files found; will call autogen No .bak files found; will call autogen No .bak files found; will call autogen No .bak files found; will call autogen /buildstream/freedesktop-sdk/components/gnutls.bst/build-aux/missing: line 81: autogen: command not found /buildstream/freedesktop-sdk/components/gnutls.bst/build-aux/missing: line 81: autogen: command not found /buildstream/freedesktop-sdk/components/gnutls.bst/build-aux/missing: line 81: autogen: command not found /buildstream/freedesktop-sdk/components/gnutls.bst/build-aux/missing: line 81: autogen: command not found /buildstream/freedesktop-sdk/components/gnutls.bst/build-aux/missing: line 81: autogen: command not found /buildstream/freedesktop-sdk/components/gnutls.bst/build-aux/missing: line 81: autogen: command not found /buildstream/freedesktop-sdk/components/gnutls.bst/build-aux/missing: line 81: autogen: command not found /buildstream/freedesktop-sdk/components/gnutls.bst/build-aux/missing: line 81: autogen: command not found WARNING: 'autogen' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'autogen' program. WARNING: 'autogen' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'autogen' program. make[2]: *** [Makefile:2533: srptool-args.stamp] Error 127 make[2]: *** Waiting for unfinished jobs.... make[2]: *** [Makefile:2533: ocsptool-args.stamp] Error 127 WARNING: 'autogen' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'autogen' program. WARNING: 'autogen' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'autogen' program. WARNING: 'autogen' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'autogen' program. WARNING: 'autogen' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'autogen' program. WARNING: 'autogen' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'autogen' program. WARNING: 'autogen' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'autogen' program. make[2]: *** [Makefile:2533: cli-args.stamp] Error 127 make[2]: *** [Makefile:2533: psktool-args.stamp] Error 127 make[2]: *** [Makefile:2533: certtool-args.stamp] Error 127 make[2]: *** [Makefile:2533: danetool-args.stamp] Error 127 make[2]: *** [Makefile:2533: cli-debug-args.stamp] Error 127 make[2]: *** [Makefile:2533: serv-args.stamp] Error 127 make[2]: Leaving directory '/buildstream/freedesktop-sdk/components/gnutls.bst/bst_build_dir/src' make[1]: *** [Makefile:1591: all-recursive] Error 1 make[1]: Leaving directory '/buildstream/freedesktop-sdk/components/gnutls.bst/bst_build_dir' make: *** [Makefile:1518: all] Error 2 ``` ## Expected results: Build finished. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/810 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 13:00:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 11:00:31 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle: fix carry flag in Streebog code (c1441665) In-Reply-To: References: Message-ID: Gisle Vanem commented: At line 1236, the syntax `uint64_t Z[8] = {};` is no liked by MSVC (even the latest MSVC-2019). Easy to fix with: `uint64_t Z[8] = {};` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/c1441665abe761536b3ed67d36b12f2198be6b12#note_198211078 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 13:27:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 11:27:59 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/corpus2array.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198226751 > + * version 2.1 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, write to the Free Software > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA > + * 02110-1301, USA > + */ > + > +/* > + Helper tool to convert a fuzzer corpus into asn1_static_node C code. > + What's the input it expects? Shouldn't we document it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198226751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 13:28:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 11:28:52 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/libtasn1_array2tree_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198227090 > +/* > + * Copyright(c) 2019 Free Software Foundation, Inc. > + * > + * This file is part of libwget. s/libwget/libtasn1 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198227090 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 13:30:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 11:30:41 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/libtasn1_array2tree_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198227842 > + * This file is part of libwget. > + * > + * Libwget is free software: you can redistribute it and/or modify > + * it under the terms of the GNU Lesser General Public License as published by > + * the Free Software Foundation, either version 3 of the License, or > + * (at your option) any later version. > + * > + * Libwget is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with libwget. If not, see . > + */ > + A description of what is this expected to fuzz is missing here. To my understanding of the code, is the goal to check whether `asn1_array2tree` can withstand malicious input? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198227842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 13:51:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 11:51:20 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/libtasn1_parser2tree_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198236658 > + * You should have received a copy of the GNU Lesser General Public License > + * along with libwget. If not, see . > + */ > + > +#include > + > +#include // malloc, free > +#include // strcmp, memcpy > + > +#include "libtasn1.h" > +#include "fuzzer.h" > + > +static const uint8_t *g_data; > +static size_t g_size; > + > +//#if defined HAVE_DLFCN_H && defined HAVE_FMEMOPEN Is this comment necessary? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198236658 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 13:52:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 11:52:12 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/libtasn1_parser2tree_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198237036 > +#include > + > +#include // malloc, free > +#include // strcmp, memcpy > + > +#include "libtasn1.h" > +#include "fuzzer.h" > + > +static const uint8_t *g_data; > +static size_t g_size; > + > +//#if defined HAVE_DLFCN_H && defined HAVE_FMEMOPEN > +#include > +#ifdef RTLD_NEXT /* Not defined e.g. on CygWin */ > + > +FILE *fopen(const char *pathname, const char *mode) { Is there some way we can ensure that fopen is being called? Should we use a global var which will be used to assert if not called? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198237036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 13:53:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 11:53:06 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/libtasn1_parser2tree_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198237640 > + * > + * This file is part of libwget. > + * > + * Libwget is free software: you can redistribute it and/or modify > + * it under the terms of the GNU Lesser General Public License as published by > + * the Free Software Foundation, either version 3 of the License, or > + * (at your option) any later version. > + * > + * Libwget is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with libwget. If not, see . > + */ A description of the fuzz goal would be nice. Something like: `This is fuzzying asn1_parser2tree() ASN.1 input.` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198237640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 16:05:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 14:05:33 +0000 Subject: [gnutls-devel] GnuTLS | Connection problems with older servers (record packet with invalid length was received) (#811) References: Message-ID: Hanno Stock created an issue: ## Description of problem: When connecting to an older server, sometimes the connection is terminated because of invalid record length errors. To me it looks as if newer versions of GnuTLS are too strict in record length checking (however I am not an expert). This could have something to do with plaintext length vs. padded length or similar. ## Version of gnutls used: On client side: tried with 3.6.9-1, 3.6.8-2 and 3.6.7-4. On server side: libgnutls26 2.12.23-12ubuntu2.8 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Debian (buster); also tried the sid and experimental versions on said buster client. ## How reproducible: Steps to Reproduce: Run on older Ubuntu 14.04 machine: gnutls-serv --echo --x509keyfile /etc/ssl/private/ssl-cert-snakeoil.key --x509certfile /etc/ssl/certs/ssl-cert-snakeoil.pem Run on buster or newer client machine: pwgen 16383 | gnutls-cli --no-ca-verification --port 5556 server.machine ## Actual results: ### Client output: ``` Processed 130 CA certificate(s). Resolving 'redacted'... Connecting to 'redacted:5556'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `CN=redacted', issuer `CN=redacted', serial 0x00e120b43d69e2e4d8, RSA key 2048 bits, signed using RSA-SHA256, activated `2017-07-06 10:03:48 UTC', expires `2027-07-04 10:03:48 UTC', pin-sha256="SxggXxyfEDi9fmVyLwzPN9yE5y69T92aF8CBdGMe9Rc=" Public Key ID: sha1:21c8b2ecfc2b23da00de3371a4aa7bb8b8fc13bc sha256:4b18205f1c9f1038bd7e65722f0ccf37dc84e72ebd4fdd9a17c08174631ef517 Public Key PIN: pin-sha256:SxggXxyfEDi9fmVyLwzPN9yE5y69T92aF8CBdGMe9Rc= - Successfully sent 0 certificate(s) to server. - Description: (TLS1.2)-(RSA)-(AES-256-CBC)-(SHA1) - Session ID: 74:27:72:45:ED:A4:AA:BD:4C:06:1C:43:3D:1C:71:3D:AE:02:14:06:7D:72:25:01:ED:4F:50:BF:C5:67:1C:79 - Options: safe renegotiation, - Handshake was completed - Simple Client Mode: |<1>| Received packet with illegal length: 16624 *** Fatal error: A TLS record packet with invalid length was received. *** Server has terminated the connection abnormally. ``` ### Server output: No error shown on server: ``` * Successful handshake from IPv4 REDACTED_IP port 43420 - Given server name[1]: ldap.indurad.x - Certificate type: X.509 No certificates found! - Could not verify certificate (err: The peer did not send any certificate.) - Version: TLS1.2 - Key Exchange: RSA - Cipher: AES-256-CBC - MAC: SHA1 - Compression: NULL received: pheedei [...] ``` ## Expected results: The client should not disconnect and show the bytes that were sent to the server (because server echoes back). ## Downstream Info This has been reported to Debian as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933538 I am the bug reporter (not the package maintainer), however I am involved in Debian and would also be willing to dig a little deeper, but currently am not familiar with the GnuTLS code. But if someone can point me to some commits that recently changed anything about record length checking I would be willing to try some things out. Also I'd be interested how I might debug whether it is the server that does not follow the specs or the client that is too strict. I'd reason GnuTLS should however at least support older GnuTLS servers' behavior - even if it is out of spec. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/811 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 16:16:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 14:16:04 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on fuzz/corpus2array.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198311564 > + * version 2.1 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, write to the Free Software > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA > + * 02110-1301, USA > + */ > + > +/* > + Helper tool to convert a fuzzer corpus into asn1_static_node C code. > + Done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198311564 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 16:17:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 14:17:28 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on fuzz/libtasn1_parser2tree_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198312353 > + * You should have received a copy of the GNU Lesser General Public License > + * along with libwget. If not, see . > + */ > + > +#include > + > +#include // malloc, free > +#include // strcmp, memcpy > + > +#include "libtasn1.h" > +#include "fuzzer.h" > + > +static const uint8_t *g_data; > +static size_t g_size; > + > +//#if defined HAVE_DLFCN_H && defined HAVE_FMEMOPEN Added a check for fmemopen() in configure.ac and made the comment a real check. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198312353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 16:19:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 14:19:05 +0000 Subject: [gnutls-devel] GnuTLS | nettle: use deterministic ECDSA/DSA for provable signing (!1051) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1051 Branches: tmp-deterministic-ecdsa to master Author: Daiki Ueno Assignees: This adds an ability to the gnutls_privkey_sign* functions to create ECDSA/DSA signatures if `GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE` is set. Fixes #94 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1051 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 16:30:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 14:30:05 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on fuzz/libtasn1_parser2tree_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198319052 > +#include > + > +#include // malloc, free > +#include // strcmp, memcpy > + > +#include "libtasn1.h" > +#include "fuzzer.h" > + > +static const uint8_t *g_data; > +static size_t g_size; > + > +//#if defined HAVE_DLFCN_H && defined HAVE_FMEMOPEN > +#include > +#ifdef RTLD_NEXT /* Not defined e.g. on CygWin */ > + > +FILE *fopen(const char *pathname, const char *mode) { The real 'fix' would be to have a function `asn1_parser2tree_mem()` which takes a block of memory instead of a filename. Then we don't have to rely on `dlsym()` and `fmemopen()` which both are not portable. It would also simplify and speed up `_asn1_yylex()` when using no I/O in there. If you agree, let's open another issue for that. BTW, how to write fuzzable code (also see comments): https://twitter.com/johnregehr/status/1154888675810934784 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198319052 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 16:30:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 14:30:04 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: All discussions on Merge Request !38 were resolved by Tim R?hsen https://gitlab.com/gnutls/libtasn1/merge_requests/38 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 17:20:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 15:20:06 +0000 Subject: [gnutls-devel] GnuTLS | Connection problems with older servers (record packet with invalid length was received) (#811) In-Reply-To: References: Message-ID: Hanno Stock commented: gnutls-cli-debug output for the server: ``` GnuTLS debug client 3.6.7 Checking ldap.indurad.x:5556 unknown protocol 'freeciv' whether we need to disable TLS 1.2... no whether we need to disable TLS 1.1... no whether we need to disable TLS 1.0... no whether %NO_EXTENSIONS is required... no whether %COMPAT is required... no for TLS 1.0 (RFC2246) support... yes for TLS 1.1 (RFC4346) support... yes for TLS 1.2 (RFC5246) support... yes for TLS 1.3 (RFC8446) support... no |<1>| FFDHE groups advertised, but server didn't support it; falling back to server's choice TLS1.2 neg fallback from TLS 1.6 to... TLS1.2 for inappropriate fallback (RFC7507) support... no for certificate chain order... sorted for safe renegotiation (RFC5746) support... yes for encrypt-then-MAC (RFC7366) support... no for ext master secret (RFC7627) support... no for heartbeat (RFC6520) support... no for version rollback bug in RSA PMS... dunno for version rollback bug in Client Hello... no whether the server ignores the RSA PMS version... no whether small records (512 bytes) are tolerated on handshake... yes whether cipher suites not in SSL 3.0 spec are accepted... yes whether a bogus TLS record version in the client hello is accepted... yes whether the server understands TLS closure alerts... yes whether the server supports session resumption... yes for anonymous authentication support... no |<1>| FFDHE groups advertised, but server didn't support it; falling back to server's choice for ephemeral Diffie-Hellman support... yes |<1>| FFDHE groups advertised, but server didn't support it; falling back to server's choice for RFC7919 Diffie-Hellman support... no for ephemeral EC Diffie-Hellman support... no for curve SECP256r1 (RFC4492)... no for curve SECP384r1 (RFC4492)... no for curve SECP521r1 (RFC4492)... no for curve X25519 (RFC8422)... no for AES-GCM cipher (RFC5288) support... no for AES-CCM cipher (RFC6655) support... no for AES-CCM-8 cipher (RFC6655) support... no for AES-CBC cipher (RFC3268) support... yes for CAMELLIA-GCM cipher (RFC6367) support... no for CAMELLIA-CBC cipher (RFC5932) support... yes for 3DES-CBC cipher (RFC2246) support... yes for ARCFOUR 128 cipher (RFC2246) support... yes for CHACHA20-POLY1305 cipher (RFC7905) support... no for MD5 MAC support... yes for SHA1 MAC support... yes for SHA256 MAC support... yes for max record size (RFC6066) support... yes for OCSP status response (RFC6066) support... no ``` OpenSSL (libssl1.1 1.1.1c-1) does work: echo -e "`pwgen 16383`\n" | openssl s_client -crlf -quiet -connect server:5556 Result: ``` depth=0 CN = server verify error:num=18:self signed certificate verify return:1 depth=0 CN = ldap-master verify return:1 ephua4HeeG8I [...] ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/811#note_198343722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 17:39:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 15:39:56 +0000 Subject: [gnutls-devel] GnuTLS | nettle: use deterministic ECDSA/DSA for provable signing (!1051) In-Reply-To: References: Message-ID: Daiki Ueno pushed new commits to merge request !1051 https://gitlab.com/gnutls/gnutls/merge_requests/1051 * 990b3060 - nettle: backport deterministic ECDSA/DSA * 70f9bab4 - privkey_sign_raw_data: remove unnecessary local variable * 09935012 - nettle: use deterministic ECDSA/DSA for provable signing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1051 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 17:56:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 15:56:25 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/structure.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198359032 > **/ > int > asn1_delete_structure2 (asn1_node * structure, unsigned int flags) > +{ > + return _asn1_delete_structure (NULL, structure, flags); > +} > + > +int > +_asn1_delete_structure (list_type *e_list, asn1_node * structure, unsigned int flags) I find the combination of `_` and numbers in names quite confusing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198359032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 18:05:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 16:05:21 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/libtasn1_encoding_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198364764 > + if (size > 2048) // same as max_len = 1000 in .options file > + return 0; > + > + g_data = data; > + g_size = size; > + > + int rc = asn1_parser2tree("pkix.asn", &definitions, errorDescription); > + if (rc != ASN1_SUCCESS) > + return 0; > + > + rc = asn1_create_element(definitions, "TEST_TREE.Koko", &asn1_element); > + if (rc != ASN1_SUCCESS) > + goto out; > + > + size_t vlen = size <= 32 ? size : 32; > + value = malloc(vlen); This is unchecked malloc -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198364764 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 18:05:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 16:05:29 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/libtasn1_encoding_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198364844 > + g_size = size; > + > + int rc = asn1_parser2tree("pkix.asn", &definitions, errorDescription); > + if (rc != ASN1_SUCCESS) > + return 0; > + > + rc = asn1_create_element(definitions, "TEST_TREE.Koko", &asn1_element); > + if (rc != ASN1_SUCCESS) > + goto out; > + > + size_t vlen = size <= 32 ? size : 32; > + value = malloc(vlen); > + memcpy(value, data, vlen); > + > + size_t vlen0 = vlen ? vlen - 1 : 0; > + value0 = malloc(vlen0 + 1); same here -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198364844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 18:06:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 16:06:10 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on fuzz/libtasn1_encoding_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198365447 > + * This file is part of libtasn1. > + * > + * Libtasn1 is free software: you can redistribute it and/or modify > + * it under the terms of the GNU Lesser General Public License as published by > + * the Free Software Foundation, either version 3 of the License, or > + * (at your option) any later version. > + * > + * Libtasn1 is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with libtasn1. If not, see . > + */ > + I'm not sure what's the goal of this fuzzer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198365447 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 18:11:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 16:11:18 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on .gitignore: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198368530 > examples/Makefile.in I think the commit message should contain more information on what fuzzers are being added. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198368530 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 18:17:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 16:17:38 +0000 Subject: [gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I've made some comments inline. I think the first and last commit could be merged as well, and a more explanatory message on the added fuzzers could be added. Overall LGTM. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198372058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 22:42:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 31 Jul 2019 20:42:44 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle: fix carry flag in Streebog code (c1441665) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov commented: @gvanem is this the only change required? Since you can test it with MSVC, could you please open a merge request with changes required? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/c1441665abe761536b3ed67d36b12f2198be6b12#note_198452818 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: