From gnutls-devel at lists.gnutls.org Thu Oct 1 06:09:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 04:09:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli does not report failed handshake when debug level < 3 (#1040) In-Reply-To: References: Message-ID: Issue was closed by GnuTLS bot Issue #1040: https://gitlab.com/gnutls/gnutls/-/issues/1040 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 06:09:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 04:09:08 +0000 Subject: [gnutls-devel] GnuTLS | specialize gnutls_load_file() for unix-like OS (!1270) In-Reply-To: References: Message-ID: GnuTLS bot commented: @gstrauss This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270#note_421723282 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 06:09:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 04:09:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli does not report failed handshake when debug level < 3 (#1040) In-Reply-To: References: Message-ID: GnuTLS bot commented: @wamserma This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1040#note_421723276 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 06:09:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 04:09:08 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): GnuTLS 3.6.13 test results (#964) In-Reply-To: References: Message-ID: Issue was closed by GnuTLS bot Issue #964: https://gitlab.com/gnutls/gnutls/-/issues/964 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 06:09:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 04:09:08 +0000 Subject: [gnutls-devel] GnuTLS | specialize gnutls_load_file() for unix-like OS (!1270) In-Reply-To: References: Message-ID: Merge Request !1270 was closed by GnuTLS bot Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270 Project:Branches: gstrauss/gnutls:specialize-gnutls_load_file to gnutls/gnutls:master Author: Glenn Strauss Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 06:09:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 04:09:09 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: add option to skip the duplicate modules check (!1252) In-Reply-To: References: Message-ID: Merge Request !1252 was closed by GnuTLS bot Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1252 Branches: tmp-pkcs11-reject-duplicate-modules to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 06:09:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 04:09:08 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): GnuTLS 3.6.13 test results (#964) In-Reply-To: References: Message-ID: GnuTLS bot commented: @support-bot This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/964#note_421723278 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 06:09:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 04:09:09 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: add option to skip the duplicate modules check (!1252) In-Reply-To: References: Message-ID: GnuTLS bot commented: @dueno This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1252#note_421723285 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 07:36:57 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 05:36:57 +0000 Subject: [gnutls-devel] GnuTLS | specialize gnutls_load_file() for unix-like OS (!1270) In-Reply-To: References: Message-ID: Merge Request !1270 was reopened by Glenn Strauss Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270 Project:Branches: gstrauss/gnutls:specialize-gnutls_load_file to gnutls/gnutls:master Author: Glenn Strauss Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 07:37:37 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 05:37:37 +0000 Subject: [gnutls-devel] GnuTLS | specialize gnutls_load_file() for unix-like OS (!1270) In-Reply-To: References: Message-ID: Glenn Strauss commented: repeating the initial description: specialize `gnutls_load_file()` for unix-like OS This implementation is safer, more secure, more robust, and more efficient than the existing generic implementation using system stdio. reference: #1002 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1270#note_421760218 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 07:40:23 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 05:40:23 +0000 Subject: [gnutls-devel] GnuTLS | RFE: gnutls_datum_wipe() (similar to private _gnutls_free_key_datum()) (#1001) In-Reply-To: References: Message-ID: Glenn Strauss commented: (ping) still awaiting feeback -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1001#note_421760840 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 07:40:23 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 05:40:23 +0000 Subject: [gnutls-devel] GnuTLS | RFE: gnutls_datum_wipe() (similar to private _gnutls_free_key_datum()) (#1001) In-Reply-To: References: Message-ID: Glenn Strauss commented: (ping) still awaiting feeback -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1001#note_421760840 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 13:03:18 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 11:03:18 +0000 Subject: [gnutls-devel] GnuTLS | WIP Insertion usdt trace points for crypto auditing (!1340) References: Message-ID: Sahana Prasad created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340 Project:Branches: sahprasa/gnutls:dtrace to gnutls/gnutls:master Author: Sahana Prasad Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code As of now following are the insertion points: gnutls_privkey_sign_data() gnutls_privkey_sign_hash() gnutls_pubkey_verify_data2() gnutls_pubkey_verify_hash2() I still have to insert probes to find out the version and a unique value per session. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 14:43:46 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 12:43:46 +0000 Subject: [gnutls-devel] GnuTLS | WIP Insertion usdt trace points for crypto auditing (!1340) In-Reply-To: References: Message-ID: Daiki Ueno commented: Consider checking my comment on the similar change in NSS: https://phabricator.services.mozilla.com/D88919#2822437 Although we might accept the NSS changes, I'd like to align with the GLib's systemtap usage, because GLib based applications are a major target for us and it would be a surprise if we invent our own. Cc @simo5 @TheRealMichaelCatanzaro. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340#note_422029222 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 1 20:13:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Oct 2020 18:13:48 +0000 Subject: [gnutls-devel] GnuTLS | WIP Insertion usdt trace points for crypto auditing (!1340) In-Reply-To: References: Message-ID: Simo Sorce commented: @dueno can you point at Gnome's documentaiton or code example that explains what is the preference here? I want to see if that method will work for our requirements before expressing any preference. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340#note_422262200 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 13:18:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 11:18:32 +0000 Subject: [gnutls-devel] GnuTLS | Clarify documentation of session ticket keys (#1097) References: Message-ID: Airtower created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1097 The [documentation on session resumption](https://gnutls.org/manual/html_node/Session-resumption.html) currently says this: > Those will be the initial keys, but GnuTLS will rotate them > regularly. [...] Every such interval, new keys will be generated > from those initial keys. This is a necessary mechanism to prevent > the keys from becoming long-term keys and as such preserve > forward-secrecy in the issued session tickets. However, no _rotation_, only key derivation. The initial key is never wiped and does in fact become a long term key. Someone who is able to steal it from server memory can derive TOTP keys for any round they want, and decrypt the associated tickets. I'm not sure how useful the rotation is at all with this limitation: It doesn't protect against server memory compromise, but I don't know if there could be any cryptanalysis attacks that would allow deriving keys or other secrets after collecting many tickets encrypted with the same key. In that case the TOTP key derivation would protect against attackers on the network. The limitation should be made clear in the documentation, so people with forward secrecy requirements stronger than "keys wiped during server restart" will know to either disable tickets altogether or implement their own rotation. Related to this, two functions are missing details in the API documentation that are important when implementing a full rotation that also replaces the initial key: ### `gnutls_session_ticket_key_generate()` Looking at the code the size of the key in memory is strictly fixed. There is however no mention of the size in the documentation. Would it be acceptable to guarantee a fixed key size during application runtime, that is, create one key, and it'll be safe to assume that keys generated by the same process have the same size? This would be helpful in cases like mod_gnutls, where the Apache HTTPD is made up of multiple processes, which would have to use a common key e.g. using shared memory. ### `gnutls_session_ticket_enable_server()` When replacing the intial key it's obviously important to wipe and `free()` the previous one as soon as possible. The current code copies the initial key into the session structure during `gnutls_session_ticket_enable_server()`. This should be documented as API, so applications can wipe old keys as soon as all calls to `gnutls_session_ticket_enable_server()` that may have referenced the old key have completed. I'd be happy to update the documentation if those things can be relied on as API. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1097 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 13:23:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 11:23:02 +0000 Subject: [gnutls-devel] GnuTLS | Update predefined priority keywords (#1098) References: Message-ID: Airtower created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1098 The `NORMAL` priority keyword enables several protocols and algorithms that shouldn't be considered secure by current standards, specifically: * plain RSA key exchange * TLS 1.0 * TLS 1.1 * DTLS 1.0 * SHA-1 signatures * SHA-1 MAC seems at least questionable Aside from SHA-1 signatures and in some cases SHA-1 MAC this also applies to all the `SECURE` variants, and everything aside from plain RSA also to `PFS`. I suppose there may be a compatibility tradeoff regarding SHA-1 MAC, but the rest could be removed without being any less compatible with older servers than modern browsers. For TLS 1.2 servers that still don't support AEAD adding SHA-256 MAC might be useful, whether SHA-1 is removed or not. Considering that these keywords are intended for people who want reasonably secure defaults without digging into all the details I think they should be updated soon. I'd be happy to prepare a patch if there is consensus on what should be included. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 15:00:24 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 13:00:24 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337#note_423087376 Good catch, fixed both. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337#note_423087376 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 15:00:35 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 13:00:35 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: All discussions on Merge Request !1337 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1337 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 15:03:18 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 13:03:18 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: Daiki Ueno commented: @ametzler thank you for the review; would you be able to push the "Approve" button if it looks ok, so we can merge this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337#note_423087610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 16:38:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 14:38:55 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: Andreas Metzler commented: Thanks for cleaning this up. ``` Afaiui the variable "locked" seems to be unused in tests/scripts/common.sh. ``` I saw this when checking the latest changes and thought I would mention it. Just tell me whether you want to push another update or whether you would prefer that I approve the merge-request as it is. TIA -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337#note_423096910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 17:02:01 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 15:02:01 +0000 Subject: [gnutls-devel] GnuTLS | tests: remove hand-written parallelism in testcompat-*openssl tests (#1099) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1099 In testcompat-main-openssl, we have the following hand-written code to run sub-testsuites in parallel: ```sh WAITPID="" for mod in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" ":%SAFE_RENEGOTIATION"; do run_server_suite $mod & WAITPID="$WAITPID $!" done ``` We should rely on automake's parallel-tests harness by having individual test scripts. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 17:45:37 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 15:45:37 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337#note_423103344 Yes, should be fixed now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337#note_423103344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 18:30:23 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 16:30:23 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: Merge Request !1337 was approved by Andreas Metzler Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337 Branches: tmp-sh-tests to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 18:30:40 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 16:30:40 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: All discussions on Merge Request !1337 were resolved by Andreas Metzler https://gitlab.com/gnutls/gnutls/-/merge_requests/1337 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 18:30:40 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 16:30:40 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337#note_423107600 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337#note_423107600 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 3 18:42:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Oct 2020 16:42:09 +0000 Subject: [gnutls-devel] GnuTLS | tests: simplify shell-script usage (!1337) In-Reply-To: References: Message-ID: Merge Request !1337 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337 Branches: tmp-sh-tests to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1337 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 4 09:55:40 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Oct 2020 07:55:40 +0000 Subject: [gnutls-devel] GnuTLS | WIP Insertion usdt trace points for crypto auditing (!1340) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340#note_423164138 @simo5 I don't get what you are asking for (i.e., code example for what). If you are looking for the code that "uses" those traces, then there shouldn't be any difference: you can use your favorite tracing tool that supports USDT e.g. systemtap. The GNOME documentation for that is: > GLib ships with a file libglib-2.0.so.*.stp which defines a set of probe points, which you can hook into with custom SystemTap scripts. See the files libglib-2.0.so.*.stp, libgobject-2.0.so.*.stp and libgio-2.0.so.*.stp which are in your shared SystemTap scripts directory. If you are looking for the code that "defines" those "traces" everything is linked from the above NSS comment. In short, pre-processing `.d` files (rather than post-processing the resulting ELF binary with Perl... script) allows the USDT to be defined in a declarative way (and thus prevents misuses) and serves documentation. The same pattern is also used in sssd, which you must be familiar with: https://github.com/SSSD/sssd/blob/master/src/systemtap/sssd_probes.d -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340#note_423164138 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 5 07:52:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Oct 2020 05:52:48 +0000 Subject: [gnutls-devel] GnuTLS | Prevent misuses of gnutls_x509_trust_list_set_getissuer_function callback (#1100) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1100 The callback set by `gnutls_x509_trust_list_set_getissuer_function` is currently expected to (1) inspect the downloaded certificates are trusted and (2) inject it to the trust list with `gnutls_x509_trust_list_add_cas`. This process is error-prone and we should provide a better interface to prevent misuses. The proposal is to change the callback type to return the downloaded certificates as an output parameter. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 5 07:54:29 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Oct 2020 05:54:29 +0000 Subject: [gnutls-devel] GnuTLS | Replace fipshmac usage with our own HMAC functions (#1101) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1101 In the FIPS build we manually call the `fipshmac` program after `make`. This can be replaced with our own HMAC calculation functions and automated during the `make` process. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 5 18:11:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Oct 2020 16:11:33 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 Branches: tmp-kdf-tests to master Author: Daiki Ueno FIPS140-2 IG D.8 now mandates self-tests for KDF and CMAC. This will add minimal support for it. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 5 18:14:13 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Oct 2020 16:14:13 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: Daiki Ueno commented: Cc @smuellerDD. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_423830353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 5 18:14:25 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Oct 2020 16:14:25 +0000 Subject: [gnutls-devel] GnuTLS | WIP Insertion usdt trace points for crypto auditing (!1340) In-Reply-To: References: Message-ID: Simo Sorce commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340#note_423830676 Ok so if I understand that right, what you propose is to have a way to catch inappropriate changes to .d files? How do you plan to do that ? The good thing about the perl script in the NSS case is that it has the added benefit of checking that the probes are actually ending up in the elf section as needed. I think something similar would be needed anyway here to insure the whole machinery worked correctly and the correct output produced ... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340#note_423830676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 09:07:20 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 07:07:20 +0000 Subject: [gnutls-devel] GnuTLS | WIP Insertion usdt trace points for crypto auditing (!1340) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340#note_424176707 If we pre-process using `.d` files, post-processing only adds a little extra sanity, because the code shall not directly use `DTRACE_PROBE*` but dedicated macros, and thus misuses are caught at the compile time. Although the user can still use those generic macros, such usage can be checked with [syntax-check](https://git.savannah.gnu.org/cgit/gnulib.git/tree/top/maint.mk#n203) rules (i.e., no git-controlled files directly include `` and no `DTRACE_PROBE*` macros are invoked). If we really care about the final ELF output, we can add something similar (but not in Perl, maybe good to talk to the libabigail developers first). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1340#note_424176707 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 09:39:19 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 07:39:19 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: Stephan Mueller commented: - CMAC: I see no problems in having both AES key sizes tested, but one would suffice (also cryptographically). - TLS: Looks good - PBKDF2: looks good - HKDF: looks good - Is that code also applicable to TLS 1.3 KDF? If so, I would recommend adding a comment to state that avoiding later questions. If not, what about considering a TLS 1.3 KDF self test? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424197662 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 10:07:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 08:07:48 +0000 Subject: [gnutls-devel] GnuTLS | Update README.md for *** libev4 was not found *** added package to install in ubuntu 18.04 (!1313) In-Reply-To: References: Message-ID: Merge Request !1313 was closed by Satya kommula Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1313 Project:Branches: satyakommula/gnutls:patch-1 to gnutls/gnutls:master Author: Satya kommula Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 13:32:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 11:32:55 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424396515 @smuellerDD thank you for the review! > CMAC: I see no problems in having both AES key sizes tested, but one would suffice (also cryptographically). Removed one (AES-128). > HKDF: looks good - Is that code also applicable to TLS 1.3 KDF? If so, I would recommend adding a comment to state that avoiding later questions. If not, what about considering a TLS 1.3 KDF self test? I'm a bit confused about this; would you mind clarifying what exactly "TLS 1.3 KDF" means (ideally in the RFC 8446 terms)? I see some [discussions](https://mailarchive.ietf.org/arch/msg/tls/qANkz08Yyel84C1pzPGc2g9h3XI/) regarding SP800-56C additions of HKDF a while ago, but not sure what was the outcome. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424396515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 13:39:30 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 11:39:30 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342 Branches: tmp-dh-2048 to master Author: Daiki Ueno According to FIPS140-2 IG 7.5, the minimum key size of FFC through 2030 is defined as 2048 bits. This updates the relevant self-test with the one from the CAVP test vector. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 13:41:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 11:41:08 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: Daiki Ueno commented: Cc @smuellerDD this as well :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424402573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 13:51:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 11:51:48 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: Stephan Mueller commented: First of all, it is good to bump the DH size. But knowing that we more and more look at safe primes, why not use one of the pre-defined RFC 3526 or RFC 7919 primes? That would make the code smaller and is more to the point what is being used :-). If you need a test vector, just holler. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424415641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 13:59:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 11:59:03 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 was reviewed by Stephan Mueller -- Stephan Mueller commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424424030 The TLS 1.3 use of HKDF and the specification in SP800-56C rev 1 are not the same. For TLS, basically the system invokes HKDF in a number of steps to get to the different key material. For a self test I could fathom that as input you use a shared secret and as output you gather the exporter master secret that you compare with a known good value. But any other type of generated secret would suffice too. That should be done using the same code that is used by the TLS stack. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 13:59:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 11:59:03 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424424038 > If you need a test vector, just holler. Yes! :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424424038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 14:04:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 12:04:12 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: Stephan Mueller commented: One for FFCDHE 3072 "ephemeralPublicServer": "93EB5C371D3C066FBFBE965126588136C64F9A34C4C5A8A32C4176A8C6C0A0C85136C4404E2C69F751BBB0D6F5DB4029503B8AF9F35378FC86E9F1E9AC8513656222041B142AF48F2FF12F81D6180E769143B2FC7C6F0C45373131585CDF42247ABA8B7F790607EFD606EBCB3CBDBCE5FFFD62150C404637EFD0A1DE634F200B457D0677FD23C1328A896516E848121C25332DBDD89F1C9DBCE30860871AC60636D2AC096D990289C612938C4BD07E368AD6A0974F973F970BFE05FCC8EF214D4A066EB4A64FE1DD4406FAD50E54F5543E8CB98586004098E701DD939D95EAF0D3994BEBD57947A4AD2AE04D363B461096BB48E9A17801350A5C7B3FF5F7B1E397174D76108D684C947DEE0E208BCE7D0AA351FBE6CFF00E7F3CD4EF5631B295F05F4B9C039EAEB1C146D7C04FB0F66CE1E92A97E03F3A9304CD417D4503B34020E6AD2DD3F7327BCC4F81184C5077C4B76A4D05D86DBF6FBA1D387887D28EC26DB6ED6661A8B9190E93D1CD5BBE19055243D6C1073C6A62BD339B1B02426114", "ephemeralPrivateIut": "165CA6E09B87FA2DBC1320CDAC4ECC601E48ECBE730CA86B6E2AEEDDD8F32D5F75F30794883DB138CFAE4ACCCB6A80BCEB3BAA0B1874587C3E74EFB6D315EE7329887B65023933EC22068C5BD62F4CF7E0976D2A9036FE1A444D9D414BCBEC25F4C3A591D090C9347BBA27305AA22158CE882539AFF1170212F855DCD2085BD3C78ECF298585DB5C08C2D7B0330EE3B92C1A1D4BE5768FD314B68CDC9AE81560605EAAF9FAA6B24FFF46C15E9350907E4C26D7BB21053D27C59B0D4669E474877455EE5FE57204461F2E55C7CC2B2B396D906031375B44DEFDF2D1C69C1282CC7CB10EA9959DE0A83EC1A34A6A37591793631EBF04A3AAC01DC46D7ADC699CB02256D976922D1E62AEFDD69BFD082C95ECE7024362681AAF4659B7CE8E4224AEF70E9A3BF877DF26859F45AD8CA9549C4644D58AE9CC345EC5D1426F44F30F903A321A9C2A63EC21B4FCFAA5CFE79E43C74956BC50C584F042C86AF178E4AA0637E130F76597CAFD35FAEB486DAA45469DBC1D981745A3EE21A0973880C5281F", "ephemeralPublicIut": "6216D62ED65E8E1FFF6AAE23140399C7124D95977A81DBC4AB742EAF97FF53745548B576CACA7FF9D24B394CD5B7708932985BE304EBC5E390B919D4B791686A6DBC14BB01EB3397ADF4D59A76A6D4B875EFA3B34BD700C2CCA24B67CB2F257389D7C3CA440F0CB44E7E0ADE07932F688416103AEC34249A8709F57595927D68B6F2953FC183626031BEFD2A0F2CF9633F770C16458A017019AB42B0EF5398B704431E771D22397253E4BD9441A16D9109D3BB0CF49AF0CCF2C35EB6E14C64A65F485AE46B305F444EB3F728664F0C378CA3AD08190C7C367FC15C03E13C0D0E6E4DBAAA61F6478211E7FCDC4331EC8EE12B3FD80CBE693BFA84BDA8793467769492BE921F36A1E82F192449C0EE0A0F59BAEDC6730D1283AB7BDF21D8F759A4344EF015A32016BA01499E13BB524298FBAA54956B893B566F26D4E712816C3718E2ED5CD98080F85CAE3CC7536D9131593B2D26E0A5920FFE6CD95BD12CFDA1D073F090EC4F4F22CAF6EC43E4E5931D4F891162E25EBDEB316BFF76F0EC3BC1", "z": "ECB3850C725555C29836BE759EC99D8B16A6E6843312801DACDE6AD73B1E15CA5D26B30A35F4BBAD71CB031ACBFB83F0A8DEED5E3D98D2B0EFADDF32A0167D0E29D885CA129756AB6A26A4463D87D7E0B43E2875AC59C5713A2415769872942DD00EBC9A77D4E2B276544A56BE0B43F8216F5432DEB7D5B70800D2578C0B8B023EDB72543AC05066BCC967F52228F23C519461269AC6420E8B42AD7940A90BDC84D5718394D9832F0874BC376A3E1EBCCC092330790139F6E3A8C0FA7EDB0B713E4F1F6984A6586C362CCCB47C94EC060B115395E60543A4E4EA1D4FDCD0380E32A1DED98DD820AC0483F81B55521620E32E6D1115292F3A7C800A713D319C1B7359E10D27C5C06A723A5BD6F650E669481EFDEB4A4773FB8814EA6D36E14C2CF904C1B729FC5D025D1C4D314A513FA4451929C432A645DB943ABD762CD61AB1FFE7627516E50BA33A9384D6ADC224683DD607E4BE5A493106AD3F314A1CF758DF34CBC8A907244263A58EDD377892683FD82FEA8CF18ED48BA73FA0FAAFF035" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424430996 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 16:52:58 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 14:52:58 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424632118 Thank you, updated with it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424632118 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 6 16:56:38 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Oct 2020 14:56:38 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: Stephan Mueller commented: Sweet, looks good. Just for the records: The test vector is used from a successful run of the NIST ACVP testing framework. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424635484 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 8 17:09:38 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Oct 2020 15:09:38 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_426341692 OK now I see what you mean from: https://usnistgov.github.io/ACVP/draft-hammett-acvp-kdf-tls-v1.3.html However, I'm still unsure how to obtain transcript-hash in test vectors (that's tied to a specific handshake). Do you have any information regarding that? In any case I would rather land this PR without it for now, after fixing the CI failure. Would you be able to push the "Approve" button? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_426341692 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 8 17:18:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Oct 2020 15:18:10 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: Stephan Mueller commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_426348200 I cannot really provide any additional information. I am discussing that with my peers first. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_426348200 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 8 17:19:13 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Oct 2020 15:19:13 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: Merge Request !1342 was approved by Stephan Mueller Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342 Branches: tmp-dh-2048 to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 8 17:32:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Oct 2020 15:32:08 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: All discussions on Merge Request !1342 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1342 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 8 17:32:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Oct 2020 15:32:15 +0000 Subject: [gnutls-devel] GnuTLS | fips: use 2048-bit prime for DH self-tests (!1342) In-Reply-To: References: Message-ID: Merge Request !1342 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342 Branches: tmp-dh-2048 to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1342 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 8 17:36:22 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Oct 2020 15:36:22 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: All discussions on Merge Request !1341 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 8 17:36:26 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Oct 2020 15:36:26 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: Merge Request !1341 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 Branches: tmp-kdf-tests to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 8 18:28:19 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Oct 2020 16:28:19 +0000 Subject: [gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341) In-Reply-To: References: Message-ID: Merge Request !1341 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 Branches: tmp-kdf-tests to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 12 04:27:37 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Oct 2020 02:27:37 +0000 Subject: [gnutls-devel] GnuTLS | x86:add detection of instruction set on Zhaoxin CPU (!1335) In-Reply-To: References: Message-ID: All discussions on Merge Request !1335 were resolved by zzjianhui https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 12 10:26:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Oct 2020 08:26:34 +0000 Subject: [gnutls-devel] GnuTLS | Prevent misuses of gnutls_x509_trust_list_set_getissuer_function callback (#1100) In-Reply-To: References: Message-ID: Reassigned Issue 1100 https://gitlab.com/gnutls/gnutls/-/issues/1100 Assignee changed to Sahana Prasad -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 12 23:38:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 12 Oct 2020 21:38:48 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) References: Message-ID: Michael Catanzaro created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/close-session to gnutls/gnutls:master Author: Michael Catanzaro gnutls_pkcs11_obj_set_info() fails to call pkcs11_close_session() after a successful pkcs11_open_session() if called with an invalid itype parameter. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 13 04:19:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 13 Oct 2020 02:19:34 +0000 Subject: [gnutls-devel] GnuTLS | cannot use colon (':') in gnutls_psk_set_server_credentials_file file (#1103) References: Message-ID: Spongman created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1103 rfc4279 does not exclude ':' from the PSK identity, so the client can (and do) send usernames that contain ':' characters. for example: ``` username = urn:imei:1234567890 ``` it's impossible to authenticate these username when put in a file passwd to gnutls_psk_set_server_credentials_file(), since that authentication path just blindly looks for the first ':' on the line, eg: ``` urn:imei:1234567890:password ``` the parsing code for that line should allow escaping the ':'s in the username, eg: ``` urn\:imei\:1234567890:password ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 13 15:39:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 13 Oct 2020 13:39:08 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Merge Request !1343 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/close-session to gnutls/gnutls:master Author: Michael Catanzaro Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 13 15:40:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 13 Oct 2020 13:40:34 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you. I guess the CI is failing because of build-images update; let me check. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343#note_428889796 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 15 06:08:56 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Oct 2020 04:08:56 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1104) References: Message-ID: GnuTLS bot created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1104 The following issues require labels: - [ ] [gnutls_store_commitment doesn't take into account the code returned by tbd->cstore](https://gitlab.com/gnutls/gnutls/-/issues/1092) - [ ] [Service Desk (from christian_r_wagner at yahoo.co.uk): Issues when building GnuTLS on Mac OSX Yosemite](https://gitlab.com/gnutls/gnutls/-/issues/1087) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1104 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 15 06:08:59 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Oct 2020 04:08:59 +0000 Subject: [gnutls-devel] GnuTLS | WIP: CMS support (RFC 5652) (!1248) In-Reply-To: References: Message-ID: Merge Request !1248 was closed by GnuTLS bot Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1248 Branches: tmp-cms-support to master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1248 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 15 06:09:00 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Oct 2020 04:09:00 +0000 Subject: [gnutls-devel] GnuTLS | WIP: CMS support (RFC 5652) (!1248) In-Reply-To: References: Message-ID: GnuTLS bot commented: @lumag This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1248#note_429937616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 18 11:26:06 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Oct 2020 09:26:06 +0000 Subject: [gnutls-devel] GnuTLS | Add extra checks on memory allocation in src/ and examples (!1344) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344 Branches: tmp-src-fixes to master Author: Daiki Ueno Fixes #1102. Also fixes a recent CI failure with GCC `-fanalyzer`. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 18 18:05:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Oct 2020 16:05:34 +0000 Subject: [gnutls-devel] GnuTLS | Add extra checks on memory allocation in src/ and examples (!1344) In-Reply-To: References: Message-ID: Daiki Ueno commented: Another yak-shaving; @TheRealMichaelCatanzaro would you like to review as it fixes the CI failure in !1343? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344#note_431498096 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Oct 18 19:56:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Oct 2020 17:56:32 +0000 Subject: [gnutls-devel] GnuTLS | Add extra checks on memory allocation in src/ and examples (!1344) In-Reply-To: References: Message-ID: Michael Catanzaro commented: I don't see any obvious problems. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344#note_431512089 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 19 05:51:26 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Oct 2020 03:51:26 +0000 Subject: [gnutls-devel] GnuTLS | Add extra checks on memory allocation in src/ and examples (!1344) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344#note_431590931 Thank you; could you push the "Approve" button so we can merge it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344#note_431590931 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 19 15:23:50 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Oct 2020 13:23:50 +0000 Subject: [gnutls-devel] GnuTLS | Add extra checks on memory allocation in src/ and examples (!1344) In-Reply-To: References: Message-ID: Merge Request !1344 was approved by Michael Catanzaro Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344 Branches: tmp-src-fixes to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 19 16:43:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Oct 2020 14:43:10 +0000 Subject: [gnutls-devel] GnuTLS | Add extra checks on memory allocation in src/ and examples (!1344) In-Reply-To: References: Message-ID: All discussions on Merge Request !1344 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1344 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 19 16:43:17 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Oct 2020 14:43:17 +0000 Subject: [gnutls-devel] GnuTLS | Add extra checks on memory allocation in src/ and examples (!1344) In-Reply-To: References: Message-ID: Merge Request !1344 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344 Branches: tmp-src-fixes to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 20 04:37:38 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Oct 2020 02:37:38 +0000 Subject: [gnutls-devel] GnuTLS | x86: fix avx detection (!1334) In-Reply-To: References: Message-ID: zzjianhui commented: Hi @dueno , i deleted FMA and fixed the AVX detection problem. Is there any problem with me writing this way? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1334#note_432377727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 21 17:27:56 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Oct 2020 15:27:56 +0000 Subject: [gnutls-devel] GnuTLS | x86: fix avx detection (!1334) In-Reply-To: References: Message-ID: Merge Request !1334 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1334 Project:Branches: zzjianhui/gnutls:fix-avx-detection to gnutls/gnutls:master Author: zzjianhui Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1334 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 21 17:28:45 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Oct 2020 15:28:45 +0000 Subject: [gnutls-devel] GnuTLS | x86: fix avx detection (!1334) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm sorry for the long delay; it looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1334#note_433716548 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 21 17:28:50 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Oct 2020 15:28:50 +0000 Subject: [gnutls-devel] GnuTLS | Why does gnutls need to judge whether it supports FMA when detecting the extended instruction set AVX (#1083) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit ece960ee909f7ed0db3a75cc746a67f7286e10c4 Issue #1083: https://gitlab.com/gnutls/gnutls/-/issues/1083 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1083 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 21 17:28:52 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Oct 2020 15:28:52 +0000 Subject: [gnutls-devel] GnuTLS | x86: fix avx detection (!1334) In-Reply-To: References: Message-ID: Merge Request !1334 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1334 Project:Branches: zzjianhui/gnutls:fix-avx-detection to gnutls/gnutls:master Author: zzjianhui Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1334 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 21 17:44:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Oct 2020 15:44:09 +0000 Subject: [gnutls-devel] GnuTLS | x86:add detection of instruction set on Zhaoxin CPU (!1335) In-Reply-To: References: Message-ID: Daiki Ueno commented: This also looks pretty nice to me; great work! I have only a few minor comments: - ideally the CPU support should be checked in the CI; any chance perhaps to set up a [GitLab CI runner](https://docs.gitlab.com/runner/install/) on that CPU? - it might be good to record the benchmark result somewhere (e.g., in the commit log), with `gnutls-cli --benchmark-ciphers` - I see a few indentation mixups; will comment on those later -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335#note_433726859 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Oct 21 17:46:20 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Oct 2020 15:46:20 +0000 Subject: [gnutls-devel] GnuTLS | x86:add detection of instruction set on Zhaoxin CPU (!1335) In-Reply-To: References: Message-ID: Merge Request !1335 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 Project:Branches: zzjianhui/gnutls:fix-padlock to gnutls/gnutls:master Author: zzjianhui Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 22 07:18:26 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Oct 2020 05:18:26 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343#note_434003382 Can you rebase it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343#note_434003382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 22 09:49:37 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Oct 2020 07:49:37 +0000 Subject: [gnutls-devel] GnuTLS | cannot use colon (':') in gnutls_psk_set_server_credentials_file file (#1103) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the report. If I understand correctly, passwords are encoded in hex format in the PSK file, followed by a ':'. So I guess we can simply look for the last `:` in each line, using `strrchr`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1103#note_434068123 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 22 16:45:45 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Oct 2020 14:45:45 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Merge Request !1343 was scheduled to merge after pipeline succeeds by Michael Catanzaro Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/close-session to gnutls/gnutls:master Author: Michael Catanzaro Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 22 16:45:43 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 22 Oct 2020 14:45:43 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: All discussions on Merge Request !1343 were resolved by Michael Catanzaro https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 23 19:19:51 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Oct 2020 17:19:51 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Daiki Ueno commented: The CI is failing with some warnings from -Werror, though I really have no idea why this happens as neither gnulib submodule nor the build-image is updated: ```console configure:53772: checking for libev configure:53794: ccache gcc -o conftest -std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope conftest.c -lev >&5 conftest.c:417: error: "GNULIB_STRERROR" redefined [-Werror] 417 | #define GNULIB_STRERROR 1 | conftest.c:311: note: this is the location of the previous definition 311 | #define GNULIB_STRERROR IN_GNUTLS_GNULIB_TESTS | cc1: all warnings being treated as errors ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343#note_435263252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 24 09:04:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Oct 2020 07:04:42 +0000 Subject: [gnutls-devel] GnuTLS | cannot use colon (':') in gnutls_psk_set_server_credentials_file file (#1103) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1103#note_435446312 Hm, actually it's already possible to use a colon in user names, if you write an entry with all-hexadecimal format, preceded by a '#': ``` #75726e3a696d65693a31323334353637383930:password ``` Unfortunately, this is not documented anywhere, and psktool doesn't do automatic conversion if it detects a colon. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1103#note_435446312 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 24 10:25:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Oct 2020 08:25:14 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 Project:Branches: dueno/gnutls:wip/dueno/psk-colon to gnutls/gnutls:master Author: Daiki Ueno Also document the file format in the `gnutls_psk_set_server_credentials_file` doc text. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 24 10:29:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Oct 2020 08:29:07 +0000 Subject: [gnutls-devel] GnuTLS | x86/padlock: Use free() on local variables (#1094) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1094: https://gitlab.com/gnutls/gnutls/-/issues/1094 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 24 10:29:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 24 Oct 2020 08:29:07 +0000 Subject: [gnutls-devel] GnuTLS | x86/padlock: Use free() on local variables (#1094) In-Reply-To: References: Message-ID: Daiki Ueno commented: This has been fixed with !1336. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1094#note_435477304 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 26 04:28:20 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Oct 2020 03:28:20 +0000 Subject: [gnutls-devel] GnuTLS | x86:add detection of instruction set on Zhaoxin CPU (!1335) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 was reviewed by zzjianhui -- zzjianhui commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335#note_435747251 Zhaoxin machine is a company's public computer, and the process used is more complicated. So it is not yet possible to deploy GitLab CI on it. I have posted the benchmark test results to the merge request interface. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 26 18:01:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Oct 2020 17:01:10 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) References: Message-ID: Tom?? Mr?z created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 Project:Branches: t8m/gnutls:client-hello-version to gnutls/gnutls:master Author: Tom?? Mr?z Fix for issue #1053 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Oct 26 18:02:41 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Oct 2020 17:02:41 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Tom?? Mr?z commented: I verified that it fixes the reported issue. If you can give a hint where/how to add a testcase, I can try to add it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_436233534 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 27 07:41:13 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Oct 2020 06:41:13 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_436524713 Thank you! As for the testcase, I would extend `tests/tls13/hello_retry_request.c` to cover this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_436524713 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 27 08:46:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Oct 2020 07:46:10 +0000 Subject: [gnutls-devel] GnuTLS | x86:add detection of instruction set on Zhaoxin CPU (!1335) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335#note_436564608 The result looks impressive; thanks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335#note_436564608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 27 08:46:18 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Oct 2020 07:46:18 +0000 Subject: [gnutls-devel] GnuTLS | Add detection of extended instruction set on zhaoxin CPU (#1079) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1335 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1335) Issue #1079: https://gitlab.com/gnutls/gnutls/-/issues/1079 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1079 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 27 08:46:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Oct 2020 07:46:12 +0000 Subject: [gnutls-devel] GnuTLS | x86:add detection of instruction set on Zhaoxin CPU (!1335) In-Reply-To: References: Message-ID: All discussions on Merge Request !1335 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 27 08:46:21 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Oct 2020 07:46:21 +0000 Subject: [gnutls-devel] GnuTLS | x86:add detection of instruction set on Zhaoxin CPU (!1335) In-Reply-To: References: Message-ID: Merge Request !1335 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 Project:Branches: zzjianhui/gnutls:fix-padlock to gnutls/gnutls:master Author: zzjianhui Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 27 12:45:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Oct 2020 11:45:14 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Tom?? Mr?z commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_436758859 Daiki, do you have any hints on how to inspect the record version in callbacks or at all? Because the version in the client hello message is not what interests us. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_436758859 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Oct 27 12:47:30 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Oct 2020 11:47:30 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Tom?? Mr?z commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_436760184 @dueno, I was looking around at the code and the only thing I could come up with was to try to hook into the client_push function and use some "heuristic" there to find where to look at into the raw data. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_436760184 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 29 01:19:27 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 29 Oct 2020 00:19:27 +0000 Subject: [gnutls-devel] GnuTLS | Memory leak when using client certificate auth with rehandshake and OCSP (#1107) References: Message-ID: remiolivier created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1107 Hi, ## Description of problem: When using GNUTLS to perform an HTTPS request with client certificate authentication, valgrind reports a memory leak issue in _gnutls_recv_server_certificate_status. There is no issue when the API is not asking for a rehandshake. ## Version of gnutls used: 3.6.15 but also in earlier versions. ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * The server API is enforcing rehandshake after the data has been sent by the client * Use the http client example with TLS and certificate authentication * the client is set up with either: gnutls_init(GNUTLS_CLIENT | GNUTLS_AUTO_REAUTH) or gnutls_init(GNUTLS_CLIENT | GNUTLS_NONBLOCK) and a step for rehandshake after write such as: ```cpp int ret = gnutls_record_recv(session, front.data(), front.size()); if (ret == GNUTLS_E_REHANDSHAKE && is_safe_renegotiation_enabled()) ret = gnutls_handshake(session); // ... other steps } ``` * valgrind --leak-check=full -v ./https_client ## Actual results: valgrind --leak-check=full -v ./https_client ``` ==9160== HEAP SUMMARY: ==9160== in use at exit: 1,762 bytes in 2 blocks ==9160== total heap usage: 15,866 allocs, 15,864 frees, 1,701,175 bytes allocated ==9160== ==9160== Searching for pointers to 2 not-freed blocks ==9160== Checked 314,840 bytes ==9160== ==9160== 1,762 (16 direct, 1,746 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 2 ==9160== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9160== by 0x4F44612: _gnutls_recv_server_certificate_status (status_request.c:497) ==9160== by 0x4E84914: handshake_client (handshake.c:3011) ==9160== by 0x4E84914: gnutls_handshake (handshake.c:2780) ``` ## Expected results: On rehandshake a malloc is performed in status_request.c in _gnutls_recv_server_certificate_status: info->raw_ocsp_list = gnutls_malloc(sizeof(gnutls_datum_t)); Whether or not it is already allocated. A check should be performed first and free or remove the previous allocated resources. ## Fix: * A quick fix I tested and removing all the memory leak for this case is as follow: status_request.c -> _gnutls_recv_server_certificate_status ```cpp // A handshake was already performed if (info->raw_ocsp_list != NULL) { for(i=0;inocsp;i++) gnutls_free(info->raw_ocsp_list[i].data); gnutls_free(info->raw_ocsp_list); } info->raw_ocsp_list = gnutls_malloc(sizeof(gnutls_datum_t)); ``` Thanks -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 29 06:25:23 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 29 Oct 2020 05:25:23 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) References: Message-ID: remiolivier created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 Project:Branches: remiolivier/gnutls:mem-leak-client-cert-auth-rehandshake-ocsp to gnutls/gnutls:master Author: remiolivier Fix memory leak with client certificate authentication when rehandshake with ocsp. On rehandshake a malloc is performed in status_request.c in _gnutls_recv_server_certificate_status: ```cpp info->raw_ocsp_list = gnutls_malloc(sizeof(gnutls_datum_t)); ``` Whether or not it is already allocated. A check should be performed first and free the previous allocated resources if any. Addresses bug: gnutls/gnutls#1107 ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 29 13:25:59 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 29 Oct 2020 12:25:59 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Sahana Prasad started a new discussion on tests/suite/mini-record-timing.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438267621 > - else > - fprintf(stderr, "Child died with status %d\n", > - WEXITSTATUS(status)); > + /* This code must be async-signal-safe. */ > + if (WIFSIGNALED(status)) { > + const char msg[] = "Child died with sigsegv\n"; > + write(STDERR_FILENO, "Child died with sigsegv\n", sizeof(msg)); > + } else { > + char buf[64] = { 0 }; > + char *p; > + > + p = stpcpy(buf, "Child died with status "); > + > + status = WEXITSTATUS(status) & 0377; > + if (status > 100) > + *p++ = '0' + status / 100; @dueno don't we need status = status % 100 after this line? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438267621 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 29 15:00:05 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 29 Oct 2020 14:00:05 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: All discussions on Merge Request !1345 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Oct 29 15:00:05 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 29 Oct 2020 14:00:05 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/suite/mini-record-timing.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438337734 > - else > - fprintf(stderr, "Child died with status %d\n", > - WEXITSTATUS(status)); > + /* This code must be async-signal-safe. */ > + if (WIFSIGNALED(status)) { > + const char msg[] = "Child died with sigsegv\n"; > + write(STDERR_FILENO, "Child died with sigsegv\n", sizeof(msg)); > + } else { > + char buf[64] = { 0 }; > + char *p; > + > + p = stpcpy(buf, "Child died with status "); > + > + status = WEXITSTATUS(status) & 0377; > + if (status > 100) > + *p++ = '0' + status / 100; Good catch, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438337734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 08:57:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 07:57:28 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Sahana Prasad started a new discussion on src/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438791716 > + /* encode username if it contains special characters */ > + if (strcspn(username, ":\n") != strlen(username)) { > + char *new_data; > + > + tmp.data = (void *)username; > + tmp.size = strlen(username); > + > + ret = gnutls_hex_encode2(&tmp, &_username); > + if (ret < 0) { > + fprintf(stderr, "HEX encoding error\n"); > + ret = -1; > + goto out; > + } > + > + /* prepend '#' */ > + new_data = gnutls_realloc(_username.data, _username.size + 1); shouldn't this be +2? one for '#' and one for '\0'? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438791716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 09:12:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 08:12:48 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: All discussions on Merge Request !1345 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 09:12:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 08:12:48 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438798874 > + /* encode username if it contains special characters */ > + if (strcspn(username, ":\n") != strlen(username)) { > + char *new_data; > + > + tmp.data = (void *)username; > + tmp.size = strlen(username); > + > + ret = gnutls_hex_encode2(&tmp, &_username); > + if (ret < 0) { > + fprintf(stderr, "HEX encoding error\n"); > + ret = -1; > + goto out; > + } > + > + /* prepend '#' */ > + new_data = gnutls_realloc(_username.data, _username.size + 1); Good catch indeed, fixed! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438798874 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 09:18:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 08:18:02 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Sahana Prasad started a new discussion on src/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438801562 > + fprintf(stderr, "HEX encoding error\n"); > + ret = -1; > + goto out; > + } > + > + /* prepend '#' */ > + new_data = gnutls_realloc(_username.data, _username.size + 2); > + if (!new_data) { > + ret = -1; > + goto out; > + } > + memmove(_username.data + 1, _username.data, _username.size); > + new_data[0] = '#'; > + new_data[_username.size] = '\0'; > + _username.data = (void *)new_data; > + _username.size += 1; @dueno maybe a +2 here as well? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438801562 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 09:28:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 08:28:33 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438807540 > + fprintf(stderr, "HEX encoding error\n"); > + ret = -1; > + goto out; > + } > + > + /* prepend '#' */ > + new_data = gnutls_realloc(_username.data, _username.size + 2); > + if (!new_data) { > + ret = -1; > + goto out; > + } > + memmove(_username.data + 1, _username.data, _username.size); > + new_data[0] = '#'; > + new_data[_username.size] = '\0'; > + _username.data = (void *)new_data; > + _username.size += 1; Hmm, I think we should keep the invariant that `.size` doesn't count the NULL terminator. Instead, we probably should omit `-1` in the below lines: ```c if (strncmp(p, (const char *) _username.data, MAX(_username.size - 1, (unsigned int) (pp - p))) == 0) { ``` though I have actually no idea why this is substring match. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438807540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 09:31:22 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 08:31:22 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Merge Request !1345 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 Project:Branches: dueno/gnutls:wip/dueno/psk-colon to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 09:31:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 08:31:16 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: All discussions on Merge Request !1345 were resolved by Sahana Prasad https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 09:58:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 08:58:09 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_438832905 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 09:58:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 08:58:14 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Merge Request !1345 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 Project:Branches: dueno/gnutls:wip/dueno/psk-colon to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 10:50:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 09:50:07 +0000 Subject: [gnutls-devel] GnuTLS | cannot use colon (':') in gnutls_psk_set_server_credentials_file file (#1103) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1345 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1345) Issue #1103: https://gitlab.com/gnutls/gnutls/-/issues/1103 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 10:50:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 09:50:07 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Merge Request !1345 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 Project:Branches: dueno/gnutls:wip/dueno/psk-colon to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 14:17:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 13:17:32 +0000 Subject: [gnutls-devel] GnuTLS | PKCS #12: switch default encryption to AES-256-CBC (!1348) References: Message-ID: Sahana Prasad created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1348 Project:Branches: sahprasa/gnutls:remove_3des to gnutls/gnutls:master Author: Sahana Prasad Assignee: Sahana Prasad Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code This PR fixes #799 The decryption algorithm for PKCS #12 is changed to AES-256-CBC from 3DES -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1348 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 14:23:52 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 13:23:52 +0000 Subject: [gnutls-devel] GnuTLS | PKCS #12: switch default encryption to AES-256-CBC (!1348) In-Reply-To: References: Message-ID: Merge Request !1348 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1348 Project:Branches: sahprasa/gnutls:remove_3des to gnutls/gnutls:master Author: Sahana Prasad Assignee: Sahana Prasad -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1348 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 15:44:26 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 14:44:26 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 was reviewed by Anderson Sasaki -- Anderson Sasaki started a new discussion on src/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_439063374 > + goto out; > + } > + memmove(_username.data + 1, _username.data, _username.size); I'm not sure, but shouldn't this ``memmove()`` use ``new_data + 1`` as the target instead of ``_username.data + 1``. My concern is because I believe the new allocated memory is not necessarily in the same address as the original pointer. -- Anderson Sasaki started a new discussion on src/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_439063380 > + memmove(_username.data + 1, _username.data, _username.size); > + new_data[0] = '#'; > + new_data[_username.size] = '\0'; Shouldn't the ``_username.size`` be incremented before assigning the closer ``'\0'``? Couldn't this unintentionally remove the last character? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 17:04:56 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 16:04:56 +0000 Subject: [gnutls-devel] GnuTLS | psktool: Fix hex-encoding logic of username (!1349) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1349 Project:Branches: dueno/gnutls:wip/dueno/psktool-realloc to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 17:06:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 16:06:42 +0000 Subject: [gnutls-devel] GnuTLS | psktool: encode username if it contains special character (!1345) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_439120769 > + tmp.size = strlen(username); > + > + ret = gnutls_hex_encode2(&tmp, &_username); > + if (ret < 0) { > + fprintf(stderr, "HEX encoding error\n"); > + ret = -1; > + goto out; > + } > + > + /* prepend '#' */ > + new_data = gnutls_realloc(_username.data, _username.size + 2); > + if (!new_data) { > + ret = -1; > + goto out; > + } > + memmove(_username.data + 1, _username.data, _username.size); Indeed, that's embarrassing :-) I've opened !1349 with a (hopefully) tighter logic. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_439120769 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 17:43:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 16:43:12 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) References: Message-ID: Norbert Pocs created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350 Project:Branches: npocs/gnutls:#1074 to gnutls/gnutls:master Author: Norbert Pocs When TLS1.3 is used with middlebox compatible mode, the session id should be filled with random session id, but remained empty. Fixes bug. Closes #1074 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Oct 30 20:48:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 30 Oct 2020 19:48:15 +0000 Subject: [gnutls-devel] GnuTLS | Replace fipshmac usage with our own HMAC functions (#1101) In-Reply-To: References: Message-ID: Ondrej Moris commented: I wrote a simple [replacement](https://gitlab.com/The-Mule/gnutls/-/commit/2af75ea0a84ae04e07d6e4a2570f849e1027ff56) of fipshmac. But I am wondering what would be the best place in gnutls directory structure to put it. Any suggestions? It is not really "extra" and it is not a test either, it is a simple utility used solely to generate hmacs during the build. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1101#note_439255103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 31 20:31:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 31 Oct 2020 19:31:48 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS connection get slow and fragmented (#1072) In-Reply-To: References: Message-ID: An0nl!br3 commented: I dont see or think this going to have any further discussion. Closing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1072#note_439458301 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Oct 31 20:31:51 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 31 Oct 2020 19:31:51 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS connection get slow and fragmented (#1072) In-Reply-To: References: Message-ID: Issue was closed by An0nl!br3 Issue #1072: https://gitlab.com/gnutls/gnutls/-/issues/1072 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1072 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: