From gnutls-devel at lists.gnutls.org Mon Aug 2 18:53:05 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Aug 2021 16:53:05 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 Project:Branches: dueno/gnutls:wip/dueno/tls13-rsa-pss-salt to gnutls/gnutls:master Author: Daiki Ueno In addition to the recommendation in RFC 4055, RFC 8446 (TLS 1.3) 4.2.3 mandates that, when making an RSA-PSS signature, the salt length must match the digest length. Fixes: #1258 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 04:51:28 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 02:51:28 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate, parse, and manipulate X25519 and X448 pubkeys, privkeys, and certificates (!1428) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: I've just pushed the branch rebased against `gnutls:master`. All tests pass for me on Debian unstable. Could i get a more in-depth review on this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1428#note_641476631 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 05:53:39 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 03:53:39 +0000 Subject: [gnutls-devel] GnuTLS | PKCS 12 generation wraps authSafe field in one layer of OCTET STRING instead of two (#1259) References: Message-ID: Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1259 Over on the IETF LAMPS list, [Ryan Sleevi writes](https://mailarchive.ietf.org/arch/msg/spasm/y4W34PY3aOM8L9mZZ-_2NH1Jogw/) that for PKCS12's authSafe objects, there needs to be two layers of OCTET STRING. > - 5652 requires that `id-data` be an OCTET STRING > - 7292 requires that the *contents* of that OCTET STRING be a BER-encoded value of type AuthenticatedSafe, expressed as an OCTET STRING But `certtool` produces a PKCS12 object with only one layer of OCTET STRING in each of these nested locations. The PKCS12 object produced by `certtool` is unimportable by some PKCS12 implementations, including `pk12util` from NSS and `Keychain Access` on Mac OS X. I believe this single layer of OCTET STRING is the reason. (Thunderbird is willing to import the PKCS12 object produced by `certtool` for some reason, perhaps it uses a different NSS codepath than `pk12util` does; but when Thunderbird re-exports a PKCS12 object, it produces the double-layer of OCTET STRING) Interestingly, it looks like `certtool --p12-info` can read a PKCS12 object whether it is wrapped in one layer or two layers of OCTET STRING. My ASN.1 capacity is not strong enough to figure out how to make `certtool` emit a double-wrapped layer of OCTET STRINGs in the right places. If anyone from GnuTLS can recommend how to do that, i'd be willing to try implementing it, but i'm lost right now. You can find a `certtool`-generated PKCS12 object (PEM-encoded) in [draft-ietf-lamps-samples-04](https://www.ietf.org/archive/id/draft-ietf-lamps-samples-04.html) that has only a single-layer of OCTET STRING. (i've been testing with the `bob.p12` object) The same set of keys and certs, laundered through importing into Thunderbird and then re-exporting, yields [bob.laundered.p12](/uploads/f1e616427bcea703a59607fe60fee5e1/bob.laundered.p12). Both p12 files have a password that is a three-letter ASCII string `bob`. Of course the encryption parameters change between the files as well. Here's an example of `pk12util` from NSS failing to import the `certtool`-generated file: ```console $ pk12util -i bob.p12 -d /home/dkg/tmp/tmp.R1CukyyEk3 -W bob -K bob pk12util: PKCS12 decoding failed: SEC_ERROR_BAD_DER: security library: improperly formatted DER-encoded message. pk12util: PKCS12 decoding failed: SEC_ERROR_BAD_DER: security library: improperly formatted DER-encoded message. pk12util: PKCS12 decode not verified: SEC_ERROR_BAD_DER: security library: improperly formatted DER-encoded message. pk12util: PKCS12 decode validate bags failed: SEC_ERROR_INVALID_ARGS: security library: invalid arguments. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1259 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 11:27:20 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 09:27:20 +0000 Subject: [gnutls-devel] GnuTLS | Use ASan manual poisoning instead of valgrind client request (#1260) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1260 In the CI, we use valgrind client requests (e.g., `VALGRIND_MAKE_MEM_UNDEFINED`) to mark potentially uninitialized data. As it takes long to run all the test programs under valgrind, it might make sense to replace those client requests with ASan, with [manual poisoning](https://github.com/google/sanitizers/wiki/AddressSanitizerManualPoisoning). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1260 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 13:02:15 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 11:02:15 +0000 Subject: [gnutls-devel] GnuTLS | devel: record cppcheck 2.5 false-positives (!1456) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1456 Project:Branches: dueno/gnutls:wip/dueno/cppcheck to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 14:18:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 12:18:26 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 Project:Branches: dueno/gnutls:wip/dueno/test-key-share-single to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 14:45:52 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 12:45:52 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641939725 > - > - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); > + gnutls_priority_set_direct(server, "NORMAL:+VERS-TLS1.3", NULL); `gnutls_set_default_priority(server);`? -- Alexander Sosedkin started a new discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641939730 > - global_init(); > - memset(buffer, 0, sizeof(buffer)); > + testname = name; Maybe keep the `success("== test %s ==\n", testname);`? -- Alexander Sosedkin started a new discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641939732 > > - if (gnutls_group_get(session) != exp_group) > - myfail("group doesn't match the expected: %s\n", gnutls_group_get_name(gnutls_group_get(session))); The check got lost. -- Alexander Sosedkin started a new discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641939736 > -} > - > +const char *side = ""; Seems underimplemented or something. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 15:01:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 13:01:30 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641956775 > #define myfail(fmt, ...) \ > fail("%s: "fmt, testname, ##__VA_ARGS__) > > -static void server_log_func(int level, const char *str) > -{ > - fprintf(stderr, "server|<%d>| %s", level, str); > -} > - > -static void client_log_func(int level, const char *str) > -{ > - fprintf(stderr, "client|<%d>| %s", level, str); > -} > - > +const char *side = ""; It's defined in `eagain-common.h`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641956775 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 15:04:32 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 13:04:32 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641959875 > - do { > - ret = gnutls_handshake(session); > - if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ > - break; > - } > - } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); > - > - if (ret < 0) > - myfail("handshake error: %s\n", gnutls_strerror(ret)); > + /* Init client */ > + gnutls_certificate_allocate_credentials(&ccred); > + assert(gnutls_certificate_set_x509_trust_mem > + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); > > - if (gnutls_group_get(session) != exp_group) > - myfail("group doesn't match the expected: %s\n", gnutls_group_get_name(gnutls_group_get(session))); Good catch, added it back. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641959875 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 15:06:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 13:06:04 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641962221 > + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, > GNUTLS_HOOK_BOTH, > client_hello_callback); > - ctx.group = exp_group; > + ctx.group = group; > ctx.ngroups = ngroups; > - gnutls_session_set_ptr(session, &ctx); > + gnutls_session_set_ptr(server, &ctx); > > /* avoid calling all the priority functions, since the defaults > * are adequate. > */ > - gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); > - > - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); > + gnutls_priority_set_direct(server, "NORMAL:+VERS-TLS1.3", NULL); Isn't it affected by system wide settings? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641962221 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 15:10:27 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 13:10:27 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641968071 > + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, > GNUTLS_HOOK_BOTH, > client_hello_callback); > - ctx.group = exp_group; > + ctx.group = group; > ctx.ngroups = ngroups; > - gnutls_session_set_ptr(session, &ctx); > + gnutls_session_set_ptr(server, &ctx); > > /* avoid calling all the priority functions, since the defaults > * are adequate. > */ > - gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); > - > - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); > + gnutls_priority_set_direct(server, "NORMAL:+VERS-TLS1.3", NULL); Right. And why not `gnutls_priority_set_direct(session, "NORMAL", NULL);`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_641968071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 15:51:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 13:51:00 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_642019763 > + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, > GNUTLS_HOOK_BOTH, > client_hello_callback); > - ctx.group = exp_group; > + ctx.group = group; > ctx.ngroups = ngroups; > - gnutls_session_set_ptr(session, &ctx); > + gnutls_session_set_ptr(server, &ctx); > > /* avoid calling all the priority functions, since the defaults > * are adequate. > */ > - gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); > - > - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); > + gnutls_priority_set_direct(server, "NORMAL:+VERS-TLS1.3", NULL); I suppose it's explicitly set for future proof (e.g., when TLS 1.3 is obsolete)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_642019763 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 15:56:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 13:56:04 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: All discussions on merge request !1457 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 15:56:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 13:56:03 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on tests/tls13/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_642026227 > + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, > GNUTLS_HOOK_BOTH, > client_hello_callback); > - ctx.group = exp_group; > + ctx.group = group; > ctx.ngroups = ngroups; > - gnutls_session_set_ptr(session, &ctx); > + gnutls_session_set_ptr(server, &ctx); > > /* avoid calling all the priority functions, since the defaults > * are adequate. > */ > - gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); > - > - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); > + gnutls_priority_set_direct(server, "NORMAL:+VERS-TLS1.3", NULL); Hm. OK then! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457#note_642026227 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 16:43:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 14:43:00 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Merge request !1457 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 Project:Branches: dueno/gnutls:wip/dueno/test-key-share-single to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 3 19:44:48 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Aug 2021 17:44:48 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) References: Message-ID: Sjors Provoost created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1261 On Ubuntu 21 with guile-3.0 (3.0.1+1-2), when building 3.6.16 from source, the `./configure --with-guile-site-dir=no --prefix=/usr` step complains Guile is not recent enough: ``` *** Detecting GNU Guile... checking whether building Guile bindings... yes *** *** Detecting GNU Guile... checking for guile-snarf... /usr/bin/guile-snarf checking for guild... /usr/bin/guild configure: checking for guile 3.0 configure: found guile 3.0 checking for guile-3.0... /usr/bin/guile-3.0 checking for Guile version >= 3.0... 3.0.1 checking for guild-3.0... (cached) /usr/bin/guild checking for guile-config-3.0... no checking for Guile site directory... /usr/share/guile/site/3.0 checking for Guile site-ccache directory using pkgconfig... /usr/lib/guile/3.0/site-ccache checking for Guile extensions directory... /usr/lib/guile/3.0/extensions checking for GUILE... yes checking whether GNU Guile is recent enough... no configure: WARNING: A sufficiently recent GNU Guile not found. Guile bindings not built. ``` I suspect that configure should have thrown an error a bit earlier, namely at the lack of `guile-config-3.0`. That would make it more obvious that the user needs to install that (in case of Ubuntu `guile-3.0-dev`). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 08:01:11 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 06:01:11 +0000 Subject: [gnutls-devel] GnuTLS | devel: suppress cppcheck 2.5 false-positives (!1456) In-Reply-To: References: Message-ID: Merge request !1456 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1456 Project:Branches: dueno/gnutls:wip/dueno/cppcheck to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 09:52:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 07:52:03 +0000 Subject: [gnutls-devel] GnuTLS | devel: suppress cppcheck 2.5 false-positives (!1456) In-Reply-To: References: Message-ID: Merge request !1456 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1456 Project:Branches: dueno/gnutls:wip/dueno/cppcheck to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 09:55:54 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 07:55:54 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Merge request !1457 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 Project:Branches: dueno/gnutls:wip/dueno/test-key-share-single to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 14:21:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 12:21:50 +0000 Subject: [gnutls-devel] GnuTLS | tests: tls13/key_share: rewrite as single process (!1457) In-Reply-To: References: Message-ID: Merge request !1457 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 Project:Branches: dueno/gnutls:wip/dueno/test-key-share-single to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 16:22:11 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 14:22:11 +0000 Subject: [gnutls-devel] GnuTLS | fips: allow arbitrary key size >= 2048 for RSA (!1453) In-Reply-To: References: Message-ID: Daiki Ueno commented: @smuellerDD would you mind reviewing it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453#note_643158059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 16:25:20 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 14:25:20 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: Daiki Ueno commented: @dwmw2 would you mind checking if this change seems to be sufficient? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_643161553 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 17:52:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 15:52:59 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate, parse, and manipulate X25519 and X448 pubkeys, privkeys, and certificates (!1428) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: hm, the UB+ASAN-Werror test run failed with this information: ``` testing 16 bytes from '/builds/dkg/gnutls/fuzz/gnutls_private_key_parser_fuzzer.in/10a5c92fa30ddb6cbb4286d7699b2b7a7e032b17' common.c:633:2: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x7f0369db2ea4 in _gnutls_x509_decode_string /builds/dkg/gnutls/lib/x509/common.c:633 #1 0x7f0369db5121 in _gnutls_x509_read_string /builds/dkg/gnutls/lib/x509/common.c:803 #2 0x7f0369e47024 in _decode_pkcs8_modern_ecdh_key /builds/dkg/gnutls/lib/x509/privkey_pkcs8.c:1159 #3 0x7f0369e47024 in decode_private_key_info /builds/dkg/gnutls/lib/x509/privkey_pkcs8.c:1518 #4 0x7f0369e4fd40 in gnutls_x509_privkey_import_pkcs8 /builds/dkg/gnutls/lib/x509/privkey_pkcs8.c:1636 #5 0x7f0369e3bc87 in gnutls_x509_privkey_import /builds/dkg/gnutls/lib/x509/privkey.c:584 #6 0x402497 in LLVMFuzzerTestOneInput /builds/dkg/gnutls/fuzz/gnutls_private_key_parser_fuzzer.c:39 #7 0x402992 in test_single_file /builds/dkg/gnutls/fuzz/main.c:68 #8 0x402b36 in test_all_from /builds/dkg/gnutls/fuzz/main.c:93 #9 0x402de6 in main /builds/dkg/gnutls/fuzz/main.c:130 #10 0x7f03689a5b74 in __libc_start_main (/lib64/libc.so.6+0x27b74) #11 0x4022dd in _start (/builds/dkg/gnutls/fuzz/.libs/lt-gnutls_private_key_parser_fuzzer+0x4022dd) FAIL gnutls_private_key_parser_fuzzer (exit status: 1) ``` That file contains the following 16 octets: ``` 00000000 30 0e 02 01 00 30 05 06 03 2b 65 6e 04 02 24 fa |0....0...+en..$.| 00000010 ``` which in ASN1 is: ``` 0 14: SEQUENCE { 2 1: INTEGER 0 5 5: SEQUENCE { 7 3: OBJECT IDENTIFIER curveX25519 (1 3 101 110) : } 12 2: OCTET STRING 24 FA : } 0 warnings, 0 errors. ``` So it is related to the subject material in this series. Not sure how to fix it yet though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1428#note_643275026 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 18:01:28 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 16:01:28 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate, parse, and manipulate X25519 and X448 pubkeys, privkeys, and certificates (!1428) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: And the fedora-abicoverage test suite failed with: ``` *** This is a resumed session Checking TLS 1.3 with resumption and HRR... RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument *** Fatal error: The TLS connection was non-properly terminated. *** Server has terminated the connection abnormally. *** This is a resumed session Checking TLS 1.3 with resumption with early data... RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument *** This is a resumed session Checking TLS 1.3 with resumption with early data... RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Failure: Failed FAIL testcompat-openssl-tls13-cli.sh (exit status: 1) ``` I don't understand this error at all. On my local system (debian testing), i saw this instead in `tests/suite/testcompat-openssl-tls13-cli.log`: ``` *** This is a resumed session Checking TLS 1.3 with resumption and HRR... *** Fatal error: The TLS connection was non-properly terminated. *** Server has terminated the connection abnormally. *** This is a resumed session Checking TLS 1.3 with resumption with early data... *** Fatal error: The TLS connection was non-properly terminated. *** Server has terminated the connection abnormally. *** This is a resumed session Checking TLS 1.3 with resumption with early data... Error reading early data 139682269095232:error:142140A4:SSL routines:early_data_count_ok:too much early data:../ssl/record/ssl3_record.c:142: *** This is a resumed session *** Received alert [10]: Unexpected message Checking TLS 1.3 to export keying material... shutdown accept socket *** Fatal error: The TLS connection was non-properly terminated. ./testcompat-openssl-tls13-cli.sh: line 296: kill: (122274) - No such process PASS testcompat-openssl-tls13-cli.sh (exit status: 0) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1428#note_643282230 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 18:03:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 16:03:42 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate, parse, and manipulate X25519 and X448 pubkeys, privkeys, and certificates (!1428) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1428#note_643284076 just noting that in my local setup (debian testing), i didn't see an error for this, only: ``` [?] testing 25 bytes from '/home/dkg/src/gnutls/gnutls/fuzz/gnutls_private_key_parser_fuzzer.in/40ab9b6de4e0965ddd11ccf3e05d2f7224fa6874' testing 16 bytes from '/home/dkg/src/gnutls/gnutls/fuzz/gnutls_private_key_parser_fuzzer.in/10a5c92fa30ddb6cbb4286d7699b2b7a7e032b17' testing 70 bytes from '/home/dkg/src/gnutls/gnutls/fuzz/gnutls_private_key_parser_fuzzer.in/db8ebabcbc64c82135c11eecb4f2db2974161176' [?] ``` But maybe i don't have the same bounds-checker/ASAN/whatever installed as the CI run does. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1428#note_643284076 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 4 22:11:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Aug 2021 20:11:19 +0000 Subject: [gnutls-devel] GnuTLS | fips: allow arbitrary key size >= 2048 for RSA (!1453) In-Reply-To: References: Message-ID: Stephan Mueller commented: Reviewed-by :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453#note_643441579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 5 02:13:53 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 00:13:53 +0000 Subject: [gnutls-devel] GnuTLS | certtool: unable to decrypt PKCS#8 object in batch mode (#1262) References: Message-ID: Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1262 [bob.p12.bag3.key](/uploads/ba1edd13ff5b401604b7a82a6dd001a9/bob.p12.bag3.key) is a PEM-encoded PKCS#8 encrypted private key object, protected with a three character ascii password `bob`. ``` certtool --key-info --password bob < bob.p12.bag3.key ``` produces another PKCS#8 encrypted private key object to stdout. but interactively: ``` certtool --key-info < bob.p12.bag3.key ``` prompts me for a password. when i supply the password at the prompt, the output is an *unencrypted* private key, with the usual full `--key-info` details. I'd like to be able to do that conversion in automated mode, rather than needing to enter the password at the terminal. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1262 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 5 10:00:26 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 08:00:26 +0000 Subject: [gnutls-devel] GnuTLS | fips: allow more RSA modulus sizes (!1453) In-Reply-To: References: Message-ID: Merge request !1453 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-key-size to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 5 10:00:47 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 08:00:47 +0000 Subject: [gnutls-devel] GnuTLS | fips: allow more RSA modulus sizes (!1453) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453#note_643735486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 5 13:39:39 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 11:39:39 +0000 Subject: [gnutls-devel] GnuTLS | fips: allow more RSA modulus sizes (!1453) In-Reply-To: References: Message-ID: Merge request !1453 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-key-size to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 5 14:41:36 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 12:41:36 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) started a new discussion on lib/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_644046643 > > if (flags & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) > params->salt_size = 0; > - else { > + else if (flags & GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH) { > + size_t hash_size = _gnutls_hash_get_algo_len(me); > + size_t key_size = (bits + 7) / 8; > + > + if (salt_size == 0) { 0 length salt size is actually a valid salt length it RSA-PSS signatures -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_644046643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 5 15:05:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 13:05:55 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 was reviewed by Hubert Kario (@mention me if you need reply) -- Hubert Kario (@mention me if you need reply) started a new discussion on lib/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_644075098 > + return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR); > + } > + if (salt_size > key_size - hash_size - 2) { this is duplicating the code from `_gnutls_find_rsa_pss_salt_size` -- Hubert Kario (@mention me if you need reply) started a new discussion on tests/rsa-rsa-pss.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_644075108 > + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa_pss, 0, 0, 0, 0); > + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, 0, 0, 0, 0); > + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa, 0, 0, 0, 0); what about keys that have RSA-PSS parameters encoded that limit what hashes and salt length they can be used with? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 5 15:48:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 13:48:10 +0000 Subject: [gnutls-devel] GnuTLS | PKCS 12 generation wraps authSafe field in one layer of OCTET STRING instead of two (#1259) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: I'm no longer convinced that this single layer of OCTET STRING is the cause of the interop failure, sorry. i've found other PKCS#12 objects that only have a single layer of OCTET STRING that *are* importable by Keychain Access, like [bob.openssl.p12](/uploads/35e2f62007c519911e0a7b5091114257/bob.openssl.p12), which was generated by: openssl pkcs12 -export -name bob -passout pass:bob \ -inkey bob.sign.key -in bob.sign.crt \ -certfile ca.rsa.cross.crt -out bob.openssl.p12 So there is something else that differs that i don't understand. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1259#note_644134451 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 5 15:56:12 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 13:56:12 +0000 Subject: [gnutls-devel] GnuTLS | certtool --to-p12 should place friendlyName on each certificate that matches a private key (#1263) References: Message-ID: Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1263 in `src/certtool.c`, in `generate_pkcs12(common_info_st * cinfo)`, we see: ``` if (i == 0) { /* only the first certificate gets the friendly name */ ``` But all the included private keys get the friendlyName attribute. (all keys and non-CA certs get the localKeyID attribute) Some PKCS#12 importers might try to match certs with private keys by matching friendlyName *and* localKeyID attributes. If one of the certs is missing the friendlyName and it has a corresponding private key, those importers might fail to find it. Granted, those importers could match just on the localKeyID attribute, but in that case there's no reason for the friendlyName attribute at all. If `certtool` is going to emit the `friendlyName` at all, it should: - if there are no private keys, apply the friendlyName only to the first certificate (as it currently does) - if there are private keys, it should apply the friendlyName to any certificate whose SPKI matches the public key corresponding to one of the private keys. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1263 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 6 01:40:54 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 23:40:54 +0000 Subject: [gnutls-devel] GnuTLS | PKCS 12 generation wraps authSafe field in one layer of OCTET STRING instead of two (#1259) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: sorry, there does not need to be two layers of OCTET string at all, *unless* we emit indefinite-form BER encoding, which is not recommended. I misunderstood Ryan's comment, which he [clarified here](https://mailarchive.ietf.org/arch/msg/spasm/bOv69FZzykRJZSlTvUTZWGF_MJ0/). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1259#note_644571568 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 6 01:40:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Aug 2021 23:40:55 +0000 Subject: [gnutls-devel] GnuTLS | PKCS 12 generation wraps authSafe field in one layer of OCTET STRING instead of two (#1259) In-Reply-To: References: Message-ID: Issue was closed by Daniel Kahn Gillmor Issue #1259: https://gitlab.com/gnutls/gnutls/-/issues/1259 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1259 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 6 10:46:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Aug 2021 08:46:41 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: All discussions on merge request !1455 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 6 10:46:42 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Aug 2021 08:46:42 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on lib/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_644831702 > + size_t key_size = (bits + 7) / 8; > + > + if (salt_size == 0) { Indeed, fixed. -- Daiki Ueno commented on a discussion on lib/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_644831706 > + return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR); > + } > + if (salt_size > key_size - hash_size - 2) { OK, made it rely more on that function. -- Daiki Ueno commented on a discussion on tests/rsa-rsa-pss.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_644831708 > + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa_pss, 0, 0, 0, 0); > + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, 0, 0, 0, 0); > + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa, 0, 0, 0, 0); Added that test as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 6 16:02:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Aug 2021 14:02:04 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: Merge request !1455 was approved by Hubert Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 Project:Branches: dueno/gnutls:wip/dueno/tls13-rsa-pss-salt to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 6 17:06:01 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Aug 2021 15:06:01 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455#note_645193299 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 6 17:06:06 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Aug 2021 15:06:06 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: Merge request !1455 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 Project:Branches: dueno/gnutls:wip/dueno/tls13-rsa-pss-salt to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 7 09:27:37 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Aug 2021 07:27:37 +0000 Subject: [gnutls-devel] GnuTLS | mem: instrument with ASan memory poisoning as well as valgrind (!1458) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 Project:Branches: dueno/gnutls:wip/dueno/asan-poisoning to gnutls/gnutls:master Author: Daiki Ueno This makes it possible to catch undefined memory access in the more lightweight CI runs. Fixes: #1260 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 7 11:15:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Aug 2021 09:15:00 +0000 Subject: [gnutls-devel] GnuTLS | TLSv1.3 RSA-PSS allows truncated salt in violation of RFC8446 (#1258) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1455 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1455) Issue #1258: https://gitlab.com/gnutls/gnutls/-/issues/1258 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1258 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 7 11:15:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Aug 2021 09:15:13 +0000 Subject: [gnutls-devel] GnuTLS | mem: instrument with ASan memory poisoning as well as valgrind (!1458) In-Reply-To: References: Message-ID: Merge request !1458 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 Project:Branches: dueno/gnutls:wip/dueno/asan-poisoning to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 7 11:15:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Aug 2021 09:15:00 +0000 Subject: [gnutls-devel] GnuTLS | pk: add flags to force RSA-PSS salt length to match digest length (!1455) In-Reply-To: References: Message-ID: Merge request !1455 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 Project:Branches: dueno/gnutls:wip/dueno/tls13-rsa-pss-salt to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 9 17:39:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Aug 2021 15:39:41 +0000 Subject: [gnutls-devel] GnuTLS | Support more SRTP profiles (AEAD_AES_256_GCM...) (#1266) References: Message-ID: Adrien B?raud created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1266 Hi, With WebRTC mandating DTLS-SRTP, and AES-192 and AES-256 becoming more common and increasingly expected by users, it would be great if GnuTLS could support more DTLS-SRTP profiles (currently only SRTP-128): https://gnutls.org/manual/html_node/SRTP.html For instance: SRTP_AEAD_AES_128_GCM SRTP_AEAD_AES_256_GCM https://datatracker.ietf.org/doc/html/rfc7714#section-14.2 SRTP_AES256_CM: https://tools.ietf.org/id/draft-lennox-avtcore-dtls-srtp-bigaes-01.html The later still not being a formal standard, but would still be useful to support, at least experimentally. Many thanks -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1266 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 10 13:12:14 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Aug 2021 11:12:14 +0000 Subject: [gnutls-devel] GnuTLS | mem: instrument with ASan memory poisoning as well as valgrind (!1458) In-Reply-To: References: Message-ID: Ondrej Moris started a new discussion on lib/stek.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458#note_647411426 > gnutls_datum_t *enc_key) > { > int retval; > - gnutls_datum_t key = { > - .data = session->key.session_ticket_key, > - .size = TICKET_MASTER_KEY_SIZE > - }; > + uint8_t *key_data; Are these changes around key_data/key intentional? I do not see any problem with that but I'd like to double check that it was not added to this PR by mistake. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458#note_647411426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 10 13:26:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Aug 2021 11:26:04 +0000 Subject: [gnutls-devel] GnuTLS | mem: instrument with ASan memory poisoning as well as valgrind (!1458) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/stek.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458#note_647422973 > gnutls_datum_t *enc_key) > { > int retval; > - gnutls_datum_t key = { > - .data = session->key.session_ticket_key, > - .size = TICKET_MASTER_KEY_SIZE > - }; > + uint8_t *key_data; Yes, that's intentional; although we could keep the original code structure, that adds more cppcheck false-positives after adding the calls to `_gnutls_memory_mark_defined` so I decided to simplify it along this MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458#note_647422973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 10 13:27:06 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Aug 2021 11:27:06 +0000 Subject: [gnutls-devel] GnuTLS | mem: instrument with ASan memory poisoning as well as valgrind (!1458) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 was reviewed by Ondrej Moris -- Ondrej Moris commented on a discussion on lib/stek.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458#note_647423739 > - .size = TICKET_MASTER_KEY_SIZE > - }; > + uint8_t *key_data; Thanks, in that case I have no further remarks. r+. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 10 14:26:05 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Aug 2021 12:26:05 +0000 Subject: [gnutls-devel] GnuTLS | Use ASan manual poisoning instead of valgrind client request (#1260) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit 8c14abad0210ae961dff9553c1872fc35e88e0d0 Issue #1260: https://gitlab.com/gnutls/gnutls/-/issues/1260 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1260 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 10 14:25:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Aug 2021 12:25:59 +0000 Subject: [gnutls-devel] GnuTLS | mem: instrument with ASan memory poisoning as well as valgrind (!1458) In-Reply-To: References: Message-ID: All discussions on merge request !1458 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 10 14:25:58 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Aug 2021 12:25:58 +0000 Subject: [gnutls-devel] GnuTLS | mem: instrument with ASan memory poisoning as well as valgrind (!1458) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/stek.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458#note_647479224 > gnutls_datum_t *enc_key) > { > int retval; > - gnutls_datum_t key = { > - .data = session->key.session_ticket_key, > - .size = TICKET_MASTER_KEY_SIZE > - }; > + uint8_t *key_data; Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458#note_647479224 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 10 14:26:05 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Aug 2021 12:26:05 +0000 Subject: [gnutls-devel] GnuTLS | mem: instrument with ASan memory poisoning as well as valgrind (!1458) In-Reply-To: References: Message-ID: Merge request !1458 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 Project:Branches: dueno/gnutls:wip/dueno/asan-poisoning to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 10 14:33:51 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Aug 2021 12:33:51 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS for Windows (#1267) References: Message-ID: xbotuk created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1267 The GnuTLS for Windows download links do not work here https://gnutls.org/download.html Also, the vcpkg is unable to build this due to C99 compiler and Libhogweed errors, see below ------------------ configure: WARNING: Compiler does not support C99. It may not be able to compile the project. configure: error: *** *** Libhogweed (nettle's companion library) 3.4.1 was not found. Note that you must compile nettle with gmp support. ------------------ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1267 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 11 19:12:28 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Aug 2021 17:12:28 +0000 Subject: [gnutls-devel] GnuTLS | ktls: basic implementation of SW mode (!1451) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_648901961 > + seq_number); > + if (ret < 0) { > + return GNUTLS_E_INTERNAL_ERROR; Why not just return `ret`? -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_648901974 > + mbuffer_st *bufel; > + > + if (type != GNUTLS_APPLICATION_DATA || _gnutls_record_buffer_get_size(session) <= 0) This function is only called from `_gnutls_ktls_recv_int`, which is called with `GNUTLS_ALERT` as type; so I suspect the following code might not be exercised. -- Daiki Ueno started a new discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_648901976 > #include "tls13/session_ticket.h" > #include "locks.h" > +#include nit: "system/ktls.h" -- Daiki Ueno started a new discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_648901980 > + ret = _gnutls_ktls_set_keys(session); > + if (ret < 0) > + return -1; Why not return `ret`? -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_648901988 > + (gnutls_cipher_get (session) != GNUTLS_CIPHER_AES_128_GCM && > + gnutls_cipher_get (session) != GNUTLS_CIPHER_AES_256_GCM)) { > + return 0; `GNUTLS_E_UNIMPLEMENTED_FEATURE` maybe? -- Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_648901999 > + */ > + > + if (gnutls_protocol_get_version (session) != GNUTLS_TLS1_3 || `GNUTLS_TLS1_2` is also supported? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 11 19:51:45 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Aug 2021 17:51:45 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) References: Message-ID: Craig created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 Project:Branches: trapperhoney/gnutls:master to gnutls/gnutls:master Author: Craig Include the ability to use pin/password callbacks when decoding an encrypted openssl private key. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 07:49:47 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 05:49:47 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/x509/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649250669 > /* use the callback if any */ > ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); > if (ret == 0) { I guess we could simply error out if `ret != 0`; otherwise `gnutls_x509_privkey_import_pkcs8` below would be called with the same arguments as above. -- Daiki Ueno started a new discussion on lib/x509/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649250676 > + /* use the callback if any */ > + ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); > + if (ret == 0) { Same issue as above. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 16:33:53 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 14:33:53 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented on a discussion on lib/x509/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649761128 > gnutls_x509_privkey_import_openssl(key, > data, > password); > + > + if (ret == GNUTLS_E_DECRYPTION_FAILED && > + password == NULL && (!(flags & GNUTLS_PKCS_PLAIN))) { > + /* use the callback if any */ > + ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); > + if (ret == 0) { done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649761128 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 16:33:43 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 14:33:43 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented on a discussion on lib/x509/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649760962 > password == NULL && (!(flags & GNUTLS_PKCS_PLAIN))) { > /* use the callback if any */ > ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); > if (ret == 0) { If by 'error out' you mean `goto cleanup`, I don't think that is safe. That would break the fallthrough behavior to process openssl encrypted private keys if pkcs8 processing fails. However, your point about an unnecessary call to `gnutls_x509_privkey_import_pkcs8` when the pin callback fails is valid. Further, this pattern of overwriting `password` with `pin` when processing a pin is also probably wrong. If the pin obtain when processing a pkcs8 payload fails to decrypt the payload, the original password supplied will never be used in the openssl fallthrough section. I've re-worked the pkcs8 section and the new openssl section I added to remove the unnecessary call when the pin callback fails and to also use the pin obtained directly (instead of overwriting the `password` variable). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649760962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 17:12:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 15:12:50 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: All discussions on merge request !1459 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 17:14:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 15:14:10 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the patch (and the update). It looks good to me, though for some reason CI doesn't start. Do you happen to have any clue on that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649813085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 17:18:59 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 15:18:59 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented: It seems to be trying to run with resources from my personal account? I'm not really familiar with gitlab work flows, but I'm guessing it's because I'm not a member of this project? I ran the `make check` tests locally and everything seems to pass. I'm not sure how that differs from what this CI pipline does, though... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649817471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 17:25:48 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 15:25:48 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented: > You have used 697 out of 400 of your shared Runners pipeline minutes. For more information, go to the [Runners page](https://gitlab.com/help/ci/runners/configure_runners.html#set-maximum-job-timeout-for-a-runner). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649823536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 17:29:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 15:29:30 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Merge request !1459 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 Project:Branches: trapperhoney/gnutls:master to gnutls/gnutls:master Author: Craig Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 17:28:28 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 15:28:28 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649826055 That's interesting. I was suspecting that this might be because your profile is private as I get 404 on https://gitlab.com/trapperhoney/gnutls. Do you see the pipeline running on your fork? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649826055 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 17:48:07 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 15:48:07 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented: I've updated the forked project to be public. Not sure why it defaulted to private... Do you know how I can try to manually trigger a new run? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649843589 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 12 21:02:15 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Aug 2021 19:02:15 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649972315 Thanks for the pointers and the review! Marking the project public seemed to allow the pipeline to run to completion. I _think_ the failures there are expected? They seem to be from files missing in the test environment: ``` Generating a 3072 bit RSA private key... Generating a self signed certificate... error loading file at --load-privkey: certtool-file1.13230.tmp: The requested data were not available. cert generation failed FAIL certtool.sh (exit status: 1) ``` and ``` Checking cache for debian/test-ver22... FATAL: file does not exist ``` Please let me know if these are safe to ignore. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_649972315 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 14 08:37:00 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 14 Aug 2021 06:37:00 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/x509/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651137502 > /* use the callback if any */ > ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); > if (ret == 0) { > - password = pin; > + ret = gnutls_x509_privkey_import_pkcs8(key, data, format, pin, flags); > } > - > - ret = > - gnutls_x509_privkey_import_pkcs8(key, data, format, > - password, flags); Sorry for the oversight during the review, but this change seems to modify the existing behavior, which is to use the provided `password` as PIN when `_gnutls_retrieve_pin` returns an error (either because no PIN callback is set or it reports error). So I suppose this part should be: ```c ret = _gnutls_retrieve_pin(...); if (ret == 0) { ret = gnutls_x509_privkey_import_pkcs8(..., pin, ...); } else { ret = gnutls_x509_privkey_import_pkcs8(..., password, ...); } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651137502 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 14 16:31:31 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 14 Aug 2021 14:31:31 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented on a discussion on lib/x509/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651192181 > /* use the callback if any */ > ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); > if (ret == 0) { > - password = pin; > + ret = gnutls_x509_privkey_import_pkcs8(key, data, format, pin, flags); > } > - > - ret = > - gnutls_x509_privkey_import_pkcs8(key, data, format, > - password, flags); Sorry if I'm missing something, but isn't the line in your proposed else statement what's happening on (unmodified) line 750? It tries the function-supplied password and then only tries the callback version if that failed and the GNUTLS_PKCS_PLAIN flag isn't set. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651192181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 14 20:08:38 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 14 Aug 2021 18:08:38 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/privkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651231767 > /* use the callback if any */ > ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); > if (ret == 0) { > - password = pin; > + ret = gnutls_x509_privkey_import_pkcs8(key, data, format, pin, flags); > } > - > - ret = > - gnutls_x509_privkey_import_pkcs8(key, data, format, > - password, flags); Oh, right; yes, that seems fine to me. Then I have no idea why the `certtool.sh` test is failing in the CI... :-( -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651231767 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 15 00:27:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 14 Aug 2021 22:27:30 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651255462 I tried running the pipeline again and got the same errors for certtool.sh, but only on the cross-compiled builds. It runs fine in the debian/test target and locally. Looking at that test script, it seems like it's failing to read the generated test pkcs8 file, which is encrypted with a password. That does seem suspicious in the context of this change, but I'm not sure how to debug it since it seems to work locally... How do you normally debug these cross-platform tests? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651255462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 15 17:00:06 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Aug 2021 15:00:06 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Port openconnect TPM2 code (!1460) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1460 Project:Branches: dueno/gnutls:wip/dueno/tpm2 to gnutls/gnutls:master Author: Daiki Ueno This resurrects @nmav's work at: https://gitlab.com/nmav/gnutls/-/commit/7127ba6d2ddbd1120771a5a3ec34b5178d26a17c with the following modifications: - Sync with the latest OpenConnect code that supports RSA-PSS, also use only the public interface of Nettle for RSA padding calculation - Add TCTI configuration through envvar - Various cleanups: use correct ASN.1 definition for the legacy key blob, properly use ESAPI memory management functions, etc. Fixes: #594 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1460 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 16 00:14:15 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Aug 2021 22:14:15 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: All discussions on merge request !1459 were resolved by Craig https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 16 00:14:11 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Aug 2021 22:14:11 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Craig commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651416324 The issue seemed to be related to the earlier suggestion of avoiding an extra call to `gnutls_x509_privkey_import_pkcs8`. When I revert that part of the change, the tests are happy. I think it's related to the fact that the function has a bunch of special cases for NULL passwords... I've uploaded a version that leaves it untouched and only includes the new openssl encrypted key change. Any objections to only merging that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651416324 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 16 07:35:25 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 Aug 2021 05:35:25 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Merge request !1459 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 Project:Branches: trapperhoney/gnutls:master to gnutls/gnutls:master Author: Craig Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 16 07:38:20 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 Aug 2021 05:38:20 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for looking into the CI failures and updating the patch; I agree that it is a good idea to start with the OpenSSL special case. Feel free to follow up with refactoring of the other parts :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_651504464 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 16 19:29:31 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 Aug 2021 17:29:31 +0000 Subject: [gnutls-devel] GnuTLS | Compilation time disabling of TLS 1.0, TLS 1.1 and DTLS 1.0 (#1268) References: Message-ID: Hubert Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1268 TLS 1.0, TLS 1.1 and DTLS 1.0 are only getting weaker and are used less and less. GnuTLS should provide a compilation time flag to disable support for those obsolete protocols so that they can't be used accidentally. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1268 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 16 20:33:21 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 Aug 2021 18:33:21 +0000 Subject: [gnutls-devel] GnuTLS | Compilation time disabling of TLS 1.0, TLS 1.1 and DTLS 1.0 (#1268) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks. While I know the scope is a bit different, I don't see the point of having a dedicated issue for this solution proposal (than #940). Could we discuss there (and hopefully someone could propose an MR)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1268#note_652197264 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 17 16:48:56 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 Aug 2021 14:48:56 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS for Windows (#1267) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you attach the `config.log` file? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1267#note_653067679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 17 18:59:40 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 Aug 2021 16:59:40 +0000 Subject: [gnutls-devel] GnuTLS | Compilation time disabling of TLS 1.0, TLS 1.1 and DTLS 1.0 (#1268) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1268: https://gitlab.com/gnutls/gnutls/-/issues/1268 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1268 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 09:36:22 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 07:36:22 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the report. Since the new Guile package detection macro (`GUILE_PKG`) only relies on `guile-config-*` for older versions, I think the lack of `guile-config-3.0` shouldn't matter. However, this indicates that `guile-3.0` pkgconfig file (which should be part of `guile-3.0-dev`) already exists on the system: ```console configure: checking for guile 3.0 configure: found guile 3.0 ``` What do you see if you do (without `guile-3.0-dev`): ```console pkg-config --exists guile-3.0; echo $? ``` ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_653661955 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 11:35:50 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 09:35:50 +0000 Subject: [gnutls-devel] GnuTLS | certtool: unable to decrypt PKCS#8 object in batch mode (#1262) In-Reply-To: References: Message-ID: Daiki Ueno commented: I agree that the batch mode behavior should be changed in this case, maybe by adding a special case to not re-encrypt in this occasion. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1262#note_653794467 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 11:39:02 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 09:39:02 +0000 Subject: [gnutls-devel] GnuTLS | certtool --to-p12 should place friendlyName on each certificate that matches a private key (#1263) In-Reply-To: References: Message-ID: Daiki Ueno commented: Is the suggested behavior already implemented in some crypto libs (e.g., OpenSSL, NSS, etc.)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1263#note_653797909 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 11:52:57 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 09:52:57 +0000 Subject: [gnutls-devel] GnuTLS | Certificate is considered as invalid if trust store contains CA cert with duplicating extensions (#1255) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the investigation, but I think it's an issue in the trust store setup; i.e., all the contained certs must be in a valid form (the dup-exts.pem is there only for the [negative test case](https://gitlab.com/gnutls/gnutls/-/blob/master/tests/cert-tests/x509-duplicate-ext.sh)). Wouldn't it be possible to adjust the trust store not to include such certs (I'm not sure how it's done on macOS)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1255#note_653811606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 12:19:11 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 10:19:11 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) In-Reply-To: References: Message-ID: Sjors Provoost commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_653838864 I ran "sudo apt remove guile-3.0-dev" followed by your command (without sudo). If returns 0. Sjors
... > Op 18 aug. 2021, om 09:36 heeft Daiki Ueno (@dueno) het volgende geschreven: > > Daiki Ueno commented : > > Thank you for the report. Since the new Guile package detection macro (GUILE_PKG) only relies on guile-config-* for older versions, I think the lack of guile-config-3.0 shouldn't matter. > > However, this indicates that guile-3.0 pkgconfig file (which should be part of guile-3.0-dev) already exists on the system: > > configure: checking for guile 3.0 > configure: found guile 3.0 > What do you see if you do (without guile-3.0-dev): > > pkg-config --exists guile-3.0; echo $? > ? > > ? > Reply to this email directly or view it on GitLab . > You're receiving this email because of your account on gitlab.com . If you'd like to receive fewer emails, you can unsubscribe from this thread or adjust your notification settings. >
-- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_653838864 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 13:45:56 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 11:45:56 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_653933058 That's interesting, because the .pc file for `guile-3.0` should be part of the `guile-3.0-dev` package. Do you see `guile-3.0.pc` in the standard pkgconfig path, e.g., `/usr/lib/x86_64-linux-gnu/pkgconfig` on the amd64 arch? If yes, perhaps you could check where it comes with: ```console dpkg -S /usr/lib/x86_64-linux-gnu/pkgconfig/guile-3.0.pc ``` If not, perhaps you have Guile 3.0 installed locally? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_653933058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 13:51:33 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 11:51:33 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) In-Reply-To: References: Message-ID: Sjors Provoost commented: Guile is in `/usr/bin/guile`, version 3.0.1. Note that I installed other things on my system since opening this ticket, including Guix, so perhaps it's not longer in the same state. `ls /usr/lib/x86_64-linux-gnu/pkgconfig | grep guile` returns nothing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_653941520 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 14:49:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 12:49:19 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_654020180 Then I can only suggest running `pkg-config --exists guile-3.0` under `strace`. If it indicates that `guile-3.0.pc` is loaded from a non-standard location, we can't do much from the gnutls side. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_654020180 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 15:02:25 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 13:02:25 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) In-Reply-To: References: Message-ID: Sjors Provoost commented: ``` $ strace pkg-config --exists guile-3.0 execve("/usr/bin/pkg-config", ["pkg-config", "--exists", "guile-3.0"], 0x7fffd6f02850 /* 23 vars */) = 0 brk(NULL) = 0x5575b05e7000 arch_prctl(0x3001 /* ARCH_??? */, 0x7ffc5241b220) = -1 EINVAL (Invalid argument) access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=99654, ...}) = 0 mmap(NULL, 99654, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f12e8841000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \333\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=1207920, ...}) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12e883f000 mmap(NULL, 1212872, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f12e8716000 mmap(0x7f12e8732000, 540672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f12e8732000 mmap(0x7f12e87b6000, 548864, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa0000) = 0x7f12e87b6000 mmap(0x7f12e883c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x125000) = 0x7f12e883c000 mmap(0x7f12e883e000, 456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f12e883e000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360q\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32 pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\t\233\222%\274\260\320\31\331\326\10\204\276X>\263"..., 68, 880) = 68 fstat(3, {st_mode=S_IFREG|0755, st_size=2029224, ...}) = 0 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32 pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\t\233\222%\274\260\320\31\331\326\10\204\276X>\263"..., 68, 880) = 68 mmap(NULL, 2036952, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f12e8524000 mprotect(0x7f12e8549000, 1847296, PROT_NONE) = 0 mmap(0x7f12e8549000, 1540096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f12e8549000 mmap(0x7f12e86c1000, 303104, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19d000) = 0x7f12e86c1000 mmap(0x7f12e870c000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f12e870c000 mmap(0x7f12e8712000, 13528, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f12e8712000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\"\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=465008, ...}) = 0 mmap(NULL, 467208, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f12e84b1000 mmap(0x7f12e84b3000, 331776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f12e84b3000 mmap(0x7f12e8504000, 122880, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x53000) = 0x7f12e8504000 mmap(0x7f12e8522000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x70000) = 0x7f12e8522000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\201\0\0\0\0\0\0"..., 832) = 832 pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\345Ga\367\265T\320\374\301V)Yf]\223\337"..., 68, 824) = 68 fstat(3, {st_mode=S_IFREG|0755, st_size=157224, ...}) = 0 pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\345Ga\367\265T\320\374\301V)Yf]\223\337"..., 68, 824) = 68 mmap(NULL, 140408, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f12e848e000 mmap(0x7f12e8495000, 69632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f12e8495000 mmap(0x7f12e84a6000, 20480, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7f12e84a6000 mmap(0x7f12e84ab000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f12e84ab000 mmap(0x7f12e84ad000, 13432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f12e84ad000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12e848c000 arch_prctl(ARCH_SET_FS, 0x7f12e848cb80) = 0 mprotect(0x7f12e870c000, 12288, PROT_READ) = 0 mprotect(0x7f12e84ab000, 4096, PROT_READ) = 0 mprotect(0x7f12e8522000, 4096, PROT_READ) = 0 mprotect(0x7f12e883c000, 4096, PROT_READ) = 0 mprotect(0x5575aea24000, 4096, PROT_READ) = 0 mprotect(0x7f12e8887000, 4096, PROT_READ) = 0 munmap(0x7f12e8841000, 99654) = 0 set_tid_address(0x7f12e848ce50) = 926503 set_robust_list(0x7f12e848ce60, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f12e8495bf0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f12e84a33c0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f12e8495c90, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12e84a33c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 brk(NULL) = 0x5575b05e7000 brk(0x5575b0608000) = 0x5575b0608000 openat(AT_FDCWD, "/usr/local/lib/x86_64-linux-gnu/pkgconfig", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/charset.alias", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=27002, ...}) = 0 mmap(NULL, 27002, PROT_READ, MAP_SHARED, 3, 0) = 0x7f12e8853000 close(3) = 0 futex(0x7f12e8711634, FUTEX_WAKE_PRIVATE, 2147483647) = 0 futex(0x7f12e883df38, FUTEX_WAKE_PRIVATE, 2147483647) = 0 futex(0x7f12e883df38, FUTEX_WAKE_PRIVATE, 2147483647) = 0 openat(AT_FDCWD, "/usr/local/lib/pkgconfig", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 getdents64(3, /* 4 entries */, 32768) = 128 stat("/usr/local/lib/pkgconfig/valgrind.pc", {st_mode=S_IFREG|0644, st_size=372, ...}) = 0 stat("/usr/local/lib/pkgconfig/libbitcoinconsensus.pc", {st_mode=S_IFREG|0644, st_size=298, ...}) = 0 getdents64(3, /* 0 entries */, 32768) = 0 close(3) = 0 openat(AT_FDCWD, "/usr/local/share/pkgconfig", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/pkgconfig", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0 getdents64(3, /* 214 entries */, 32768) = 7400 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xcb.pc", {st_mode=S_IFREG|0644, st_size=283, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/wayland-server.pc", {st_mode=S_IFREG|0644, st_size=324, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/expat.pc", {st_mode=S_IFREG|0644, st_size=238, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcre2-posix.pc", {st_mode=S_IFREG|0644, st_size=316, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-fc.pc", {st_mode=S_IFREG|0644, st_size=274, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/wayland-cursor.pc", {st_mode=S_IFREG|0644, st_size=241, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/egl.pc", {st_mode=S_IFREG|0644, st_size=188, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5OpenGL.pc", {st_mode=S_IFREG|0644, st_size=308, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gmp.pc", {st_mode=S_IFREG|0644, st_size=252, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpsx.pc", {st_mode=S_IFREG|0644, st_size=248, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Designer.pc", {st_mode=S_IFREG|0644, st_size=337, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xdmcp.pc", {st_mode=S_IFREG|0644, st_size=252, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcre32.pc", {st_mode=S_IFREG|0644, st_size=342, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/ncurses.pc", {st_mode=S_IFREG|0644, st_size=456, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/lapack.pc", {st_mode=S_IFREG|0644, st_size=267, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/ice.pc", {st_mode=S_IFREG|0644, st_size=238, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5UiPlugin.pc", {st_mode=S_IFREG|0644, st_size=297, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/openpgm-5.2.pc", {st_mode=S_IFREG|0644, st_size=372, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libglvnd.pc", {st_mode=S_IFREG|0644, st_size=256, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-tee.pc", {st_mode=S_IFREG|0644, st_size=251, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libxslt.pc", {st_mode=S_IFREG|0644, st_size=266, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/kj-http.pc", {st_mode=S_IFREG|0644, st_size=307, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/ibus-1.0.pc", {st_mode=S_IFREG|0644, st_size=303, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gmodule-no-export-2.0.pc", {st_mode=S_IFREG|0644, st_size=290, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/form.pc", {st_mode=S_IFREG|0644, st_size=451, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/ncursesw.pc", {st_mode=S_IFREG|0644, st_size=458, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Concurrent.pc", {st_mode=S_IFREG|0644, st_size=310, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/glx.pc", {st_mode=S_IFREG|0644, st_size=189, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gpgme.pc", {st_mode=S_IFREG|0644, st_size=329, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcre16.pc", {st_mode=S_IFREG|0644, st_size=342, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/x11.pc", {st_mode=S_IFREG|0644, st_size=302, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Gui.pc", {st_mode=S_IFREG|0644, st_size=275, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libacl.pc", {st_mode=S_IFREG|0644, st_size=236, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/panelw.pc", {st_mode=S_IFREG|0644, st_size=456, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libgit2.pc", {st_mode=S_IFREG|0644, st_size=267, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/pthread-stubs.pc", {st_mode=S_IFREG|0644, st_size=251, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/wayland-egl.pc", {st_mode=S_IFREG|0644, st_size=259, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xv.pc", {st_mode=S_IFREG|0644, st_size=257, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libfl.pc", {st_mode=S_IFREG|0644, st_size=181, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gio-unix-2.0.pc", {st_mode=S_IFREG|0644, st_size=249, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libcurl.pc", {st_mode=S_IFREG|0644, st_size=1910, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpulse-mainloop-glib.pc", {st_mode=S_IFREG|0644, st_size=362, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/python-3.8-embed.pc", {st_mode=S_IFREG|0644, st_size=307, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpng16.pc", {st_mode=S_IFREG|0644, st_size=271, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-xcb-shm.pc", {st_mode=S_IFREG|0644, st_size=260, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5PrintSupport.pc", {st_mode=S_IFREG|0644, st_size=338, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xxf86vm.pc", {st_mode=S_IFREG|0644, st_size=287, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/freetype2.pc", {st_mode=S_IFREG|0644, st_size=327, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libsodium.pc", {st_mode=S_IFREG|0644, st_size=264, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libattr.pc", {st_mode=S_IFREG|0644, st_size=249, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/blkid.pc", {st_mode=S_IFREG|0644, st_size=208, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/kadm-server.pc", {st_mode=S_IFREG|0644, st_size=306, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libbsd-ctor.pc", {st_mode=S_IFREG|0644, st_size=339, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libbsd-overlay.pc", {st_mode=S_IFREG|0644, st_size=302, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xrandr.pc", {st_mode=S_IFREG|0644, st_size=280, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libidn.pc", {st_mode=S_IFREG|0644, st_size=829, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/caca++.pc", {st_mode=S_IFREG|0644, st_size=261, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/glu.pc", {st_mode=S_IFREG|0644, st_size=247, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-ps.pc", {st_mode=S_IFREG|0644, st_size=260, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libarchive.pc", {st_mode=S_IFREG|0644, st_size=369, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/norm.pc", {st_mode=S_IFREG|0644, st_size=279, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/krb5.pc", {st_mode=S_IFREG|0644, st_size=343, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/yaml-0.1.pc", {st_mode=S_IFREG|0644, st_size=224, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libusb-1.0.pc", {st_mode=S_IFREG|0644, st_size=338, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/mit-krb5.pc", {st_mode=S_IFREG|0644, st_size=440, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/tic.pc", {st_mode=S_IFREG|0644, st_size=449, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/python-2.7.pc", {st_mode=S_IFREG|0644, st_size=263, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcre2-16.pc", {st_mode=S_IFREG|0644, st_size=358, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libjpeg.pc", {st_mode=S_IFREG|0644, st_size=302, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gnutls.pc", {st_mode=S_IFREG|0644, st_size=793, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/ncurses++.pc", {st_mode=S_IFREG|0644, st_size=480, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpulse-simple.pc", {st_mode=S_IFREG|0644, st_size=352, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5UiTools.pc", {st_mode=S_IFREG|0644, st_size=619, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/protobuf-lite.pc", {st_mode=S_IFREG|0644, st_size=283, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5DBus.pc", {st_mode=S_IFREG|0644, st_size=280, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gobject-2.0.pc", {st_mode=S_IFREG|0644, st_size=304, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libevent.pc", {st_mode=S_IFREG|0644, st_size=334, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xext.pc", {st_mode=S_IFREG|0644, st_size=257, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libevent_pthreads.pc", {st_mode=S_IFREG|0644, st_size=379, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-gobject.pc", {st_mode=S_IFREG|0644, st_size=308, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gnutls-dane.pc", {st_mode=S_IFREG|0644, st_size=738, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libssh2.pc", {st_mode=S_IFREG|0644, st_size=502, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/lmdb.pc", {st_mode=S_IFREG|0644, st_size=288, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gpg-error.pc", {st_mode=S_IFREG|0644, st_size=328, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gmodule-2.0.pc", {st_mode=S_IFREG|0644, st_size=271, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Widgets.pc", {st_mode=S_IFREG|0644, st_size=302, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/python2.pc", {st_mode=S_IFREG|0644, st_size=263, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/pixman-1.pc", {st_mode=S_IFREG|0644, st_size=238, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/icu-io.pc", {st_mode=S_IFREG|0644, st_size=1259, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xcb-shm.pc", {st_mode=S_IFREG|0644, st_size=235, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcre2-8.pc", {st_mode=S_IFREG|0644, st_size=355, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-pdf.pc", {st_mode=S_IFREG|0644, st_size=254, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-xcb.pc", {st_mode=S_IFREG|0644, st_size=279, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/mit-krb5-gssapi.pc", {st_mode=S_IFREG|0644, st_size=297, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/opengl.pc", {st_mode=S_IFREG|0644, st_size=212, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcreposix.pc", {st_mode=S_IFREG|0644, st_size=317, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-png.pc", {st_mode=S_IFREG|0644, st_size=251, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/formw.pc", {st_mode=S_IFREG|0644, st_size=454, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Help.pc", {st_mode=S_IFREG|0644, st_size=305, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libqrencode.pc", {st_mode=S_IFREG|0644, st_size=252, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/nettle.pc", {st_mode=S_IFREG|0644, st_size=301, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/readline.pc", {st_mode=S_IFREG|0644, st_size=327, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/blas-netlib.pc", {st_mode=S_IFREG|0644, st_size=246, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/wayland-scanner.pc", {st_mode=S_IFREG|0644, st_size=215, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gmpxx.pc", {st_mode=S_IFREG|0644, st_size=287, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libssh.pc", {st_mode=S_IFREG|0644, st_size=121, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/p11-kit-1.pc", {st_mode=S_IFREG|0644, st_size=831, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/slang.pc", {st_mode=S_IFREG|0644, st_size=295, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/kdb.pc", {st_mode=S_IFREG|0644, st_size=341, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/openssl.pc", {st_mode=S_IFREG|0644, st_size=235, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libcrypt.pc", {st_mode=S_IFREG|0644, st_size=389, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Core.pc", {st_mode=S_IFREG|0644, st_size=849, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/tracker-sparql-2.0.pc", {st_mode=S_IFREG|0644, st_size=592, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libtiff-4.pc", {st_mode=S_IFREG|0644, st_size=307, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libevent_extra.pc", {st_mode=S_IFREG|0644, st_size=301, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-ft.pc", {st_mode=S_IFREG|0644, st_size=271, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpulse.pc", {st_mode=S_IFREG|0644, st_size=346, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-svg.pc", {st_mode=S_IFREG|0644, st_size=251, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpng.pc", {st_mode=S_IFREG|0644, st_size=271, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-xlib.pc", {st_mode=S_IFREG|0644, st_size=261, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libbase58.pc", {st_mode=S_IFREG|0644, st_size=236, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xscrnsaver.pc", {st_mode=S_IFREG|0644, st_size=270, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/capnp-rpc.pc", {st_mode=S_IFREG|0644, st_size=279, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpq.pc", {st_mode=S_IFREG|0644, st_size=323, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/ncurses++w.pc", {st_mode=S_IFREG|0644, st_size=486, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/python-3.8.pc", {st_mode=S_IFREG|0644, st_size=298, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5OpenGLExtensions.pc", {st_mode=S_IFREG|0644, st_size=488, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/sdl.pc", {st_mode=S_IFREG|0644, st_size=614, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gl.pc", {st_mode=S_IFREG|0644, st_size=205, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xinerama.pc", {st_mode=S_IFREG|0644, st_size=270, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libtasn1.pc", {st_mode=S_IFREG|0644, st_size=1110, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libcrypto.pc", {st_mode=S_IFREG|0644, st_size=302, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Sql.pc", {st_mode=S_IFREG|0644, st_size=275, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/caca.pc", {st_mode=S_IFREG|0644, st_size=263, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/fontconfig.pc", {st_mode=S_IFREG|0644, st_size=453, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/uuid.pc", {st_mode=S_IFREG|0644, st_size=221, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libsepol.pc", {st_mode=S_IFREG|0644, st_size=248, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-script.pc", {st_mode=S_IFREG|0644, st_size=260, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/com_err.pc", {st_mode=S_IFREG|0644, st_size=288, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libcupsfilters.pc", {st_mode=S_IFREG|0644, st_size=368, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libzmq.pc", {st_mode=S_IFREG|0644, st_size=312, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/geoclue-2.0.pc", {st_mode=S_IFREG|0644, st_size=347, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/hogweed.pc", {st_mode=S_IFREG|0644, st_size=547, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/mount.pc", {st_mode=S_IFREG|0644, st_size=642, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/protobuf.pc", {st_mode=S_IFREG|0644, st_size=302, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/capnp-json.pc", {st_mode=S_IFREG|0644, st_size=292, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Network.pc", {st_mode=S_IFREG|0644, st_size=295, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcre.pc", {st_mode=S_IFREG|0644, st_size=337, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/sdl2.pc", {st_mode=S_IFREG|0644, st_size=693, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/glesv2.pc", {st_mode=S_IFREG|0644, st_size=207, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo.pc", {st_mode=S_IFREG|0644, st_size=470, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libssl.pc", {st_mode=S_IFREG|0644, st_size=281, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/python3.pc", {st_mode=S_IFREG|0644, st_size=298, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gssrpc.pc", {st_mode=S_IFREG|0644, st_size=289, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gthread-2.0.pc", {st_mode=S_IFREG|0644, st_size=240, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/dbus-1.pc", {st_mode=S_IFREG|0644, st_size=661, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/lapack-netlib.pc", {st_mode=S_IFREG|0644, st_size=267, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libudev.pc", {st_mode=S_IFREG|0644, st_size=546, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xfixes.pc", {st_mode=S_IFREG|0644, st_size=268, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gio-2.0.pc", {st_mode=S_IFREG|0644, st_size=749, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/sm.pc", {st_mode=S_IFREG|0644, st_size=254, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/sqlite3.pc", {st_mode=S_IFREG|0644, st_size=296, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/menuw.pc", {st_mode=S_IFREG|0644, st_size=454, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xkbcommon.pc", {st_mode=S_IFREG|0644, st_size=217, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/kadm-client.pc", {st_mode=S_IFREG|0644, st_size=310, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcrecpp.pc", {st_mode=S_IFREG|0644, st_size=275, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xt.pc", {st_mode=S_IFREG|0644, st_size=344, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libgcrypt.pc", {st_mode=S_IFREG|0644, st_size=592, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xi.pc", {st_mode=S_IFREG|0644, st_size=268, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/popt.pc", {st_mode=S_IFREG|0644, st_size=203, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libexslt.pc", {st_mode=S_IFREG|0644, st_size=311, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/cairo-xlib-xrender.pc", {st_mode=S_IFREG|0644, st_size=288, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/blas.pc", {st_mode=S_IFREG|0644, st_size=246, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/gmodule-export-2.0.pc", {st_mode=S_IFREG|0644, st_size=271, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/capnp.pc", {st_mode=S_IFREG|0644, st_size=312, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/glesv1_cm.pc", {st_mode=S_IFREG|0644, st_size=213, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/liblzma.pc", {st_mode=S_IFREG|0644, st_size=390, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/kj-async.pc", {st_mode=S_IFREG|0644, st_size=314, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xcb-render.pc", {st_mode=S_IFREG|0644, st_size=244, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/tinfo.pc", {st_mode=S_IFREG|0644, st_size=458, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libevent_core.pc", {st_mode=S_IFREG|0644, st_size=298, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/zlib.pc", {st_mode=S_IFREG|0644, st_size=265, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/menu.pc", {st_mode=S_IFREG|0644, st_size=451, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libcap.pc", {st_mode=S_IFREG|0644, st_size=222, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/glib-2.0.pc", {st_mode=S_IFREG|0644, st_size=425, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/krb5-gssapi.pc", {st_mode=S_IFREG|0644, st_size=222, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Xml.pc", {st_mode=S_IFREG|0644, st_size=275, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libxcrypt.pc", {st_mode=S_IFREG|0644, st_size=389, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libassuan.pc", {st_mode=S_IFREG|0644, st_size=331, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/kj-test.pc", {st_mode=S_IFREG|0644, st_size=303, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/vulkan.pc", {st_mode=S_IFREG|0644, st_size=268, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libidn2.pc", {st_mode=S_IFREG|0644, st_size=287, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libffi.pc", {st_mode=S_IFREG|0644, st_size=212, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libbsd.pc", {st_mode=S_IFREG|0644, st_size=264, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/jansson.pc", {st_mode=S_IFREG|0644, st_size=253, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/kj.pc", {st_mode=S_IFREG|0644, st_size=268, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/python3-embed.pc", {st_mode=S_IFREG|0644, st_size=307, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/icu-uc.pc", {st_mode=S_IFREG|0644, st_size=1291, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xau.pc", {st_mode=S_IFREG|0644, st_size=244, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xrender.pc", {st_mode=S_IFREG|0644, st_size=276, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libselinux.pc", {st_mode=S_IFREG|0644, st_size=274, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/xcursor.pc", {st_mode=S_IFREG|0644, st_size=324, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/icu-i18n.pc", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libevent_openssl.pc", {st_mode=S_IFREG|0644, st_size=379, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/panel.pc", {st_mode=S_IFREG|0644, st_size=453, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libxml-2.0.pc", {st_mode=S_IFREG|0644, st_size=308, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/wayland-client.pc", {st_mode=S_IFREG|0644, st_size=301, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/libpcre2-32.pc", {st_mode=S_IFREG|0644, st_size=358, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/alsa.pc", {st_mode=S_IFREG|0644, st_size=287, ...}) = 0 stat("/usr/lib/x86_64-linux-gnu/pkgconfig/Qt5Test.pc", {st_mode=S_IFREG|0644, st_size=292, ...}) = 0 getdents64(3, /* 0 entries */, 32768) = 0 close(3) = 0 openat(AT_FDCWD, "/usr/lib/pkgconfig", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 getdents64(3, /* 21 entries */, 32768) = 752 stat("/usr/lib/pkgconfig/samba-hostconfig.pc", {st_mode=S_IFREG|0644, st_size=290, ...}) = 0 stat("/usr/lib/pkgconfig/netapi.pc", {st_mode=S_IFREG|0644, st_size=275, ...}) = 0 stat("/usr/lib/pkgconfig/smbclient.pc", {st_mode=S_IFREG|0644, st_size=266, ...}) = 0 stat("/usr/lib/pkgconfig/dcerpc_server.pc", {st_mode=S_IFREG|0644, st_size=339, ...}) = 0 stat("/usr/lib/pkgconfig/samba-util.pc", {st_mode=S_IFREG|0644, st_size=296, ...}) = 0 stat("/usr/lib/pkgconfig/samdb.pc", {st_mode=S_IFREG|0644, st_size=250, ...}) = 0 stat("/usr/lib/pkgconfig/guile-lib-1.0.pc", {st_mode=S_IFREG|0644, st_size=392, ...}) = 0 stat("/usr/lib/pkgconfig/dcerpc.pc", {st_mode=S_IFREG|0644, st_size=304, ...}) = 0 stat("/usr/lib/pkgconfig/ndr_krb5pac.pc", {st_mode=S_IFREG|0644, st_size=334, ...}) = 0 stat("/usr/lib/pkgconfig/dcerpc_samr.pc", {st_mode=S_IFREG|0644, st_size=314, ...}) = 0 stat("/usr/lib/pkgconfig/ndr.pc", {st_mode=S_IFREG|0644, st_size=319, ...}) = 0 stat("/usr/lib/pkgconfig/guile-3.0.pc", {st_mode=S_IFREG|0644, st_size=775, ...}) = 0 stat("/usr/lib/pkgconfig/ndr_standard.pc", {st_mode=S_IFREG|0644, st_size=341, ...}) = 0 stat("/usr/lib/pkgconfig/samba-credentials.pc", {st_mode=S_IFREG|0644, st_size=346, ...}) = 0 stat("/usr/lib/pkgconfig/ndr_nbt.pc", {st_mode=S_IFREG|0644, st_size=304, ...}) = 0 stat("/usr/lib/pkgconfig/libR.pc", {st_mode=S_IFREG|0644, st_size=274, ...}) = 0 stat("/usr/lib/pkgconfig/wbclient.pc", {st_mode=S_IFREG|0644, st_size=294, ...}) = 0 stat("/usr/lib/pkgconfig/samba-policy.cpython-36m-x86_64-linux-gnu.pc", {st_mode=S_IFREG|0644, st_size=329, ...}) = 0 getdents64(3, /* 0 entries */, 32768) = 0 close(3) = 0 openat(AT_FDCWD, "/usr/share/pkgconfig", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 getdents64(3, /* 40 entries */, 32768) = 1488 stat("/usr/share/pkgconfig/shared-mime-info.pc", {st_mode=S_IFREG|0644, st_size=120, ...}) = 0 stat("/usr/share/pkgconfig/systemd.pc", {st_mode=S_IFREG|0644, st_size=2159, ...}) = 0 stat("/usr/share/pkgconfig/inputproto.pc", {st_mode=S_IFREG|0644, st_size=158, ...}) = 0 stat("/usr/share/pkgconfig/xineramaproto.pc", {st_mode=S_IFREG|0644, st_size=164, ...}) = 0 stat("/usr/share/pkgconfig/bigreqsproto.pc", {st_mode=S_IFREG|0644, st_size=162, ...}) = 0 stat("/usr/share/pkgconfig/dmxproto.pc", {st_mode=S_IFREG|0644, st_size=154, ...}) = 0 stat("/usr/share/pkgconfig/xkeyboard-config.pc", {st_mode=S_IFREG|0644, st_size=171, ...}) = 0 stat("/usr/share/pkgconfig/adwaita-icon-theme.pc", {st_mode=S_IFREG|0644, st_size=133, ...}) = 0 stat("/usr/share/pkgconfig/xtrans.pc", {st_mode=S_IFREG|0644, st_size=239, ...}) = 0 stat("/usr/share/pkgconfig/bash-completion.pc", {st_mode=S_IFREG|0644, st_size=328, ...}) = 0 stat("/usr/share/pkgconfig/xf86dgaproto.pc", {st_mode=S_IFREG|0644, st_size=160, ...}) = 0 stat("/usr/share/pkgconfig/glproto.pc", {st_mode=S_IFREG|0644, st_size=153, ...}) = 0 stat("/usr/share/pkgconfig/poppler-data.pc", {st_mode=S_IFREG|0644, st_size=166, ...}) = 0 stat("/usr/share/pkgconfig/renderproto.pc", {st_mode=S_IFREG|0644, st_size=160, ...}) = 0 stat("/usr/share/pkgconfig/xcmiscproto.pc", {st_mode=S_IFREG|0644, st_size=160, ...}) = 0 stat("/usr/share/pkgconfig/presentproto.pc", {st_mode=S_IFREG|0644, st_size=160, ...}) = 0 stat("/usr/share/pkgconfig/randrproto.pc", {st_mode=S_IFREG|0644, st_size=158, ...}) = 0 stat("/usr/share/pkgconfig/damageproto.pc", {st_mode=S_IFREG|0644, st_size=159, ...}) = 0 stat("/usr/share/pkgconfig/applewmproto.pc", {st_mode=S_IFREG|0644, st_size=162, ...}) = 0 stat("/usr/share/pkgconfig/iso-codes.pc", {st_mode=S_IFREG|0644, st_size=211, ...}) = 0 stat("/usr/share/pkgconfig/dri2proto.pc", {st_mode=S_IFREG|0644, st_size=154, ...}) = 0 stat("/usr/share/pkgconfig/dri3proto.pc", {st_mode=S_IFREG|0644, st_size=154, ...}) = 0 stat("/usr/share/pkgconfig/fixesproto.pc", {st_mode=S_IFREG|0644, st_size=189, ...}) = 0 stat("/usr/share/pkgconfig/xf86vidmodeproto.pc", {st_mode=S_IFREG|0644, st_size=170, ...}) = 0 stat("/usr/share/pkgconfig/scrnsaverproto.pc", {st_mode=S_IFREG|0644, st_size=166, ...}) = 0 stat("/usr/share/pkgconfig/xextproto.pc", {st_mode=S_IFREG|0644, st_size=156, ...}) = 0 stat("/usr/share/pkgconfig/videoproto.pc", {st_mode=S_IFREG|0644, st_size=157, ...}) = 0 stat("/usr/share/pkgconfig/recordproto.pc", {st_mode=S_IFREG|0644, st_size=161, ...}) = 0 stat("/usr/share/pkgconfig/xorg-sgml-doctools.pc", {st_mode=S_IFREG|0644, st_size=174, ...}) = 0 stat("/usr/share/pkgconfig/resourceproto.pc", {st_mode=S_IFREG|0644, st_size=164, ...}) = 0 stat("/usr/share/pkgconfig/udev.pc", {st_mode=S_IFREG|0644, st_size=61, ...}) = 0 stat("/usr/share/pkgconfig/kbproto.pc", {st_mode=S_IFREG|0644, st_size=152, ...}) = 0 stat("/usr/share/pkgconfig/fontutil.pc", {st_mode=S_IFREG|0644, st_size=259, ...}) = 0 stat("/usr/share/pkgconfig/compositeproto.pc", {st_mode=S_IFREG|0644, st_size=163, ...}) = 0 stat("/usr/share/pkgconfig/fontsproto.pc", {st_mode=S_IFREG|0644, st_size=158, ...}) = 0 stat("/usr/share/pkgconfig/xproto.pc", {st_mode=S_IFREG|0644, st_size=182, ...}) = 0 stat("/usr/share/pkgconfig/xf86driproto.pc", {st_mode=S_IFREG|0644, st_size=170, ...}) = 0 stat("/usr/share/pkgconfig/xf86bigfontproto.pc", {st_mode=S_IFREG|0644, st_size=170, ...}) = 0 getdents64(3, /* 0 entries */, 32768) = 0 close(3) = 0 openat(AT_FDCWD, "/usr/lib/pkgconfig/guile-3.0.pc", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=775, ...}) = 0 read(3, "prefix=/usr\nexec_prefix=/usr\nbin"..., 4096) = 775 read(3, "", 4096) = 0 close(3) = 0 exit_group(0) = ? +++ exited with 0 +++ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_654035996 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 15:11:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 13:11:41 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_654046161 What does the following command print? ```console dpkg -S /usr/lib/pkgconfig/guile-3.0.pc ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_654046161 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 18 15:13:03 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Aug 2021 13:13:03 +0000 Subject: [gnutls-devel] GnuTLS | Confusing error when guile-3.0-dev is absent (Ubuntu) (#1261) In-Reply-To: References: Message-ID: Sjors Provoost commented: ``` dpkg-query: no path found matching pattern /usr/lib/pkgconfig/guile-3.0.pc ``` (odd: `/usr/lib/pkgconfig/guile-3.0.pc` does exist) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1261#note_654048152 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Aug 22 08:43:55 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 Aug 2021 06:43:55 +0000 Subject: [gnutls-devel] GnuTLS | guile: Add 'gnutls_x509_crt_get_fingerprint', 'GNUTLS_DIG_SHA256' (!1461) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1461 Project:Branches: dueno/gnutls:wip/dueno/guile-fixes to gnutls/gnutls:master Author: Daiki Ueno Patches from Simon South in #1269. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 23 10:02:11 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Aug 2021 08:02:11 +0000 Subject: [gnutls-devel] GnuTLS | ktls: basic implementation of SW mode (!1451) In-Reply-To: References: Message-ID: All discussions on merge request !1451 were resolved by Franti?ek Kren?elok https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 24 10:28:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Aug 2021 08:28:13 +0000 Subject: [gnutls-devel] GnuTLS | ktls: basic implementation of SW mode (!1451) In-Reply-To: References: Message-ID: All discussions on merge request !1451 were resolved by Franti?ek Kren?elok https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Aug 25 21:39:02 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Aug 2021 19:39:02 +0000 Subject: [gnutls-devel] GnuTLS | INSTALL.md: Update documentation on building static library (!1462) References: Message-ID: Nick Child created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462 Project:Branches: nick-child-ibm/gnutls:build_docs to gnutls/gnutls:master Author: Nick Child Hello all, First off, please forgive me if I am doing this wrong, this is my first attempt at using Gitlab, I am used to using Github for source management and I could not find a mailing list for questions. Anyways, I was following along with the `INSTALL.md` to build an archive file but I believe the INSTALL documentation is a bit outdated. It seems that the static archive is only buildable with the flag `--enable-static`. The current documentation says that the default behavior is to build both static and shared libraries. After reading the NEWS file and checking out [this](https://gitlab.com/gnutls/gnutls/-/commit/a88eb79d88c53531c49d7cedfce2207f36ac8a9d) commit, it seems the default build process has changed. I noticed a similar documentation for building and installing Nettle but did not change it since it seems that those instructions are still true: Nettle will still build both static and shared files by default. Since this is just a documentation issue, I don't think there is much else to be done other than fixing the build instructions but please let me know if there is anything more I can do. Thanks, Nick ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 26 07:40:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Aug 2021 05:40:19 +0000 Subject: [gnutls-devel] GnuTLS | INSTALL.md: Update documentation on building static library (!1462) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on INSTALL.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462#note_661285973 > sudo make install > ``` > > -The commands above build and install the static archive (libgnutls.a), > -the shared object (libgnutls.so), and additional binaries such as certtool > -and gnutls-cli. > +The commands above build and install the shared object (libgnutls.so), > +and additional binaries such as certtool and gnutls-cli. To build the > +static archive (libgnutls.a), add --enable-static to the `.configure` `.configure` ? `./configure` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462#note_661285973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 26 07:43:04 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Aug 2021 05:43:04 +0000 Subject: [gnutls-devel] GnuTLS | INSTALL.md: Update documentation on building static library (!1462) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! Since this is a documentation-only change, you can also skip the whole CI run with [`[ci skip]`](https://docs.gitlab.com/ee/ci/yaml/#skip-pipeline). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462#note_661287036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 26 09:32:49 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Aug 2021 07:32:49 +0000 Subject: [gnutls-devel] GnuTLS | guile: Add 'gnutls_x509_crt_get_fingerprint', 'GNUTLS_DIG_SHA256' (!1461) In-Reply-To: References: Message-ID: Merge request !1461 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1461 Project:Branches: dueno/gnutls:wip/dueno/guile-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 26 19:22:29 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Aug 2021 17:22:29 +0000 Subject: [gnutls-devel] GnuTLS | INSTALL.md: Update documentation on building static library (!1462) In-Reply-To: References: Message-ID: All discussions on merge request !1462 were resolved by Nick Child https://gitlab.com/gnutls/gnutls/-/merge_requests/1462 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 26 19:54:34 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Aug 2021 17:54:34 +0000 Subject: [gnutls-devel] GnuTLS | INSTALL.md: Update documentation on building static library (!1462) In-Reply-To: References: Message-ID: Merge request !1462 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462 Project:Branches: nick-child-ibm/gnutls:build_docs to gnutls/gnutls:master Author: Nick Child Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Aug 26 19:56:41 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Aug 2021 17:56:41 +0000 Subject: [gnutls-devel] GnuTLS | INSTALL.md: Update documentation on building static library (!1462) In-Reply-To: References: Message-ID: Merge request !1462 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462 Project:Branches: nick-child-ibm/gnutls:build_docs to gnutls/gnutls:master Author: Nick Child Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 27 17:16:22 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Aug 2021 15:16:22 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 Project:Branches: asosedkin/gnutls:terminate-fixes to gnutls/gnutls:master Author: Alexander Sosedkin `terminate()` executed from the child process results in a `kill(0, SIGTERM)`, bringing the whole pgroup down. `exit(1)` should be called instead. In some cases it's not straightforward whether `terminate` is called from the parent or the child. Thus the second commit, adding a safeguard to `terminate` itself. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 27 17:36:10 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Aug 2021 15:36:10 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/tls13/prf-early.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_663050433 > { > int status = 0; > > - kill(child, SIGTERM); > - wait(&status); > + if (child) { If we replace all the occurrences of `terminate` with `exit` in child process, then I suppose adding `assert(child)` might make more sense? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_663050433 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Aug 27 17:48:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Aug 2021 15:48:24 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on tests/tls13/prf-early.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_663059996 > { > int status = 0; > > - kill(child, SIGTERM); > - wait(&status); > + if (child) { That'd be the case when all terminate-instead-of-exits-in-children scenarios are caught, they aren't. I've tried to catch the most common ones (`terminate() directly inside `client()` when `client()` is called in the child process), but in the process of doing that I've also noted at least one case where child is the server and at least one case where they swap roles and both called the same function calling terminate. Thus the generic safeguard. What would be the benefits of having an assert here? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_663059996 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Aug 28 08:02:24 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 Aug 2021 06:02:24 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/tls13/prf-early.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_663317229 > { > int status = 0; > > - kill(child, SIGTERM); > - wait(&status); > + if (child) { Given `kill(0, SIGTERM)` is an unexpected condition, I think it's worthwhile to mark it explicitly as a programming error, with `assert(child)`. On the other hand, if we allow the use of `terminate` even in child process, we probably don't need to replace the `terminate` calls with `exit`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_663317229 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 30 11:08:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Aug 2021 09:08:13 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on tests/tls13/prf-early.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_663898344 > { > int status = 0; > > - kill(child, SIGTERM); > - wait(&status); > + if (child) { OK, updated the safeguard to use `assert(child)` (01d3fa55d9). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_663898344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 30 18:28:13 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Aug 2021 16:28:13 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Merge request !1463 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 Project:Branches: asosedkin/gnutls:terminate-fixes to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 30 18:28:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Aug 2021 16:28:19 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: All discussions on merge request !1463 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 30 18:28:30 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Aug 2021 16:28:30 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the MR! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_664367560 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 30 18:28:37 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Aug 2021 16:28:37 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Merge request !1463 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 Project:Branches: asosedkin/gnutls:terminate-fixes to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 30 19:43:37 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Aug 2021 17:43:37 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Added one more commit addressing the CI findings: two tests don't use `terminate()` anymore, so I've removed it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463#note_664429882 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 30 19:46:53 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Aug 2021 17:46:53 +0000 Subject: [gnutls-devel] GnuTLS | tests/tls13/post-handshake-with-cert: avoid a race condition (!1464) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1464 Project:Branches: asosedkin/gnutls:fix-tls13-post-hanshake-with-cert to gnutls/gnutls:master Author: Alexander Sosedkin A server tries to close connection and kill the client after reauth. Client, in turn, attempts to send data in some cases. This patch makes the server wait for the client to terminate first. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1464 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Aug 30 20:12:52 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Aug 2021 18:12:52 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Merge request !1463 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 Project:Branches: asosedkin/gnutls:terminate-fixes to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 31 13:36:19 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 31 Aug 2021 11:36:19 +0000 Subject: [gnutls-devel] GnuTLS | Draft: fips: add functions to inspect thread-local FIPS operation state (!1465) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 Project:Branches: dueno/gnutls:wip/dueno/fipscontext to gnutls/gnutls:master Author: Daiki Ueno This adds support for "service indicator" as required in [FIPS140-3 IG 2.4C](https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf). The design document is available at: https://docs.google.com/document/d/1ePqdkYLVEFtoGkqr7gS1aBRnZRfoM-d2lbU5UgGGbhY/edit?usp=sharing ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Aug 31 20:37:57 2021 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 31 Aug 2021 18:37:57 +0000 Subject: [gnutls-devel] GnuTLS | Avoid tests killing entire process groups (!1463) In-Reply-To: References: Message-ID: Merge request !1463 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 Project:Branches: asosedkin/gnutls:terminate-fixes to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1463 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: