From gnutls-devel at lists.gnutls.org Tue Feb 1 09:17:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 08:17:03 +0000 Subject: [gnutls-devel] GnuTLS | Bump libgnutlsxx soname due to ABI break (!1528) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on m4/hooks.m4: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528#note_827504722 > + AC_SUBST(CXX_LT_CURRENT, 30) > AC_SUBST(CXX_LT_REVISION, 0) > AC_SUBST(CXX_LT_AGE, 1) The libtool [manual](https://www.gnu.org/software/libtool/manual/libtool.html#Updating-version-info) says: > 3. Programs may need to be changed, recompiled, and relinked in order > to use the new version. Bump CURRENT, set REVISION and AGE to 0. So I suppose it is safer to set `CXX_LT_AGE` to 0. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 1 09:56:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 08:56:41 +0000 Subject: [gnutls-devel] GnuTLS | Bump libgnutlsxx soname due to ABI break (!1528) In-Reply-To: References: Message-ID: Merge request !1528 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 Project:Branches: nanonyme/gnutls:bump-soname to gnutls/gnutls:master Author: Seppo Yli-Olli Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 1 09:56:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 08:56:47 +0000 Subject: [gnutls-devel] GnuTLS | Bump libgnutlsxx soname due to ABI break (!1528) In-Reply-To: References: Message-ID: All discussions on merge request !1528 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 1 09:56:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 08:56:50 +0000 Subject: [gnutls-devel] GnuTLS | Bump libgnutlsxx soname due to ABI break (!1528) In-Reply-To: References: Message-ID: Merge request !1528 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 Project:Branches: nanonyme/gnutls:bump-soname to gnutls/gnutls:master Author: Seppo Yli-Olli Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 1 09:56:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 08:56:59 +0000 Subject: [gnutls-devel] GnuTLS | Bump libgnutlsxx soname due to ABI break (!1528) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528#note_827559047 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 1 14:39:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 13:39:02 +0000 Subject: [gnutls-devel] GnuTLS | ABI break due to adding const qualifiers to some libgnutlsxx.so methods (#1318) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1528 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1528) Issue #1318: https://gitlab.com/gnutls/gnutls/-/issues/1318 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1318 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 1 14:39:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 13:39:02 +0000 Subject: [gnutls-devel] GnuTLS | Bump libgnutlsxx soname due to ABI break (!1528) In-Reply-To: References: Message-ID: Merge request !1528 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 Project:Branches: nanonyme/gnutls:bump-soname to gnutls/gnutls:master Author: Seppo Yli-Olli Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1528 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 1 20:55:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 19:55:29 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on src/certtool.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523#note_828505955 > + bits != 6144 && bits != 7680 && bits != 8192 && > + bits != 15360) { > + fprintf(stderr, "Note that the FIPS 186-4 key generation restricts keys to be known lengths (2048, 3072, etc)\n"); nit: "to be of known lengths" or "to known lengths" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 1 21:14:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Feb 2022 20:14:43 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) In-Reply-To: References: Message-ID: Merge request !1523 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-keygen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 2 07:18:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Feb 2022 06:18:50 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) In-Reply-To: References: Message-ID: All discussions on merge request !1523 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 2 07:19:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Feb 2022 06:19:06 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) In-Reply-To: References: Message-ID: Merge request !1523 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-keygen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 2 07:19:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Feb 2022 06:19:17 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523#note_828814586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 2 18:35:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Feb 2022 17:35:07 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: update Fedora images to Fedora 35 (!1527) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/nettle/gost/kuznyechik.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527#note_829687792 > { > uint8_t t[16]; > > + /* https://github.com/llvm/llvm-project/issues/53518 */ Could we also condition that on `__clang_major__` so that we don't forget about it and carry it forever? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527#note_829687792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 3 11:05:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Feb 2022 10:05:41 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: update Fedora images to Fedora 35 (!1527) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/gost/kuznyechik.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527#note_830325753 > { > uint8_t t[16]; > > + /* https://github.com/llvm/llvm-project/issues/53518 */ Good idea, added the condition. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527#note_830325753 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 3 11:55:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Feb 2022 10:55:27 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: update Fedora images to Fedora 35 (!1527) In-Reply-To: References: Message-ID: Merge request !1527 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 Project:Branches: dueno/gnutls:wip/dueno/fedora35 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 3 11:55:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Feb 2022 10:55:38 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: update Fedora images to Fedora 35 (!1527) In-Reply-To: References: Message-ID: All discussions on merge request !1527 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 3 12:51:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Feb 2022 11:51:43 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: update Fedora images to Fedora 35 (!1527) In-Reply-To: References: Message-ID: Merge request !1527 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 Project:Branches: dueno/gnutls:wip/dueno/fedora35 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 3 14:46:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Feb 2022 13:46:51 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: update Fedora images to Fedora 35 (!1527) In-Reply-To: References: Message-ID: Merge request !1527 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 Project:Branches: dueno/gnutls:wip/dueno/fedora35 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 3 15:30:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Feb 2022 14:30:42 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) In-Reply-To: References: Message-ID: Merge request !1523 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-keygen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 3 16:35:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Feb 2022 15:35:42 +0000 Subject: [gnutls-devel] GnuTLS | rsa_generate_fips186_4_keypair: accept a few more modulus sizes (!1523) In-Reply-To: References: Message-ID: Merge request !1523 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 Project:Branches: dueno/gnutls:wip/dueno/fips-rsa-keygen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 08:36:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 07:36:05 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_838162386 > + **/ > +int > +gnutls_compress_certificate_set_methods(gnutls_session_t session, const gnutls_datum_t * methods) I suggest making this function take an array of `gnutls_compression_method_t` instead of `gnutls_datum_t`: ```c int gnutls_compress_certificate_set_methods(gnutls_session_t session, const gnutls_compression_method_t * methods, size_t methods_count) ``` so we do not need conversion between `gnutls_datum_t` and `gnutls_compression_method_t` arrays. -- Daiki Ueno started a new discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_838162389 > + ret = _gnutls_compress(comp_method, comp.data, comp_bound, plain.data, plain.size); > + if (ret < 0) > + return gnutls_assert_val(ret); `comp.data` is leaking -- Daiki Ueno started a new discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_838162391 > + comp.size = ret; > + > + _gnutls_buffer_delete_data(buf, cert_pos_mark, plain.size); Can we just set `buf->length = cert_pos_mark` (or `buf->length -= plain.size`), instead of exposing `_gnutls_buffer_delete_data` as an internal API? -- Daiki Ueno started a new discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_838162393 > + > + for (unsigned i = 0; i < methods->size; ++i) { > + tmp = _gnutls_compress_certificate_method2num(algs[i]); What if `algs` contains unknown or unimplemented algorithm? Should this function return `GNUTLS_E_INVALID_REQUEST`? -- Daiki Ueno started a new discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_838162400 > + gnutls_compression_method_t comp_method; > + > + ret = _gnutls_buffer_pop_prefix16(buf, &method_num, 0); Why not set the 3rd argument `check`? -- Daiki Ueno started a new discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_838162404 > + > + for (unsigned i = 0; i < algs_size && method == GNUTLS_COMP_UNKNOWN; ++i) > + for (unsigned j = 0; j < priv_algs_size && method == GNUTLS_COMP_UNKNOWN; ++j) It might make sense to support peer's precedence (e.g., checking `session->internals.priorities->server_precedence`)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 08:39:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 07:39:32 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks great in general; I've tried to connect to facebook.com with the following change: ```diff diff --git a/src/cli.c b/src/cli.c index 5378b72256..66bc67eb9f 100644 --- a/src/cli.c +++ b/src/cli.c @@ -723,6 +723,8 @@ gnutls_session_t init_tls_session(const char *host) int ret; unsigned i; gnutls_session_t session; + gnutls_compression_method_t algs[] = { GNUTLS_COMP_ZLIB }; + gnutls_datum_t methods = { (unsigned char *)algs, 1 }; if (udp) { gnutls_init(&session, GNUTLS_DATAGRAM | init_flags); @@ -731,6 +733,12 @@ gnutls_session_t init_tls_session(const char *host) } else gnutls_init(&session, init_flags); + ret = gnutls_compress_certificate_set_methods(session, &methods); + if (ret < 0) { + fprintf(stderr, "Could not set certificate compression methods: %s\n", gnutls_strerror(ret)); + exit(1); + } + if (priorities == NULL) { ret = gnutls_set_default_priority(session); if (ret < 0) { ``` Perhaps it might be useful to have an option, say `--compress-cert=METHODS`, for `gnutls-cli` and `gnutls-serv` for interop testing? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_838165199 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 09:48:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 08:48:52 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: fix nettle installation path (!1492) In-Reply-To: References: Message-ID: Merge request !1492 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1492 Project:Branches: dueno/gnutls:wip/dueno/nettle-master to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1492 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 09:49:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 08:49:08 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: fix nettle installation path (!1492) In-Reply-To: References: Message-ID: Daiki Ueno commented: Merging without approval as it's a CI-only change. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1492#note_838237989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 10:18:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 09:18:36 +0000 Subject: [gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320) References: Message-ID: Patrik Lundquist created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1320 ## Description of problem: Using `certtool --sec-param high` per recommendation from certtool generates a smaller key than expected. ## Version of gnutls used: 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: ``` certtool --generate-privkey --bits=4096 --outfile some.key ** Note: You may use '--sec-param High' instead of '--bits 4096' Generating a 4096 bit RSA private key... ``` OK, lets use `--sec-param high` instead of `--bits=4096`. ## Actual results: ``` certtool --generate-privkey --sec-param high --outfile some.key Generating a 3072 bit RSA private key... ``` ## Expected results: ``` certtool --generate-privkey --sec-param high --outfile some.key Generating a 4096 bit RSA private key... ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 10:40:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 09:40:02 +0000 Subject: [gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320) In-Reply-To: References: Message-ID: Daniel Lublin commented: I read the code in `src/certtool-common.c` and `lib/algorithms/secparams.c`. The functions used to find and (based on passed bits) suggest a named sec-param classifies `3072 >= bits < 8192` as "High". But "High" is precisely 3072 bits when passed as sec-param. So user passed 4096 bits, but is suggested to pass something which gives 3072 bits instead. That's really not helpful. One could imagine trying to make the suggestion better, adding more complexity to this code. But what should it do -- avoid suggesting a sec-param if passed bits is "well above" a particular sec-param? Or suggest the next higher sec-param? Which in this case would be "Ultra" at 8192 bits. I really don't know anything about the rationale behind sec-param. Perhaps the suggestion of "High" here is by design. But my gut feeling says different. Rather than making this more complex, I'd vote for removing the suggestion alltogether (or perhaps reverting to the previous version, which just suggested that --sec-param be used instead of --bits). Pinging @nmav touched this code last. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320#note_838307540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 10:52:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 09:52:20 +0000 Subject: [gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Bits are algorithm-specific and one cannot expect users such as system administrators to know the necessary number of bits for an algorithm. I've heard 128-bit RSA too many times. The intention of the sec-param is to allow the administrator to set security levels (low,medium,high) that will resonate. My view is that people who prefer to use the bits should continue doing so but they should be aware there is a more user-friendly equivalent. If the output message is not good enough let's improve just that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320#note_838327774 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 11:08:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 10:08:23 +0000 Subject: [gnutls-devel] GnuTLS | Draft: doc/examples: retry on sending in echo servers (!1529) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1529 Project:Branches: asosedkin/gnutls:examples-retrying to gnutls/gnutls:master Author: Alexander Sosedkin I've noticed that the examples don't handle `GNUTLS_E_INTERRUPTED`/`GNUTLS_E_AGAIN` the way the `gnutls_record_send` prescribe, likely an omission in ca86194b50559abc99d1429dfa7c5f9f78997d9e. I've sketched up what I'd like to see changed about it for one of the echo servers: * `LOOP_CHECK` on echoing back * rename `LOOP_CHECK` to not give an impression that it asserts non-negative retcodes * `CHECK` separately after using this construct where applicable but there are many of them, so I'm deferring this work. Will be happy if somebody else picks it up or points out problems with the proposed changes. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1529 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 11:20:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 10:20:03 +0000 Subject: [gnutls-devel] GnuTLS | certtool: only suggest --sec-param if bits matches exactly (!1530) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1530 Project:Branches: dueno/gnutls:wip/dueno/certtool-pk to gnutls/gnutls:master Author: Daiki Ueno Previously, when generating an RSA key with --bits=4096, certtool suggested: ```console ** Note: You may use '--sec-param High' instead of '--bits 4096' ``` while the effect is not exactly the same: '--sec-param High' implies 3072 bits. This adds a check whether the --sec-param argument matches the actual bit length and otherwise omit the warning. Fixes: #1320 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1530 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 11:20:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 10:20:42 +0000 Subject: [gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the report; my take is something like !1530. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320#note_838374003 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 13:30:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 12:30:18 +0000 Subject: [gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320) In-Reply-To: References: Message-ID: Patrik Lundquist commented: Won't security level "high" increase to 4096 bits in the future? If so they are different concepts and not interchangeable in the long run. How about simply dropping the suggestion? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320#note_838551902 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 15:53:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 14:53:12 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @trapperhoney This caused a regression in ocserv test suite. Looking closely this patch, when there was a password and no password was provided it would previously return GNUTLS_E_DECRYPTION_FAILED, while now it will return a different error code. I'm attaching a reproducer. [reproducer.c](/uploads/e800ea559832aa31bac0f42f17c61bc9/reproducer.c) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_838756683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 15:53:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 14:53:31 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: fix nettle installation path (!1492) In-Reply-To: References: Message-ID: Merge request !1492 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1492 Project:Branches: dueno/gnutls:wip/dueno/nettle-master to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1492 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 15:56:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 14:56:06 +0000 Subject: [gnutls-devel] GnuTLS | x509: regression in the error code returned on encrypted files (#1321) References: Message-ID: Nikos Mavrogiannopoulos created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1321 The change in https://gitlab.com/gnutls/gnutls/-/merge_requests/1459 had an inadvertent side-effect. When one would rely on `gnutls_x509_privkey_import2()` error codes to detect encrypted files, after the patch the error code returned for encrypted from `GNUTLS_E_DECRYPTION_FAILED` to `GNUTLS_E_PIN_ERROR`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1321 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 15:56:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 14:56:21 +0000 Subject: [gnutls-devel] GnuTLS | x509: pin/password callback support for openssl encrypted private keys (!1459) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I've created https://gitlab.com/gnutls/gnutls/-/issues/1321 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1459#note_838761779 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 15:57:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 14:57:03 +0000 Subject: [gnutls-devel] GnuTLS | x509: regression in the error code returned on encrypted files (#1321) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I'm attaching a reproducer. [reproducer.c](/uploads/6e07508f5382705ca14d41d5ad0c68ed/reproducer.c) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1321#note_838762683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 16:17:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 15:17:16 +0000 Subject: [gnutls-devel] GnuTLS | x509: regression in the error code returned on encrypted files (#1321) In-Reply-To: References: Message-ID: Craig commented: The simplest fix would be to simply translate GNUTLS_E_PKCS11_PIN_ERROR into GNUTLS_E_DECRYPTION_FAILED where my patch calls _gnutls_retrieve_pin. Though, it would be unfortunate to mask that error in the case one of the pin callbacks actually returns that error. A better fix would be to only call _gnutls_retrieve_pin if a pin callback is actually registered. I don't see a clean way of doing that without duplicating the callback existence checks that exist in _gnutls_retrieve_pin... Yet another option would be to modify _gnutls_retrieve_pin to take another argument representing the error code it should return when no callbacks are registered... Thoughts? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1321#note_838791050 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 17:41:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 16:41:05 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: tighten algorithm checks under FIPS (!1531) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 Project:Branches: dueno/gnutls:wip/dueno/fips-pkcs12 to gnutls/gnutls:master Author: Daiki Ueno This adds a couple of fixes to PKCS#12 export. First is to mark the PKCS#12 MAC operation non-approved (through the service indicator), because the PKCS#12 KDF is not approved. The other is to make algorithm check take effect when encrypting bags. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 10 23:04:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Feb 2022 22:04:53 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.16.3: building of guile bindings fails on macOS with Xcode 13: file not found (#1322) References: Message-ID: Eric Gallager created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1322 ## Description of problem: See this downstream issue I filed with the MacPorts bug tracker: https://trac.macports.org/ticket/64628 (which they then told me to move upstream) Basically, dynamic linking of guile objects built for the guile bindings fails due to a missing file; I'm not sure what it is, though... ## Version of gnutls used: 3.16.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) MacPorts ## How reproducible: Steps to Reproduce: * install MacPorts on an x86_64 Mac with Xcode 13 * do `sudo port -udc install gnutls +dane+guile` * observe build failure ## Actual results: build failure with message: ``` ice-9/boot-9.scm:752:25: In procedure dispatch-exception: In procedure dynamic-link: file: "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_devel_gnutls/gnutls/work/gnutls-3.6.16/guile/src/guile-gnutls-v-2", message: "file not found" ``` (full build log available in downstream bug) ## Expected results: build completes successfully -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 11 07:21:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Feb 2022 06:21:40 +0000 Subject: [gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320) In-Reply-To: References: Message-ID: Daniel Lublin commented: Thanks all for your input. To both suggest the use of sec-param, and at the same time advice against passing too few bits, we could do like this: If bits **<** "medium" (currently 2048), then say: `"'--bits N' are on the low side, you are suggested to use (at least) '--sec-param medium' instead` (Could also suggest sec-param medium if exactly medium number of bits passed.) If bits **<=** "high" (3072), then say: `"You are suggested to use '--sec-param high' instead of '--bits N'"` If bits are larger, we don't suggest anything, assuming that user prefers bits and knows what they are doing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320#note_839424126 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 11 10:46:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Feb 2022 09:46:46 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_protocol_set_enabled struggles with enabling originally disabled protocols (#1307) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: I suppose this should be generalized to "new allowlisting API calls do not regenerate TLS priority string". Works both ways: something unblocked later won't be negotiated and something blocked later will be still considered for negotiation and fail hard. One way out of it could be embracing it, actually. We can restrict the API usage, defer setting custom TLS priority strings and make the configuration strictly serial, layer-by-layer: config loading happens first, new API calls happen second (only allowed until the first gnutls_init), setting custom TLS priority strings comes third. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1307#note_839618685 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 11 16:05:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Feb 2022 15:05:13 +0000 Subject: [gnutls-devel] GnuTLS | Increase Guile version to 3.0 (!1532) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1532 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Increase Guile version from 2.2 to 3.0 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1532 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 11 16:16:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Feb 2022 15:16:38 +0000 Subject: [gnutls-devel] GnuTLS | Increase Guile version to 3.0 (!1532) In-Reply-To: References: Message-ID: Daiki Ueno commented: @ZoltanFridrich thank you! @civodul @ametzler does this change sound OK, or do we still need to keep Guile 2 compatibility? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1532#note_840058775 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 12 07:17:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Feb 2022 06:17:02 +0000 Subject: [gnutls-devel] GnuTLS | Increase Guile version to 3.0 (!1532) In-Reply-To: References: Message-ID: Andreas Metzler commented: Could you elaborate what problem your patch is trying to solve? It seems to mix up two unrelated changes: - change the guile version that is used for some fedora CI jobs - bump the version of the guile gnutls module. (Which afaik is **not** the version of Guile a specific binary distribution of gnutls-guile was built against, then it should be dynamically.) TIA, cu Andreas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1532#note_840573116 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 14 17:05:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Feb 2022 16:05:04 +0000 Subject: [gnutls-devel] GnuTLS | gnutls restricts TLSv1.3 identity to 128 characters (#1323) References: Message-ID: Hannes Reinecke created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1323 gnutls has a hard limit of 128 characters in the TLS PSK username. While this is mandatory for RFC 4279, this is a _lower_ bound on the length of the username. And TLS 1.3 does not impose such a limit, causing gnutls to fail when attempting to use longer usernames (eg as mandated by NVMe 2.0): ~~~ Using PSK identity 'NVMe0R01 nqn.2014-08.org.nvmexpress:uuid:13c0fc1d-adba-42b0-8121-c5034971d2a4 nqn.2014-08.org.nvmexpress:uuid:62f37f51-0cc7-46d5-9865-4de22e81bd9d' ./../auth/psk.h:74: _gnutls_copy_psk_username: Assertion `sizeof(info->username) > username->size' failed. ~~~ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1323 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 14 19:45:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Feb 2022 18:45:03 +0000 Subject: [gnutls-devel] GnuTLS | Draft: restrict allowlisting api to before priority string initialization (!1533) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 Project:Branches: asosedkin/gnutls:restrict-allowlisting-api to gnutls/gnutls:master Author: Alexander Sosedkin This is an attempt to defer TLS priority string generation from allowlisting config and then restrict `gnutls_protocol_set_enabled` to the time window between config loading and TLS priority string initialization. This will really really simplify the config / API / priority string interplay. If we also disable live config reloading, we'll have these three phases happening strictly sequentially, which would be the easiest to reason about. This is an attempt to generate priority string from `->supported`. The roadblock I've hit now is the ordering; since priority string order is significant, we can't just iterate in some fixed order, guess we'd have to honor config order + append what's enabled through new API in enabling order. That'd necessitate the new API to work on the config struct arrays order. Not ready yet, but publishing for visibility. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 10:34:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 09:34:24 +0000 Subject: [gnutls-devel] GnuTLS | Building mingw32 gnutls error: you must have sys_stat.h on your system (#1324) References: Message-ID: Oo Mac created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1324 ## Description of problem: Building mingw32 gnutls error: you must have sys_stat.h on your system ## Version of gnutls used: 3.6.9-1 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) mingw32 ## How reproducible: Steps to Reproduce: tar -xvf gnutls-3.6.9-1-src.tar.xz autoreconf -vfi ./configure --build=i686-w32-mingw32 --prefix="$HOME/prefix" --disable-tests --enable-shared --enable-static --disable-guile --enable-cxx --disable-hardware-acceleration --enable-heartbeat-support --with-included-unistring --with-default-trust-store-file=/usr/ssl/certs/ca-bundle.crt .... configure: error: you must have sys_stat.h on your system ## Actual results: configure: error: you must have sys_stat.h on your system make error ## Expected results: configure: ok make ok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1324 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 14:14:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 13:14:41 +0000 Subject: [gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320) In-Reply-To: References: Message-ID: Patrik Lundquist commented: I prefer the wording `may` since one option isn't better than the other. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320#note_843352515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 17:57:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 16:57:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_transport_is_ktls_enabled: fix return value of stub (!1534) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1534 Project:Branches: dueno/gnutls:wip/dueno/ktls-return-value to gnutls/gnutls:master Author: Daiki Ueno .. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1534 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 18:07:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 17:07:05 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_transport_is_ktls_enabled: fix return value of stub (!1534) In-Reply-To: References: Message-ID: Merge request !1534 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1534 Project:Branches: dueno/gnutls:wip/dueno/ktls-return-value to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1534 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 19:02:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 18:02:13 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_transport_is_ktls_enabled: fix return value of stub (!1534) In-Reply-To: References: Message-ID: Merge request !1534 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1534 Project:Branches: dueno/gnutls:wip/dueno/ktls-return-value to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1534 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 19:06:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 18:06:15 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: tighten algorithm checks under FIPS (!1531) In-Reply-To: References: Message-ID: Merge request !1531 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 Project:Branches: dueno/gnutls:wip/dueno/fips-pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 19:16:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 18:16:12 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_transport_is_ktls_enabled: fix return value of stub (!1534) In-Reply-To: References: Message-ID: Merge request !1534 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1534 Project:Branches: dueno/gnutls:wip/dueno/ktls-return-value to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1534 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 19:52:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 18:52:04 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: tighten algorithm checks under FIPS (!1531) In-Reply-To: References: Message-ID: Merge request !1531 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 Project:Branches: dueno/gnutls:wip/dueno/fips-pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 15 19:52:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Feb 2022 18:52:12 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: tighten algorithm checks under FIPS (!1531) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531#note_843866824 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 08:04:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 07:04:36 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: tighten algorithm checks under FIPS (!1531) In-Reply-To: References: Message-ID: Merge request !1531 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 Project:Branches: dueno/gnutls:wip/dueno/fips-pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 08:20:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 07:20:44 +0000 Subject: [gnutls-devel] GnuTLS | pkcs12: tighten algorithm checks under FIPS (!1531) In-Reply-To: References: Message-ID: Merge request !1531 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 Project:Branches: dueno/gnutls:wip/dueno/fips-pkcs12 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 09:11:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 08:11:33 +0000 Subject: [gnutls-devel] GnuTLS | gnutls restricts TLSv1.3 identity to 128 characters (#1323) In-Reply-To: References: Message-ID: Hannes Reinecke commented: [0001-auth-psk-dynamically-allocate-username.patch](/uploads/853010fa1c2384a1b4269e7d51deda75/0001-auth-psk-dynamically-allocate-username.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1323#note_844369794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 09:11:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 08:11:54 +0000 Subject: [gnutls-devel] GnuTLS | gnutls restricts TLSv1.3 identity to 128 characters (#1323) In-Reply-To: References: Message-ID: Hannes Reinecke commented: I would have created a merge request if the email interface would have allowed me to do so ... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1323#note_844370208 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 15:04:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 14:04:51 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin changed the draft status of merge request !1533 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 15:05:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 14:05:57 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Ready for review at last. Probably best viewed commit-by-commit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_844921840 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 15:34:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 14:34:44 +0000 Subject: [gnutls-devel] GnuTLS | API function to get ciphersuite name (#1291) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1513 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1513) Issue #1291: https://gitlab.com/gnutls/gnutls/-/issues/1291 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 15:40:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 14:40:36 +0000 Subject: [gnutls-devel] GnuTLS | Draft: jsonopts: make option description type-safe (!1535) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1535 Project:Branches: dueno/gnutls:wip/dueno/options to gnutls/gnutls:master Author: Daiki Ueno This is an attempt to make the option description type-safe, i.e., instead of string to string mapping, the value can be any type depending on the field name. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1535 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 16:20:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 15:20:26 +0000 Subject: [gnutls-devel] GnuTLS | Building mingw32 gnutls error: you must have sys_stat.h on your system (#1324) In-Reply-To: References: Message-ID: Daiki Ueno commented: What host environment are you compiling on? Our CI has [mingw32](https://gitlab.com/gnutls/gnutls/-/jobs/2100823317) build based on Fedora 35, which usually succeeds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1324#note_845074022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 18:24:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 17:24:20 +0000 Subject: [gnutls-devel] GnuTLS | Draft: priority: partial fix for gnutls_protocol_set_enabled enabling (!1501) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Hope it will be superseded by !1533 instead. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1501#note_845294133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 18:24:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 17:24:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_protocol_set_enabled struggles with enabling originally disabled protocols (#1307) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Filed !1533 with the "embrace" proposal. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1307#note_845295065 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 18:33:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 17:33:36 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845306639 > + _gnutls_debug_log("cfg: unable to construct " > + "system-wide priority string: %s", > + strerror(ret)); `gnutls_strerror`? -- Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845306671 > - goto out; > + if (system_priority_file_loaded) { > + system_priority_file_loaded = \ no need for the trailing backslash -- Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845306676 > > - ret = _gnutls_update_system_priorities(); > + ret = _gnutls_update_system_priorities(1 /* defer_system_wide */); Let's just use `true` -- Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845306679 > */ > - ret = _gnutls_update_system_priorities(); > + ret = _gnutls_update_system_priorities(0 /* defer_system_wide */); `false` -- Daiki Ueno started a new discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845306702 > + */ > + > +#define COPY_ARRAY_NULL_TERMINATE(dst, src, len) \ I'd rather define this kind of procedural macros an inline function, to avoid variable name clash, to make it easier to debug, etc. As for the implementation, can't we simply use `memcpy`? -- Daiki Ueno started a new discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845306710 > + */ > + > +#define APPEND_TO_NULL_TERMINATED_ARRAY(dst, element) \ Let's make it an inline function. -- Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845306726 > + (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); > + return ret; > +#endif Not an issue in this MR, but I'd add `#else` to avoid unreachable code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 18:38:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 17:38:42 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_845314531 > + } > + > + fp = fdopen(fd, "rb"); I'd suggest not using stdio functions (`fread`, `fwrite`, etc) for this as it has its own buffers (see `man stdbuf`). Maybe you could simply write with `read(fd, ...)`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 16 20:40:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Feb 2022 19:40:38 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 was reviewed by Alexander Sosedkin -- Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442627 > + _gnutls_debug_log("cfg: unable to construct " > + "system-wide priority string: %s", > + strerror(ret)); right, fixed -- Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442629 > - goto out; > + if (system_priority_file_loaded) { > + system_priority_file_loaded = \ OK -- Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442631 > > - ret = _gnutls_update_system_priorities(); > + ret = _gnutls_update_system_priorities(1 /* defer_system_wide */); replaced `1` with `true` -- Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442634 > */ > - ret = _gnutls_update_system_priorities(); > + ret = _gnutls_update_system_priorities(0 /* defer_system_wide */); replaced `0` with `false` -- Alexander Sosedkin commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442640 > + */ > + > +#define COPY_ARRAY_NULL_TERMINATE(dst, src, len) \ Oh, right, why didn't I use `memcpy`. Rewriting this one with `memcpy` and unmacroing is just +6 lines, so I unmacroed it. -- Alexander Sosedkin commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442644 > + */ > + > +#define APPEND_TO_NULL_TERMINATED_ARRAY(dst, element) \ After some discussions off the MR, I kept this as is and added a comment explaining other possible approaches if somebody takes on it later. If you insist, I can unmacro. -- Alexander Sosedkin commented: Many thanks for a prompt review! Pushing an update to address your concerns above + 1. Two unused error codes around `/* irregularity */` intertwined `sigs*` modifications caught by a static analyzer. 2. The issue where deinit + reinit can prevent FIPS tests from working as relevant algorithms are disabled through `supported`/`flags`. The issue isn't a regression + not sure if we even support deinit + reinit, so I rewrote the test to not reinit, but restart the process (and left invocations testing reinit specifically commented out for the future). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 03:04:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 02:04:52 +0000 Subject: [gnutls-devel] GnuTLS | Building mingw32 gnutls error: you must have sys_stat.h on your system (#1324) In-Reply-To: References: Message-ID: Oo Mac commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1324#note_845710772 windows10 msys2 mingw32 ./configure --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix="$HOME/prefix" --enable-static --disable-shared --with-included-libtasn1 --disable-doc --disable-guile --without-p11-kit --enable-local-libopts --disable-nls --with-included-unistring ... checking for sys/stat.h... (cached) no .. configure: error: you must have sys_stat.h on your system -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1324#note_845710772 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 09:22:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 08:22:11 +0000 Subject: [gnutls-devel] GnuTLS | Building mingw32 gnutls error: you must have sys_stat.h on your system (#1324) In-Reply-To: References: Message-ID: Issue was closed by Oo Mac Issue #1324: https://gitlab.com/gnutls/gnutls/-/issues/1324 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1324 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 09:22:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 08:22:11 +0000 Subject: [gnutls-devel] GnuTLS | Building mingw32 gnutls error: you must have sys_stat.h on your system (#1324) In-Reply-To: References: Message-ID: Oo Mac commented: #10761 (comment) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1324#note_845936398 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 11:51:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 10:51:53 +0000 Subject: [gnutls-devel] GnuTLS | Disable some tests in fips mode (!1536) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich There are some parts of the testsuite that use algorithms that are not approved by FIPS. This patch disables these parts if FIPS mode is enabled. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 11:53:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 10:53:35 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: UBSan caught zero-length `memcpy`, I've conditioned them on length checks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_846184335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 12:25:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 11:25:25 +0000 Subject: [gnutls-devel] GnuTLS | Disable some tests in fips mode (!1536) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/pkcs11/pkcs11-eddsa-privkey-test.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536#note_846250261 > #include "../utils.h" > #include "softhsm.h" > > +#ifdef ENABLE_FIPS140 `ENABLE_FIPS140` is a build time check so the library has support for FIPS140 mode, which can be toggled in many ways (e.g., kernel FIPS setting, GNUTLS_FORCE_FIPS_MODE envvar, etc). It would be better to use `gnutls_fips140_mode_enabled` and defer the check to the run time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536#note_846250261 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 13:27:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 12:27:20 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_846364668 > + method_num = _gnutls_compress_certificate_method2num(comp_method); > + if (method_num == GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER) > + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); > + > + plain.data = buf->data + cert_pos_mark; > + plain.size = buf->length - cert_pos_mark; > + > + comp_bound = _gnutls_compress_bound(comp_method, plain.size); > + if (comp_bound == 0) > + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); > + comp.data = gnutls_malloc(comp_bound); > + if (comp.data == NULL) > + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); > + ret = _gnutls_compress(comp_method, comp.data, comp_bound, plain.data, plain.size); > + if (ret < 0) > + return gnutls_assert_val(ret); resolved -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_846364668 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 13:38:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 12:38:45 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_846386908 > + if (ret < 0) > + return gnutls_assert_val(ret); > + > + gnutls_free(comp.data); > + return 0; > +} > + > +static int > +decompress_certificate(gnutls_buffer_st * buf) > +{ > + int ret; > + size_t method_num, plain_exp_len; > + gnutls_datum_t comp, plain = { NULL, 0 }; > + gnutls_compression_method_t comp_method; > + > + ret = _gnutls_buffer_pop_prefix16(buf, &method_num, 0); Because it doesn't make sense. The 2 bytes of data does not represent size but a method number. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_846386908 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 13:58:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 12:58:17 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_846425324 > + > + plain.data = buf->data + cert_pos_mark; > + plain.size = buf->length - cert_pos_mark; > + > + comp_bound = _gnutls_compress_bound(comp_method, plain.size); > + if (comp_bound == 0) > + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); > + comp.data = gnutls_malloc(comp_bound); > + if (comp.data == NULL) > + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); > + ret = _gnutls_compress(comp_method, comp.data, comp_bound, plain.data, plain.size); > + if (ret < 0) > + return gnutls_assert_val(ret); > + comp.size = ret; > + > + _gnutls_buffer_delete_data(buf, cert_pos_mark, plain.size); Good point! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_846425324 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 14:20:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 13:20:06 +0000 Subject: [gnutls-devel] GnuTLS | Denial of service attack due to vulnerability: CVE-2002-20001 (#1325) References: Message-ID: wang cheng created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1325 The "[dheater](https://github.com/Balasys/dheater)" can attack the server and cause CPU core to 100%, when the server supports DHE as the key exchange. Is this CVE a Vulnerability in GNUTLS? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1325 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 15:21:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 14:21:21 +0000 Subject: [gnutls-devel] GnuTLS | [WIP] Disable some tests in fips mode (!1536) In-Reply-To: References: Message-ID: Merge request !1536 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 15:28:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 14:28:59 +0000 Subject: [gnutls-devel] GnuTLS | [WIP] Disable some tests in fips mode (!1536) In-Reply-To: References: Message-ID: All discussions on merge request !1536 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 16:42:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 15:42:13 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1537) References: Message-ID: Dimitris Apostolou created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 Project:Branches: rex4539/gnutls:typos to gnutls/gnutls:master Author: Dimitris Apostolou Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 16:47:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 15:47:40 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1537) In-Reply-To: References: Message-ID: Merge request !1537 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 Project:Branches: rex4539/gnutls:typos to gnutls/gnutls:master Author: Dimitris Apostolou Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 16:47:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 15:47:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1537) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537#note_846728678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 18:40:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 17:40:04 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: All discussions on merge request !1486 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 19:04:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 18:04:48 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Fixed a mistake in iterating over `sigs_for_cert`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_846911473 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 19:53:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 18:53:00 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Removed an unrelated regression-introducing change from `lib/priority: move sigalgs filtering to set_ciphersuite_list`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_846955522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 19:55:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 18:55:05 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: All discussions on merge request !1533 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 21:44:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 20:44:24 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: v8..v10: revert a slight change in behaviour of `_gnutls_version_max` stemming from marking all protocols as disabled -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_847044267 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 17 22:24:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Feb 2022 21:24:26 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: Will spend a bit more time testing it =( -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_847072367 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 18 11:21:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 18 Feb 2022 10:21:29 +0000 Subject: [gnutls-devel] GnuTLS | bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS (!1538) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1538 Project:Branches: asosedkin/gnutls:bump-max-algorithm to gnutls/gnutls:master Author: Alexander Sosedkin Fedora 36 LEGACY crypto-policy uses allowlisting format and is long enough to blow past the 64 priority string elements mark, causing, effectively, priority string truncation. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1538 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 18 15:11:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 18 Feb 2022 14:11:55 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin changed the draft status of merge request !1533 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 18 15:35:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 18 Feb 2022 14:35:59 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: plus three more places to amend after marking all protocols as disabled, plus a finding filed separately as gnutls!1538. Sorry for the delay, but at least now after thorough testing I'm pleased to say it's very unlikely it'll bring adverse effects to allowlisted RHEL-9 or blocklisted Fedora 35. Allowlisted Fedora 36 can have breakages in LEGACY without gnutls!1538, considering no protocols to be enabled, so please mind that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_848099791 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 20 08:17:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Feb 2022 07:17:19 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1537) In-Reply-To: References: Message-ID: Daiki Ueno commented: @rex4539 sorry for the inconvenience but the static-analyzer job is taking too long... could you increase the timeout of CI through https://docs.gitlab.com/ee/ci/pipelines/settings.html#set-a-limit-for-how-long-jobs-can-run (I recommend 3h or 2h). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537#note_848912645 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 20 08:17:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Feb 2022 07:17:40 +0000 Subject: [gnutls-devel] GnuTLS | Disable some tests in fips mode (!1536) In-Reply-To: References: Message-ID: Merge request !1536 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 20 08:59:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Feb 2022 07:59:23 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1537) In-Reply-To: References: Message-ID: Merge request !1537 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 Project:Branches: rex4539/gnutls:typos to gnutls/gnutls:master Author: Dimitris Apostolou Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 20 09:52:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Feb 2022 08:52:26 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1537) In-Reply-To: References: Message-ID: Merge request !1537 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 Project:Branches: rex4539/gnutls:typos to gnutls/gnutls:master Author: Dimitris Apostolou Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 20 10:55:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Feb 2022 09:55:35 +0000 Subject: [gnutls-devel] GnuTLS | x509: regression in the error code returned on encrypted files (#1321) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: > A better fix would be to only call _gnutls_retrieve_pin if a pin callback is actually registered. I don't see a clean way of doing that without duplicating the callback existence checks that exist in _gnutls_retrieve_pin... This makes sense to me as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1321#note_848947270 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 20 18:12:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Feb 2022 17:12:40 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_849105407 > + > + if (offset != NULL) > + if (lseek(fd, *offset, SEEK_SET) == -1) According to the manual page of `sendfile`, the offset seems to respect the current read position so shouldn't it be `SEEK_CUR`? -- Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_849105411 > + > + if (offset != NULL) > + if (lseek(fd, *offset, SEEK_SET) == -1) I'd merge those `if`'s: ```suggestion:-1+0 if (offset != NULL && lseek(fd, *offset, SEEK_SET) == -1) ``` -- Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_849105412 > + size_t buf_len, data_to_send; > + size_t send = 0; > + char *buf; Let's use `uint8_t *` for binary data. -- Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_849105413 > + if (count < buf_len) > + buf_len = count; > + else if (buf_len <= 0) `size_t` is unsigned, so `buf_len` shouldn't be negative. In any case this clamping might be simply written using `MIN` and `MAX`? ```c buf_len = MIN(count, MAX(MAX_RECORD_SEND_SIZE(session), 512)) ``` ? -- Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_849105414 > + buf_len = 512; > + > + buf = (char*) malloc(buf_len); Cast should be unnecessary. -- Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_849105416 > + * @count: is the length of the data to be read from file and send. > + * > + * sends data via sendfile function. If KTLS is not enabled, this function only works with blocking I/O (because of the `while` loops). Perhaps it might be worth noting that limitation something like: ``` This function sends data from @fd. If KTLS (kernel TLS) is enabled, it will use the sendfile() system call to avoid overhead of copying data between user space and the kernel. Otherwise, this functionality is only emulated by calling read() and gnutls_record_send() in a loop; thus it will not work in non-blocking mode. If this limitation matters, check whether KTLS is enabled using gnutls_transport_is_ktls_enabled(). ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 20 18:17:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Feb 2022 17:17:34 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_849106515 > + size_t buf_len, data_to_send; > + size_t send = 0; > + char *buf; > + > + if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) { > + return _gnutls_ktls_send_file(session, fd, offset, count); > + } > + > + if (offset != NULL) > + if (lseek(fd, *offset, SEEK_SET) == -1) > + return GNUTLS_E_FILE_ERROR; > + > + buf_len = MAX_RECORD_SEND_SIZE(session); > + if (count < buf_len) > + buf_len = count; > + else if (buf_len <= 0) Also consider using `max_record_send_size` instead (see #815). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_849106515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 07:38:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 06:38:24 +0000 Subject: [gnutls-devel] GnuTLS | bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS (!1538) In-Reply-To: References: Message-ID: Merge request !1538 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1538 Project:Branches: asosedkin/gnutls:bump-max-algorithm to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1538 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 07:38:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 06:38:29 +0000 Subject: [gnutls-devel] GnuTLS | bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS (!1538) In-Reply-To: References: Message-ID: Merge request !1538 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1538 Project:Branches: asosedkin/gnutls:bump-max-algorithm to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1538 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 07:55:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 06:55:01 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Daiki Ueno commented: I wonder if it might be a little safer to split this MR to two: - the first two commits in this MR to defer the priority string construction, plus additional documentation mentioning that it is an undefined behavior if those API function are called later - the rest of commits that enforce the rule That way we will have sufficient time to test the code changes for the latter. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_849352113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 10:57:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 09:57:08 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849563413 > +int > +gnutls_compress_certificate_set_methods(gnutls_session_t session, const gnutls_datum_t * methods) > +{ > + int ret, tmp; > + uint16_t priv_algs[MAX_COMPRESS_CERTIFICATE_METHODS]; > + gnutls_compression_method_t algs[MAX_COMPRESS_CERTIFICATE_METHODS]; > + gnutls_datum_t priv; > + > + if (methods->size < MIN_COMPRESS_CERTIFICATE_METHODS || > + methods->size > MAX_COMPRESS_CERTIFICATE_METHODS) > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + > + memcpy(algs, methods->data, methods->size * sizeof(gnutls_compression_method_t)); > + > + for (unsigned i = 0; i < methods->size; ++i) { > + tmp = _gnutls_compress_certificate_method2num(algs[i]); `GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER` seem more appropriate, both when methods->size check fails and when unimplemented alg is provided. I will also add an option to unset compression methods. When methods == NULL OR methods_len == 0, then unset compression methods. Because currently if you would set them, you wouldnt be able to unset them as methods_len 0 would be an invalid param error. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849563413 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 11:08:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 10:08:07 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849578988 > + > + DECR_LEN(data_size, algs_size); > + memcpy(algs, data + 1, algs_size); > + algs_size /= sizeof(uint16_t); > + > + for (unsigned i = 0; i < algs_size; ++i) { > + tmp = _gnutls_read_uint16((uint8_t *)(algs + i)); > + if (_gnutls_compress_certificate_num2method(tmp) == GNUTLS_COMP_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); > + } > + > + memcpy(priv_algs, priv.data, priv.size); > + priv_algs_size = priv.size / sizeof(uint16_t); > + > + for (unsigned i = 0; i < algs_size && method == GNUTLS_COMP_UNKNOWN; ++i) > + for (unsigned j = 0; j < priv_algs_size && method == GNUTLS_COMP_UNKNOWN; ++j) Does this makes sense here? Currently the peers request has precedence before the local supported compression list. That means, if server requests client to compress his cert, the servers requested methods will always have precedence. Analogously it holds for client. Would it make sense to prefer servers compression list before the clients request? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849578988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 11:29:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 10:29:08 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849608834 > +int > +gnutls_compress_certificate_set_methods(gnutls_session_t session, const gnutls_datum_t * methods) > +{ > + int ret, tmp; > + uint16_t priv_algs[MAX_COMPRESS_CERTIFICATE_METHODS]; > + gnutls_compression_method_t algs[MAX_COMPRESS_CERTIFICATE_METHODS]; > + gnutls_datum_t priv; > + > + if (methods->size < MIN_COMPRESS_CERTIFICATE_METHODS || > + methods->size > MAX_COMPRESS_CERTIFICATE_METHODS) > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + > + memcpy(algs, methods->data, methods->size * sizeof(gnutls_compression_method_t)); > + > + for (unsigned i = 0; i < methods->size; ++i) { > + tmp = _gnutls_compress_certificate_method2num(algs[i]); `GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER` is typically used when the TLS server/client receives illegal parameter from the peer. In this case, the caller of this function is application, I'd say `GNUTLS_E_INVALID_REQUEST` is more appropriate. > Because currently if you would set them, you wouldnt be able to unset them as methods_len 0 would be an invalid param error. Couldn't it possible to check `methods_len` at the beginning of the function (before checking the content of `methods`) and unset priv data if it's 0? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849608834 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 11:54:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 10:54:30 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849654830 > + > + DECR_LEN(data_size, algs_size); > + memcpy(algs, data + 1, algs_size); > + algs_size /= sizeof(uint16_t); > + > + for (unsigned i = 0; i < algs_size; ++i) { > + tmp = _gnutls_read_uint16((uint8_t *)(algs + i)); > + if (_gnutls_compress_certificate_num2method(tmp) == GNUTLS_COMP_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); > + } > + > + memcpy(priv_algs, priv.data, priv.size); > + priv_algs_size = priv.size / sizeof(uint16_t); > + > + for (unsigned i = 0; i < algs_size && method == GNUTLS_COMP_UNKNOWN; ++i) > + for (unsigned j = 0; j < priv_algs_size && method == GNUTLS_COMP_UNKNOWN; ++j) not checking the server_precedence for now -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849654830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 11:54:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 10:54:30 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: All discussions on merge request !1512 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 16:43:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 15:43:01 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 Project:Branches: dueno/gnutls:wip/dueno/gost-fixes to gnutls/gnutls:master Author: Daiki Ueno This suppresses GOST algorithms in the algorithm listings of `gnutls-cli --list`, if those algorithms are not compiled in. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 18:37:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 17:37:38 +0000 Subject: [gnutls-devel] GnuTLS | [split off !1533] defer setting priority string (!1540) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1540 Project:Branches: asosedkin/gnutls:defer-setting-prio-string to gnutls/gnutls:master Author: Alexander Sosedkin A split-off from !1533 with the following requested set of changes: * separation of priority string construction from its application (picked) * deferred application (picked), and * documentation updates to the allowlisting API to state that calling them before initializing priority strings is an UB (new, !1533 overrides it with a different text) ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 18:43:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 17:43:46 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: In theory, yes. In practice I'm afraid that documentation warnings won't deter enough unless enforced, especially if they'll be downstream only to some distros. The largest block of non-trivialty in the enforcement commit grows from https://gitlab.com/dueno/gnutls/-/merge_requests/1 of my own making. That one I consider tested well and I hope the non-protocols part is more straightforward. But yeah, why not split it up. I've split the first two commits off as !1540 and added warnings in doctexts. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_850201513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 20:21:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 19:21:09 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: I believe there are also `lib/algorithms/{mac,kx,ciphers}.c` with GOST entries present unconditionally. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539#note_850283673 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 20:32:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 19:32:15 +0000 Subject: [gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: v12..v13: recovering from a merge mess-up in `_gnutls_sign_set_secure` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_850290889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 21 20:41:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 19:41:20 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/algorithms/mac.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539#note_850297942 > .id = GNUTLS_MAC_KUZNYECHIK_OMAC, > .output_size = 16, > .key_size = 32, > .block_size = 16}, These two as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539#note_850297942 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 00:28:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Feb 2022 23:28:23 +0000 Subject: [gnutls-devel] GnuTLS | lib/system/certs.c: Add support for SSL_CERT_DIR, SSL_CERT_FILE (!1541) References: Message-ID: Ryan Sundberg created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541 Project:Branches: sundbry/gnutls:ssl-cert-dir to gnutls/gnutls:master Author: Ryan Sundberg Resolves issue #1279 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 08:16:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 07:16:21 +0000 Subject: [gnutls-devel] GnuTLS | [split off !1533] defer setting priority string (!1540) In-Reply-To: References: Message-ID: Merge request !1540 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1540 Project:Branches: asosedkin/gnutls:defer-setting-prio-string to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 08:16:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 07:16:30 +0000 Subject: [gnutls-devel] GnuTLS | [split off !1533] defer setting priority string (!1540) In-Reply-To: References: Message-ID: Merge request !1540 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1540 Project:Branches: asosedkin/gnutls:defer-setting-prio-string to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 08:17:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 07:17:38 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/algorithms/mac.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539#note_850695565 > .id = GNUTLS_MAC_KUZNYECHIK_OMAC, > .output_size = 16, > .key_size = 32, > .block_size = 16}, Good catch, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539#note_850695565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 08:18:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 07:18:04 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) In-Reply-To: References: Message-ID: All discussions on merge request !1539 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 09:51:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 08:51:22 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_850802626 I have added this in -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_850802626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 09:51:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 08:51:29 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: All discussions on merge request !1512 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 14:07:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 13:07:41 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) In-Reply-To: References: Message-ID: Merge request !1539 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 Project:Branches: dueno/gnutls:wip/dueno/gost-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 14:23:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 13:23:23 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_851179706 > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + > + for (unsigned i = 0; i < methods_len; ++i) { > + tmp = _gnutls_compress_certificate_method2num(methods[i]); > + if (tmp == GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER || > + gnutls_compression_get_name(tmp) == NULL) > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + _gnutls_write_uint16(tmp, (uint8_t *)(algs + i)); > + } > + > + _gnutls_hello_ext_unset_priv(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE); > + > + priv.data = (unsigned char *)algs; > + priv.size = methods_len * sizeof(uint16_t); > + > + ret = _gnutls_hello_ext_set_datum(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE, &priv); I would suggest using `_gnutls_hello_ext_set_priv` instead of `_gnutls_hello_ext_set_datum`, in a similar manner to `gnutls_alpn_set_protocols`: ```c typedef struct { gnutls_compression_method_t methods[MAX_COMPRESS_CERTIFICATE_METHODS]; size_t methods_len; } compress_certificate_ext_st; ... compress_certificate_ext_st *priv; priv = gnutls_malloc(sizeof(*priv)); ... memcpy(priv->methods, ...); _gnutls_hello_ext_set_priv(..., priv); ``` That way, the conversiosn between `uint8_t *` and `gnutls_compression_method_t *` will be unnecessary. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_851179706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 14:25:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 13:25:32 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) In-Reply-To: References: Message-ID: Merge request !1539 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 Project:Branches: dueno/gnutls:wip/dueno/gost-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 14:25:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 13:25:44 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539#note_851182814 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 15:44:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 14:44:25 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: make _get_name() always return non-NULL for sign and pk (!1542) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1542 Project:Branches: dueno/gnutls:wip/dueno/strcodes to gnutls/gnutls:master Author: Daiki Ueno This partially revert aa94bcbdaa55899f4f4ae13dc3e9a8c559354676 to preserve the assumption given in gnutls-strcodes test. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1542 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 17:57:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 16:57:37 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_851495093 > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + > + for (unsigned i = 0; i < methods_len; ++i) { > + tmp = _gnutls_compress_certificate_method2num(methods[i]); > + if (tmp == GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER || > + gnutls_compression_get_name(tmp) == NULL) > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + _gnutls_write_uint16(tmp, (uint8_t *)(algs + i)); > + } > + > + _gnutls_hello_ext_unset_priv(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE); > + > + priv.data = (unsigned char *)algs; > + priv.size = methods_len * sizeof(uint16_t); > + > + ret = _gnutls_hello_ext_set_datum(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE, &priv); I am not quite sure if I want to store an array of `gnutls_compression_method_t`. Currently, in `gnutls_compress_certificate_set_methods` function I have to parse the input anyway and then I am storing it in a format that is ready to be sent. That's why `_gnutls_compress_certificate_send_params` function does not have to do any conversions because it can just retrieve the private data and immediately send them. I don't think that storing the data as `gnutls_compression_method_t` would be any beneficial. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_851495093 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 22 18:08:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Feb 2022 17:08:13 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_851506961 > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + > + for (unsigned i = 0; i < methods_len; ++i) { > + tmp = _gnutls_compress_certificate_method2num(methods[i]); > + if (tmp == GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER || > + gnutls_compression_get_name(tmp) == NULL) > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + _gnutls_write_uint16(tmp, (uint8_t *)(algs + i)); > + } > + > + _gnutls_hello_ext_unset_priv(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE); > + > + priv.data = (unsigned char *)algs; > + priv.size = methods_len * sizeof(uint16_t); > + > + ret = _gnutls_hello_ext_set_datum(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE, &priv); For sending that would be ok, but for receiving you still have deserialization logic for the data we set by ourselves (to figure out the overlapped algorithms sent by the peer and ours). I'd say it is a good practice to avoid (de)serialization as possible, and one way to do that is to do (de)serialization at the very point it is needed. So I suggest: - in `_set_methods`, store `gnutls_compression_method_t` as is in priv, no serialization - in `_send`, serialize the `gnutls_compression_method_t` array to bytes - in `_recv`, deserialize the `gnutls_compression_method_t` array from bytes Currently, it's mixed like: - in `_set_methods`, serialize the `gnutls_compression_method_t` to bytes and store it in priv - in `_send`, send it as is - in `_recv`, deserialize the `gnutls_compression_method_t` array from bytes sent by the peer, as well as ours which is a bit hard to follow... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_851506961 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 08:53:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 07:53:02 +0000 Subject: [gnutls-devel] GnuTLS | lib/system/certs.c: Add support for SSL_CERT_DIR, SSL_CERT_FILE (!1541) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1541 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/system/certs.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852052219 > + > +# if defined(ANDROID) || defined(__ANDROID__) > +# define DEFAULT_TRUST_STORE_DIR "/system/etc/security/cacerts/" What about moving this out of the outer `#if` block: ```c #if defined(ANDROID) || defined(__ANDROID__) # define DEFAULT_TRUST_STORE_DIR "/system/etc/security/cacerts/" #endif #if defined(DEFAULT_TRUST_STORE_DIR) || defined(DEFAULT_TRUST_STORE_FILE) || \ (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) ... #endif ``` That way `defined(ANDROID) || defined(__ANDROID__)` is checked at the single place, though `load_revoked_certs` below might need to be conditionalized as well. -- Daiki Ueno started a new discussion on lib/system/certs.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852052246 > - if (ret > 0) > - r += ret; > + if (r == 0) { What is the intention behind this check? Besides the fact that `r` is always 0 here, the following code also has this check, so I wonder if it was to make the trust store implementations (PKCS#11, SSL_CERT_DIR, SSL_CERT_FILE, default trust dir) mutually exclusive. In that case do we need to calculate the sum? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 14:28:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 13:28:00 +0000 Subject: [gnutls-devel] GnuTLS | non-KTLS sendfile (7c034622) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/commit/7c03462269ddd7c6a8753c6f8796438e40193f2d#note_852536732 > + data_to_send = ret; > + while (data_to_send > 0) { > + ret = gnutls_record_send(session, buf, data_to_send); > + if (ret < 0) { > + if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) > + continue; > + else > + goto end; > + } > + data_to_send -= ret; > + } > + send += ret; > + } > + if (offset != NULL){ > + *offset += send; > + lseek(fd, -(*offset), SEEK_CUR); Perhaps you could save the offset at the first `lseek` and restore it with SEEK_SET? ```c off_t save_offset; if (offset) { save_offset = lseek(fd, *offset, SEEK_CUR); // error handling } // read from fd if (offset) { *offset += send; lseek(fd, save_offset, SEEK_SET); } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/7c03462269ddd7c6a8753c6f8796438e40193f2d#note_852536732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 16:05:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 15:05:25 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_852718555 > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + > + for (unsigned i = 0; i < methods_len; ++i) { > + tmp = _gnutls_compress_certificate_method2num(methods[i]); > + if (tmp == GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER || > + gnutls_compression_get_name(tmp) == NULL) > + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); > + _gnutls_write_uint16(tmp, (uint8_t *)(algs + i)); > + } > + > + _gnutls_hello_ext_unset_priv(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE); > + > + priv.data = (unsigned char *)algs; > + priv.size = methods_len * sizeof(uint16_t); > + > + ret = _gnutls_hello_ext_set_datum(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE, &priv); done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_852718555 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 16:05:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 15:05:25 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: All discussions on merge request !1512 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 16:09:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 15:09:09 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Merge request !1512 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 16:09:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 15:09:39 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me; great work! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_852727275 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 16:55:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 15:55:37 +0000 Subject: [gnutls-devel] GnuTLS | lib/system/certs.c: Add support for SSL_CERT_DIR, SSL_CERT_FILE (!1541) In-Reply-To: References: Message-ID: Ryan Sundberg commented on a discussion on lib/system/certs.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852814072 > return 0; > } > > -#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) > +#if defined(DEFAULT_TRUST_STORE_DIR) || defined(DEFAULT_TRUST_STORE_FILE) \ > + || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) \ > + || defined(ANDROID) || defined(__ANDROID__) > + > +# include > +# include > + > +# if defined(ANDROID) || defined(__ANDROID__) > +# define DEFAULT_TRUST_STORE_DIR "/system/etc/security/cacerts/" Hi @dueno. Good idea. I cleaned it up so it only checks for ANDROID once at the top, and added new #defines for the REVOKE cert dir that android uses. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852814072 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 17:05:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 16:05:03 +0000 Subject: [gnutls-devel] GnuTLS | lib/system/certs.c: Add support for SSL_CERT_DIR, SSL_CERT_FILE (!1541) In-Reply-To: References: Message-ID: Ryan Sundberg commented on a discussion on lib/system/certs.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852837122 > #endif > > #if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11) > - ret = > - gnutls_x509_trust_list_add_trust_file(list, > - DEFAULT_TRUST_STORE_PKCS11, > - crl_file, > - GNUTLS_X509_FMT_DER, > - tl_flags, tl_vflags); > - if (ret > 0) > - r += ret; > + if (r == 0) { I was trying to be security conscious while merging the two functions together. My thought here was that if the user has some method explicitly configured for the root certs, it should short circuit on the first one and return there. For example, if the user has a PKCS11 module for the root certs, and some certs are loaded from there, the environment variable should not be read (it should ONLY use the pkcs11 certs). Or if they have the environment variable set, and some are loaded, it should bypass loading the default /etc/ssl/certs. I don't know how many installations are out there with both `DEFAULT_TRUST_STORE_PKCS11` and `DEFAULT_TRUST_STORE_FILE` configured, if any, where this may affect them if they wanted to load certs from more than one default source concurrently. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852837122 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 19:06:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 18:06:05 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: add missing Libs.private for macOS (!1543) References: Message-ID: ePirat created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1543 Project:Branches: ePirat/gnutls:epirat-fix-missing-frameworks-pc-file to gnutls/gnutls:master Author: ePirat Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1543 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 20:21:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 19:21:34 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load libtss2-esys as needed (!1544) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544 Project:Branches: dueno/gnutls:wip/dueno/libtss2-esys-dlopen to gnutls/gnutls:master Author: Daiki Ueno libtss2-esys links to OpenSSL or mbed TLS for cryptography, which may cause packaging issues. This instead dlopen's libtss2-esys.so as needed so non-TPM applications continues working without loading multiple crypto libraries. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 21:14:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 20:14:36 +0000 Subject: [gnutls-devel] GnuTLS | lib/system/certs.c: Add support for SSL_CERT_DIR, SSL_CERT_FILE (!1541) In-Reply-To: References: Message-ID: Ryan Sundberg commented on a discussion on lib/system/certs.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_853140746 > #endif > > #if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11) > - ret = > - gnutls_x509_trust_list_add_trust_file(list, > - DEFAULT_TRUST_STORE_PKCS11, > - crl_file, > - GNUTLS_X509_FMT_DER, > - tl_flags, tl_vflags); > - if (ret > 0) > - r += ret; > + if (r == 0) { Should we make this as a configure option `--enable-ssl-env`? Without the flag enabled we can keep the existing behavior with the `if (r == 0)` checks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_853140746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 21:53:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 20:53:00 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load libtss2-esys as needed (!1544) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: Oh wow, this is what I was working on :-) I'll check your version locally to see if it fixes the problem now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_853175650 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 23 22:16:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Feb 2022 21:16:43 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load libtss2-esys as needed (!1544) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: Yes, I can confirm that this patch fixes the problem perfectly. If you want to test it yourself, you'll need VDDK 7 (from VMware) and nbdkit (from RHEL 9) and then you can do: ``` $ qemu-img create -f vmdk test.vmdk 1G $ nbdkit -fv vddk libdir=/path/to/vddk-7.0.3/vmware-vix-disklib-distrib/ test.vddk ``` ^^ will crash. Then do: ``` $ LD_LIBRARY_PATH=$PWD/lib/.libs nbdkit -fv vddk libdir=/home/rjones/tmp/vddk-7.0.3/vmware-vix-disklib-distrib/ test.vddk ``` and nbdkit should start up fine (listening on port 10809). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_853200336 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 07:44:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 06:44:50 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: All discussions on merge request !1486 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 07:45:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 06:45:34 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486#note_853555647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 07:45:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 06:45:41 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: Merge request !1486 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 Project:Branches: FrantisekKrenzelok/gnutls:ktls_sendfile to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 07:45:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 06:45:50 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: Merge request !1486 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 Project:Branches: FrantisekKrenzelok/gnutls:ktls_sendfile to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 09:04:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 08:04:43 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for checking. I just realized that this was actually the same way as we have been doing for trousers, which also brings in OpenSSL. To avoid package level dependencies (i.e., Fedora packages all libtss2* shared libs in a single package), I've also made other libs (libtss2-mu and libtss2-tctildr) dynamically loaded. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_853622415 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 09:42:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 08:42:07 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: There's actually a trick using `typeof` which avoids redefining each variable type (and it's more type safe). However I'm not sure if it requires a GCC extension or not. See example: ``` #include #include #include #include #include typeof(Esys_Initialize) (*my_Esys_Initialize); typeof(Esys_Finalize) (*my_Esys_Finalize); int main () { void *dl = dlopen ("libtss2-esys.so.0", RTLD_NOW); assert (dl); my_Esys_Initialize = dlsym (dl, "Esys_Initialize"); assert (my_Esys_Initialize); my_Esys_Finalize = dlsym (dl, "Esys_Finalize"); assert (my_Esys_Finalize); ESYS_CONTEXT *ctx; if (my_Esys_Initialize (&ctx, NULL, NULL)) { fprintf (stderr, "Esys_Initialize failed\n"); exit (1); } fprintf (stderr, "ctx = %p\n", ctx); my_Esys_Finalize (&ctx); exit (0); } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_853664582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 09:50:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 08:50:06 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: `typeof` is a GCC extension (but widely supported - the code above works fine in `clang`). But `typeof` is going to be added to the C23 standard. This posting was recently made by the C23 Project Editor: https://twitter.com/__phantomderp/status/1494801365297676293 I would say that unless you need to support weird compilers (MSVC?) then it should be fine to use it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_853674231 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 10:26:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 09:26:29 +0000 Subject: [gnutls-devel] build-images | Add installation of development files for gnutls compression libs (!28) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 10:26:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 09:26:29 +0000 Subject: [gnutls-devel] build-images | Add installation of development files for gnutls compression libs (!28) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/build-images/-/merge_requests/28 Project:Branches: ZoltanFridrich/build-images:master to gnutls/build-images:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 10:26:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 09:26:29 +0000 Subject: [gnutls-devel] build-images | Add installation of development files for gnutls compression libs (!28) In-Reply-To: References: Message-ID: Reassigned merge request 28 https://gitlab.com/gnutls/build-images/-/merge_requests/28 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 10:30:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 09:30:13 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file: make it work with non-blocking I/O (!1545) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 Project:Branches: dueno/gnutls:wip/dueno/sendfile to gnutls/gnutls:master Author: Daiki Ueno When either read() or gnutls_record_send() returns EAGAIN, just return to the caller so it can call this function again, instead of retrying internally. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 10:31:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 09:31:02 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file: make it work with non-blocking I/O (!1545) In-Reply-To: References: Message-ID: Reviewer changed to Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:22:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:22:19 +0000 Subject: [gnutls-devel] GnuTLS | ABI break due to adding const qualifiers to some libgnutlsxx.so methods (#1318) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1318 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:22:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:22:41 +0000 Subject: [gnutls-devel] GnuTLS | TPM support not enabled unless --without-tpm2 is given (#1313) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:22:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:22:58 +0000 Subject: [gnutls-devel] GnuTLS | Malformed message in taskwarrior with gnutls 3.7.3 and KTLS (#1314) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1314 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:23:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:23:26 +0000 Subject: [gnutls-devel] GnuTLS | tests suite portfinding endless loop (#1315) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1315 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:24:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:24:14 +0000 Subject: [gnutls-devel] GnuTLS | bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS (!1538) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1538 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:26:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:26:38 +0000 Subject: [gnutls-devel] build-images | Add installation of development files for gnutls compression libs (!28) In-Reply-To: References: Message-ID: Merge request !28 was merged Merge request URL: https://gitlab.com/gnutls/build-images/-/merge_requests/28 Project:Branches: ZoltanFridrich/build-images:master to gnutls/build-images:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:27:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:27:26 +0000 Subject: [gnutls-devel] GnuTLS | ktls: sendfile (!1486) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:27:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:27:38 +0000 Subject: [gnutls-devel] GnuTLS | priority, algorithms: compile out GOST algorithms IDs if they are disabled (!1539) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:27:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:27:53 +0000 Subject: [gnutls-devel] GnuTLS | [split off !1533] defer setting priority string (!1540) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:28:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:28:09 +0000 Subject: [gnutls-devel] GnuTLS | Fix typos (!1537) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1537 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 11:28:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 10:28:21 +0000 Subject: [gnutls-devel] GnuTLS | Disable some tests in fips mode (!1536) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 13:38:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 12:38:32 +0000 Subject: [gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512) In-Reply-To: References: Message-ID: Reassigned merge request 1512 https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 18:57:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 17:57:04 +0000 Subject: [gnutls-devel] GnuTLS | jsonopts: make option description type-safe (!1535) In-Reply-To: References: Message-ID: Daiki Ueno changed the draft status of merge request !1535 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1535 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 20:23:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 19:23:01 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Merge request !1544 was approved by Anderson Sasaki Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544 Project:Branches: dueno/gnutls:wip/dueno/libtss2-esys-dlopen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 24 20:24:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Feb 2022 19:24:09 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Anderson Sasaki commented: LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_854505163 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 25 08:34:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Feb 2022 07:34:08 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks! It indeed looks like a good idea to use `typeof`; I've rewritten using it. Also it turned out that the DL initialization was done a bit too late, so I've consolidated it in the pthread_once block. @ansasaki sorry to bother you but could you take a second look? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_855035193 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 25 11:40:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Feb 2022 10:40:47 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file: make it work with non-blocking I/O (!1545) In-Reply-To: References: Message-ID: Merge request !1545 was approved by Franti?ek Kren?elok Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 Project:Branches: dueno/gnutls:wip/dueno/sendfile to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 25 15:38:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Feb 2022 14:38:00 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Daiki Ueno commented: When compiled with GCC `-fsanitize`, it produces the following error: ```c tpm2_esys.c:90:36: error: expected declaration specifiers or '...' before '*' token 90 | static typeof(Esys_GetCapability) (*_gnutls_tss2_Esys_GetCapability); ``` https://gitlab.com/dueno/gnutls/-/jobs/2136238384#L1248 I suspect that this might be a compiler bug, but probably we'll need to go back to the original definition for now... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_855552009 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 25 17:36:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Feb 2022 16:36:32 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Reviewer changed to Anderson Sasaki -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 25 17:36:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Feb 2022 16:36:39 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 26 07:42:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Feb 2022 06:42:23 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file: make it work with non-blocking I/O (!1545) In-Reply-To: References: Message-ID: Merge request !1545 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 Project:Branches: dueno/gnutls:wip/dueno/sendfile to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 26 09:57:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Feb 2022 08:57:10 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: I can't reproduce the `-fsanitize` error here with `address` or `undefined`. Which sanitize suboption did you use and what version of GCC? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_856103153 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 26 16:21:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Feb 2022 15:21:38 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: dynamically load tss2 libraries as needed (!1544) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_856185528 Sorry, `-fsanitize` was a red herring; it was actually `-std=c99`. I could work around the issue by using `__typeof__` instead. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1544#note_856185528 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 26 16:44:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Feb 2022 15:44:54 +0000 Subject: [gnutls-devel] GnuTLS | TLS certificate compression (RFC8879) (#1301) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1301 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 26 16:45:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Feb 2022 15:45:16 +0000 Subject: [gnutls-devel] GnuTLS | TLS certificate compression (RFC8879) (#1301) In-Reply-To: References: Message-ID: Reassigned Issue 1301 https://gitlab.com/gnutls/gnutls/-/issues/1301 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1301 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 26 16:45:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Feb 2022 15:45:47 +0000 Subject: [gnutls-devel] GnuTLS | x509: regression in the error code returned on encrypted files (#1321) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.4 (Jan 15, 2022?Mar 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/33 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1321 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 26 16:49:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Feb 2022 15:49:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file: make it work with non-blocking I/O (!1545) In-Reply-To: References: Message-ID: Merge request !1545 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 Project:Branches: dueno/gnutls:wip/dueno/sendfile to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1545 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 27 16:55:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Feb 2022 15:55:23 +0000 Subject: [gnutls-devel] GnuTLS | x509: fix return error code for failed decryption without key (!1546) References: Message-ID: Craig created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546 Project:Branches: trapperhoney/gnutls:master to gnutls/gnutls:master Author: Craig Fix #1321 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 27 22:52:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Feb 2022 21:52:38 +0000 Subject: [gnutls-devel] GnuTLS | Increase Guile version to 3.0 (!1532) In-Reply-To: References: Message-ID: civodul commented: @dueno Like @ametzler, I see two unrelated changes, and I wonder what the justification of each of these is. Regarding the first change (requiring Guile >= 3.0), I don't think it's necessary at this point. Currently, the bindings support Guile versions 1.8 through 3.0 (spanning ~15 years of Guile releases!). We could consider dropping support for 1.8 and 2.0 in the near future, though (Guile 2.2.0 was released in March 2017). As for the second change (renaming the `guile-gnutls` module), I think it's unnecessary; the name doesn't really matter since only `gnutls.scm` refers to it. Thoughts? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1532#note_856532076 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 09:35:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 08:35:25 +0000 Subject: [gnutls-devel] GnuTLS | Increase Guile version to 3.0 (!1532) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: I agree, the changes feel unnecessary. I will close this MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1532#note_856855072 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 09:35:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 08:35:26 +0000 Subject: [gnutls-devel] GnuTLS | Increase Guile version to 3.0 (!1532) In-Reply-To: References: Message-ID: Merge request !1532 was closed by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1532 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1532 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 15:54:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 14:54:49 +0000 Subject: [gnutls-devel] GnuTLS | Timeout in _asn1_find_up (#1327) References: Message-ID: tongxiaoge1001 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1327 ## Description of problem: ==3981605== ERROR: libFuzzer: timeout after 61 seconds #0 0x52b281 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3 #1 0x475ca8 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 #2 0x45a2f9 in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:301:5 #3 0x7f2cc9bfc4bf (/lib64/libpthread.so.0+0x134bf) #4 0x860809 in _asn1_find_up /src/libtasn1/lib/parser_aux.c:533:47 #5 0x852ad7 in asn1_der_decoding2 /src/libtasn1/lib/decoding.c:1566:6 #6 0x55b990 in _asn1_strict_der_decode /src/gnutls/lib/x509/./common.h:302:9 #7 0x55b64a in gnutls_x509_crq_import /src/gnutls/lib/x509/crq.c:150:6 #8 0x555ad5 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_x509_crq_parser_fuzzer.c:42:8 #9 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #10 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #11 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #12 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #13 0x7f2cc9a2db26 in __libc_start_main (/lib64/libc.so.6+0x25b26) #14 0x423149 in _start (/root/oss-fuzz/build/out/gnutls/gnutls_x509_crq_parser_fuzzer+0x423149) ## Version of gnutls used: 3.6.14 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) openEuler ## How reproducible: [fusiontest-testcase-gnutls_x509_crq_parser_fuzzer-202111260001.rar](/uploads/62d97541661d40a04bba34394160322e/fusiontest-testcase-gnutls_x509_crq_parser_fuzzer-202111260001.rar) ## Actual results: Error occurred ## Expected results: No ERROR -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1327 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 16:01:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 15:01:19 +0000 Subject: [gnutls-devel] GnuTLS | memleak in wrap_nettle_mpi_init (#1328) References: Message-ID: tongxiaoge1001 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1328 ## Description of problem: `==3981579==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x7606ad in wrap_nettle_mpi_init /src/gnutls/lib/nettle/mpi.c:79:6 #2 0x7611de in wrap_nettle_mpi_copy /src/gnutls/lib/nettle/mpi.c:189:8 #3 0x77a005 in set_dh_pk_params /src/gnutls/lib/dh.c:58:53 #4 0x7790c7 in _gnutls_figure_dh_params /src/gnutls/lib/dh.c:178:8 #5 0x7bff56 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:107:6 #6 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #7 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #8 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #9 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #10 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #11 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #12 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #13 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #14 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--wrap_nettle_mpi_init--wrap_nettle_mpi_copy Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x7606ad in wrap_nettle_mpi_init /src/gnutls/lib/nettle/mpi.c:79:6 #2 0x7611de in wrap_nettle_mpi_copy /src/gnutls/lib/nettle/mpi.c:189:8 #3 0x779fac in set_dh_pk_params /src/gnutls/lib/dh.c:51:52 #4 0x7790c7 in _gnutls_figure_dh_params /src/gnutls/lib/dh.c:178:8 #5 0x7bff56 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:107:6 #6 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #7 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #8 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #9 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #10 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #11 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #12 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #13 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #14 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--wrap_nettle_mpi_init--wrap_nettle_mpi_copy Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x7606ad in wrap_nettle_mpi_init /src/gnutls/lib/nettle/mpi.c:79:6 #2 0x76088f in wrap_nettle_mpi_init_multi /src/gnutls/lib/nettle/mpi.c:98:8 #3 0x76b5b1 in wrap_nettle_pk_generate_keys /src/gnutls/lib/nettle/pk.c:2242:10 #4 0x739439 in _gnutls_dh_common_print_server_kx /src/gnutls/lib/auth/dh_common.c:340:6 #5 0x7bff94 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:115:6 #6 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #7 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #8 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #9 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #10 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #11 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #12 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #13 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #14 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--wrap_nettle_mpi_init--wrap_nettle_mpi_init_multi Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x7606ad in wrap_nettle_mpi_init /src/gnutls/lib/nettle/mpi.c:79:6 #2 0x7611de in wrap_nettle_mpi_copy /src/gnutls/lib/nettle/mpi.c:189:8 #3 0x779f5a in set_dh_pk_params /src/gnutls/lib/dh.c:47:52 #4 0x7790c7 in _gnutls_figure_dh_params /src/gnutls/lib/dh.c:178:8 #5 0x7bff56 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:107:6 #6 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #7 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #8 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #9 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #10 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #11 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #12 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #13 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #14 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--wrap_nettle_mpi_init--wrap_nettle_mpi_copy Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x7606ad in wrap_nettle_mpi_init /src/gnutls/lib/nettle/mpi.c:79:6 #2 0x7609ba in wrap_nettle_mpi_init_multi /src/gnutls/lib/nettle/mpi.c:109:10 #3 0x76b5b1 in wrap_nettle_pk_generate_keys /src/gnutls/lib/nettle/pk.c:2242:10 #4 0x739439 in _gnutls_dh_common_print_server_kx /src/gnutls/lib/auth/dh_common.c:340:6 #5 0x7bff94 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:115:6 #6 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #7 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #8 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #9 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #10 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #11 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #12 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #13 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #14 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--wrap_nettle_mpi_init--wrap_nettle_mpi_init_multi Indirect leak of 384 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x8ce708 in __gmp_default_allocate /src/gmp/memory.c:53:9 #2 0x892088 in __gmpz_realloc /src/gmp/mpz/realloc.c:63:12 #3 0x8929d8 in __gmpz_set /src/gmp/mpz/set.c:43:8 #4 0x761216 in wrap_nettle_mpi_copy /src/gnutls/lib/nettle/mpi.c:193:2 #5 0x779fac in set_dh_pk_params /src/gnutls/lib/dh.c:51:52 #6 0x7790c7 in _gnutls_figure_dh_params /src/gnutls/lib/dh.c:178:8 #7 0x7bff56 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:107:6 #8 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #9 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #10 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #11 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #12 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #13 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #14 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #15 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--__gmp_default_allocate--__gmpz_realloc Indirect leak of 384 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x8ce708 in __gmp_default_allocate /src/gmp/memory.c:53:9 #2 0x892088 in __gmpz_realloc /src/gmp/mpz/realloc.c:63:12 #3 0x8929d8 in __gmpz_set /src/gmp/mpz/set.c:43:8 #4 0x76b616 in wrap_nettle_pk_generate_keys /src/gnutls/lib/nettle/pk.c:2249:4 #5 0x739439 in _gnutls_dh_common_print_server_kx /src/gnutls/lib/auth/dh_common.c:340:6 #6 0x7bff94 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:115:6 #7 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #8 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #9 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #10 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #11 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #12 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #13 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #14 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #15 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--__gmp_default_allocate--__gmpz_realloc Indirect leak of 384 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x8ce708 in __gmp_default_allocate /src/gmp/memory.c:53:9 #2 0x892088 in __gmpz_realloc /src/gmp/mpz/realloc.c:63:12 #3 0x8929d8 in __gmpz_set /src/gmp/mpz/set.c:43:8 #4 0x76b5f1 in wrap_nettle_pk_generate_keys /src/gnutls/lib/nettle/pk.c:2248:4 #5 0x739439 in _gnutls_dh_common_print_server_kx /src/gnutls/lib/auth/dh_common.c:340:6 #6 0x7bff94 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:115:6 #7 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #8 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #9 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #10 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #11 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #12 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #13 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #14 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #15 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--__gmp_default_allocate--__gmpz_realloc Indirect leak of 384 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x8ce708 in __gmp_default_allocate /src/gmp/memory.c:53:9 #2 0x892088 in __gmpz_realloc /src/gmp/mpz/realloc.c:63:12 #3 0x8929d8 in __gmpz_set /src/gmp/mpz/set.c:43:8 #4 0x761216 in wrap_nettle_mpi_copy /src/gnutls/lib/nettle/mpi.c:193:2 #5 0x77a005 in set_dh_pk_params /src/gnutls/lib/dh.c:58:53 #6 0x7790c7 in _gnutls_figure_dh_params /src/gnutls/lib/dh.c:178:8 #7 0x7bff56 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:107:6 #8 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #9 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #10 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #11 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #12 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #13 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #14 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #15 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) DEDUP_TOKEN: malloc--__gmp_default_allocate--__gmpz_realloc Indirect leak of 8 byte(s) in 1 object(s) allocated from: #0 0x52284d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x8ce708 in __gmp_default_allocate /src/gmp/memory.c:53:9 #2 0x892088 in __gmpz_realloc /src/gmp/mpz/realloc.c:63:12 #3 0x8929d8 in __gmpz_set /src/gmp/mpz/set.c:43:8 #4 0x761216 in wrap_nettle_mpi_copy /src/gnutls/lib/nettle/mpi.c:193:2 #5 0x779f5a in set_dh_pk_params /src/gnutls/lib/dh.c:47:52 #6 0x7790c7 in _gnutls_figure_dh_params /src/gnutls/lib/dh.c:178:8 #7 0x7bff56 in gen_dhe_server_kx /src/gnutls/lib/auth/dhe.c:107:6 #8 0x59d6f6 in _gnutls_send_server_kx_message /src/gnutls/lib/kx.c:289:7 #9 0x590450 in handshake_server /src/gnutls/lib/handshake.c:3450:8 #10 0x58aa34 in gnutls_handshake /src/gnutls/lib/handshake.c:2773:9 #11 0x555cc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_server_rawpk_fuzzer.c:90:9 #12 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #13 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #14 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #15 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7f65d4b05b26 in __libc_start_main (/lib64/libc.so.6+0x25b26)` ## Version of gnutls used: 3.6.14 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) openEuler ## Actual results: Error occurred[fusiontest-testcase-gnutls_server_rawpk_fuzzer-202111260001](/uploads/f6d02efe56623be93296ae4971dc5a49/fusiontest-testcase-gnutls_server_rawpk_fuzzer-202111260001) ## Expected results: No Error -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1328 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 16:03:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 15:03:45 +0000 Subject: [gnutls-devel] GnuTLS | Timeout in gnutls_pkcs12_verify_mac (#1329) References: Message-ID: tongxiaoge1001 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1329 ## Description of problem: ` ==3981550== ERROR: libFuzzer: timeout after 121 seconds #0 0x52b281 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3 #1 0x475ca8 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 #2 0x45a2f9 in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:301:5 #3 0x7f608ab804bf (/lib64/libpthread.so.0+0x134bf) #4 0x521ab1 in __asan_memcpy /src/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 #5 0x830d00 in nettle_sha1_init /src/nettle/sha1.c:64:3 #6 0x716961 in _ctx_init /src/gnutls/lib/accelerated/x86/sha-x86-ssse3.c:237:3 #7 0x7165ee in wrap_x86_hash_fast /src/gnutls/lib/accelerated/x86/sha-x86-ssse3.c:348:8 #8 0x620063 in _gnutls_hash_fast /src/gnutls/lib/hash_int.c:133:7 #9 0x57c755 in _gnutls_pkcs12_string_to_key /src/gnutls/lib/x509/pkcs12_encr.c:163:9 #10 0x57211f in gnutls_pkcs12_verify_mac /src/gnutls/lib/x509/pkcs12.c:1127:11 #11 0x555bc7 in LLVMFuzzerTestOneInput /src/gnutls/fuzz/gnutls_pkcs12_key_parser_fuzzer.c:50:2 #12 0x45bb23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15 #13 0x447292 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #14 0x44cf36 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9 #15 0x476442 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7f608a9b1b26 in __libc_start_main (/lib64/libc.so.6+0x25b26) #17 0x423149 in _start (/root/oss-fuzz/build/out/gnutls/gnutls_pkcs12_key_parser_fuzzer+0x423149) ` ## Version of gnutls used: 3.6.14 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) openEuler ## Actual results: Error occurred ## Expected results: No Error[fusiontest-testcase-gnutls_pkcs12_key_parser_fuzzer-202111260001](/uploads/d9002552f9768ec2f20315369f79aab3/fusiontest-testcase-gnutls_pkcs12_key_parser_fuzzer-202111260001) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1329 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 17:46:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 16:46:43 +0000 Subject: [gnutls-devel] GnuTLS | x509: fix return error code for failed decryption without key (!1546) In-Reply-To: References: Message-ID: Merge request !1546 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546 Project:Branches: trapperhoney/gnutls:master to gnutls/gnutls:master Author: Craig Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 17:48:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 16:48:29 +0000 Subject: [gnutls-devel] GnuTLS | x509: fix return error code for failed decryption without key (!1546) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you; looks good to me. The static-analyzer CI run should pass if you increase the CI timeout following the [documentation](https://docs.gitlab.com/ee/ci/pipelines/settings.html#set-a-limit-for-how-long-jobs-can-run). My recommendation is 3h or 2h. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546#note_857538719 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 18:00:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 17:00:40 +0000 Subject: [gnutls-devel] GnuTLS | Timeout in gnutls_pkcs12_verify_mac (#1329) In-Reply-To: References: Message-ID: Daiki Ueno commented: This is an expected behavior: the reproducer uses high iteration count (3657961472) for KDF. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1329#note_857551368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 18:00:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 17:00:40 +0000 Subject: [gnutls-devel] GnuTLS | Timeout in gnutls_pkcs12_verify_mac (#1329) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1329: https://gitlab.com/gnutls/gnutls/-/issues/1329 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1329 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 19:01:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 18:01:21 +0000 Subject: [gnutls-devel] GnuTLS | x509: fix return error code for failed decryption without key (!1546) In-Reply-To: References: Message-ID: Merge request !1546 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546 Project:Branches: trapperhoney/gnutls:master to gnutls/gnutls:master Author: Craig Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 20:46:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 19:46:51 +0000 Subject: [gnutls-devel] GnuTLS | x509: regression in the error code returned on encrypted files (#1321) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1546 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1546) Issue #1321: https://gitlab.com/gnutls/gnutls/-/issues/1321 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1321 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 28 20:46:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Feb 2022 19:46:48 +0000 Subject: [gnutls-devel] GnuTLS | x509: fix return error code for failed decryption without key (!1546) In-Reply-To: References: Message-ID: Merge request !1546 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546 Project:Branches: trapperhoney/gnutls:master to gnutls/gnutls:master Author: Craig Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1546 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: