From gnutls-devel at lists.gnutls.org Sun May 1 08:56:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 06:56:18 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Reviewer changed from Hubert Kario (@mention me if you need reply) to Hubert Kario (@mention me if you need reply) and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 08:58:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 06:58:51 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Daiki Ueno commented: @asosedkin expressed a backward compatibility concern on the previous approach (repurposing `GNUTLS_NO_TICKETS`), so I've changed the direction to adding a new flag `GNUTLS_NO_TICKETS_TLS12`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_931626471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 09:43:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 07:43:44 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: replace valgrind checks with ASan (!1467) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467#note_931632077 In any case I don't see any good reason to check the same thing with different tools (valgrind and ASan) and increase (cumulative) CI running time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467#note_931632077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 09:43:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 07:43:45 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: replace valgrind checks with ASan (!1467) In-Reply-To: References: Message-ID: All discussions on merge request !1467 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1467 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 09:44:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 07:44:46 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: replace valgrind checks with ASan (!1467) In-Reply-To: References: Message-ID: Merge request !1467 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467 Project:Branches: dueno/gnutls:wip/dueno/ci-remove-valgrind to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 09:44:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 07:44:16 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: replace valgrind checks with ASan (!1467) In-Reply-To: References: Message-ID: Daiki Ueno commented: Since this is a CI only change, I'm merging this without approval. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1467#note_931632132 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 10:08:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 08:08:06 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: lib/accelerated/aarch64/Makefile has hardcoded flag not supported by Clang (#1317) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.5 (Mar 15, 2022?May 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/34 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1317 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 10:08:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 08:08:20 +0000 Subject: [gnutls-devel] GnuTLS | clang crash when building lib/accelerated/aarch64/macosx/sha512-armv8.s (#1347) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.5 (Mar 15, 2022?May 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/34 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 10:09:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 08:09:39 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to globally enable/disable KTLS (#1298) In-Reply-To: References: Message-ID: Daiki Ueno commented: This should be fixed with !1559. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1298#note_931634565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 10:09:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 08:09:40 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to globally enable/disable KTLS (#1298) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1298: https://gitlab.com/gnutls/gnutls/-/issues/1298 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1298 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 10:11:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 08:11:00 +0000 Subject: [gnutls-devel] GnuTLS | clang crash when building lib/accelerated/aarch64/macosx/sha512-armv8.s (#1347) In-Reply-To: References: Message-ID: Reassigned Issue 1347 https://gitlab.com/gnutls/gnutls/-/issues/1347 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 10:11:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 08:11:08 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: lib/accelerated/aarch64/Makefile has hardcoded flag not supported by Clang (#1317) In-Reply-To: References: Message-ID: Reassigned Issue 1317 https://gitlab.com/gnutls/gnutls/-/issues/1317 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1317 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 1 10:14:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 May 2022 08:14:27 +0000 Subject: [gnutls-devel] GnuTLS | psk_ke_modes_recv_params() wrongly sets HSK_PSK_KE_MODE_INVALID (#1303) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.5 (Mar 15, 2022?May 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/34 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1303 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 07:14:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 05:14:28 +0000 Subject: [gnutls-devel] GnuTLS | clang crash when building lib/accelerated/aarch64/macosx/sha512-armv8.s (#1347) In-Reply-To: References: Message-ID: Brad Smith commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1347#note_931883078 The crashing issue with using -march was fixed after the 13.0.0 release. I pushed for this to be merged.. https://github.com/llvm/llvm-project/commit/d31f8cc6884ba3cc3e088fd57c4c533868e8a8b2 Bust most downstream users haven't picked up 13.0.1 nor the fix itself to resolve the crashing issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1347#note_931883078 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 07:28:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 05:28:05 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Daiki Ueno commented: @brad0, @jralls, would it be possible to check this patch? You would need to bootstrap (by running `./bootstrap` or perhaps `autoconf` alone after applying the patch might be sufficient; I can provide a test tarball if needed). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_931888323 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 07:42:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 05:42:44 +0000 Subject: [gnutls-devel] GnuTLS | .github/workflows/macos.yml: pull in gtk-doc (!1580) In-Reply-To: References: Message-ID: Reassigned merge request 1580 https://gitlab.com/gnutls/gnutls/-/merge_requests/1580 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1580 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 07:42:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 05:42:45 +0000 Subject: [gnutls-devel] GnuTLS | .github/workflows/macos.yml: pull in gtk-doc (!1580) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1580 Project:Branches: dueno/gnutls:wip/dueno/minor to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno .. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1580 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 11:36:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 09:36:11 +0000 Subject: [gnutls-devel] GnuTLS | Remove TLS PSK username length restriction (!1581) In-Reply-To: References: Message-ID: Reassigned merge request 1581 https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 11:36:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 09:36:12 +0000 Subject: [gnutls-devel] GnuTLS | Remove TLS PSK username length restriction (!1581) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #1323 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 12:10:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 10:10:32 +0000 Subject: [gnutls-devel] GnuTLS | Verification failed for archive.mesa3d.org (#1357) References: Message-ID: Jookia created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1357 ## Description of problem: Certificate verification fails for archive.mesa3d.org . ## Version of gnutls used: 3.4.7 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu Jammy Built from source on Ubuntu and Arch ## How reproducible: Steps to Reproduce: * gnutls-cli archive.mesa3d.org ## Actual results: ``` Processed 127 CA certificate(s). Resolving 'archive.mesa3d.org:443'... Connecting to '131.252.210.176:443'... - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b4095290dbfcdf9ea4b9fceb4626e379f7, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-03-05 21:17:47 UTC', expires `2022-06-03 21:17:46 UTC', pin-sha256="TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8=" Public Key ID: sha1:6d6cb1c5e6991c97aacad8a7b4e6f765cc40bfd0 sha256:4cbcd109d2aa725a553f9a7942c467cf38d42ca460dadd05039a8f690f40aecf Public Key PIN: pin-sha256:TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8= - Certificate[1] info: - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b4095290dbfcdf9ea4b9fceb4626e379f7, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-03-05 21:17:47 UTC', expires `2022-06-03 21:17:46 UTC', pin-sha256="TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8=" - Certificate[2] info: - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=" - Certificate[3] info: - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=" - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. ``` ## Expected results: ``` Processed 153 CA certificate(s). Resolving 'archive.mesa3d.org:443'... Connecting to '2610:10:20:722:a800:ff:feda:470f:443'... - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b4095290dbfcdf9ea4b9fceb4626e379f7, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-03-05 21:17:47 UTC', expires `2022-06-03 21:17:46 UTC', pin-sha256="TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8=" Public Key ID: sha1:6d6cb1c5e6991c97aacad8a7b4e6f765cc40bfd0 sha256:4cbcd109d2aa725a553f9a7942c467cf38d42ca460dadd05039a8f690f40aecf Public Key PIN: pin-sha256:TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8= - Certificate[1] info: - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b4095290dbfcdf9ea4b9fceb4626e379f7, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-03-05 21:17:47 UTC', expires `2022-06-03 21:17:46 UTC', pin-sha256="TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8=" - Certificate[2] info: - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=" - Certificate[3] info: - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=" - Status: The certificate is trusted. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 12:11:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 10:11:31 +0000 Subject: [gnutls-devel] GnuTLS | Verification failed for archive.mesa3d.org (#1357) In-Reply-To: References: Message-ID: Jookia commented: archive.mesa3d.org certificate as of writing: [test.cert](/uploads/1d97f6a468fc387fe0d53fe1d2394290/test.cert) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1357#note_932106171 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 12:16:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 10:16:15 +0000 Subject: [gnutls-devel] GnuTLS | Verification failed for archive.mesa3d.org (#1357) In-Reply-To: References: Message-ID: Jookia commented: This might be a duplicate of #1335 , I can run this to verify correctly: ``` certtool --infile=test.cert --verify --load-ca-certificate="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust" ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1357#note_932109945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 12:18:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 10:18:28 +0000 Subject: [gnutls-devel] GnuTLS | Verification failed for archive.mesa3d.org (#1357) In-Reply-To: References: Message-ID: Jookia commented: Sorry for the duplicate report. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1357#note_932111807 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 12:18:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 10:18:30 +0000 Subject: [gnutls-devel] GnuTLS | Verification failed for archive.mesa3d.org (#1357) In-Reply-To: References: Message-ID: Issue was closed by Jookia Issue #1357: https://gitlab.com/gnutls/gnutls/-/issues/1357 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 13:00:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 11:00:55 +0000 Subject: [gnutls-devel] GnuTLS | ./bootstrap: 69: ./bootstrap.conf: gnulib/gnulib-tool: not found ./bootstrap: 269: ./bootstrap: gtkdocize: not found (#1358) References: Message-ID: 168912916 859421311 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1358 ## Description of problem: curl-novalgrind-ngtcp2-gnutls Failes after a 3. retry the pkgs are not found gnulib/gnulib-tool and gtkdocize ## Version of gnutls used: git clone --depth 1 https://gitlab.com/gnutls/gnutls.git ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: setup a build on zuul like curl does, not sure if this is reproducible in any way. Steps to Reproduce: --- ## Actual results: https://curl.zuul.vexxhost.dev/build/9225fd94df0e4dcca60e9bb068083e98/console ## Expected results: passed builds -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1358 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 13:02:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 11:02:58 +0000 Subject: [gnutls-devel] GnuTLS | Increase PSK identity limit to 256 characters (!1582) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1582 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #1323 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 13:02:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 11:02:52 +0000 Subject: [gnutls-devel] GnuTLS | Increase PSK identity limit to 256 characters (!1582) In-Reply-To: References: Message-ID: Reassigned merge request 1582 https://gitlab.com/gnutls/gnutls/-/merge_requests/1582 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 15:35:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 13:35:59 +0000 Subject: [gnutls-devel] GnuTLS | ./bootstrap: 69: ./bootstrap.conf: gnulib/gnulib-tool: not found ./bootstrap: 269: ./bootstrap: gtkdocize: not found (#1358) In-Reply-To: References: Message-ID: Daiki Ueno commented: Try installing the `gtk-doc-tools` package and then run `git submodule update --init` before running `./bootstrap`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1358#note_932310076 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 15:36:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 13:36:02 +0000 Subject: [gnutls-devel] GnuTLS | ./bootstrap: 69: ./bootstrap.conf: gnulib/gnulib-tool: not found ./bootstrap: 269: ./bootstrap: gtkdocize: not found (#1358) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1358: https://gitlab.com/gnutls/gnutls/-/issues/1358 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1358 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 2 18:07:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 May 2022 16:07:34 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: John Ralls commented: @dueno I tried by applying the commit via `git format-patch` to a freshly unpacked gnutls-3.7.3.tar.xz. The patch applied and autoreconf and configure succeeded but the build failed: ``` CCAS macosx/sha1-armv8.lo ../../../libtool: line 1760: 4484 Segmentation fault: 11 /Applications/Xcode.app/Contents/Developer/usr/bin/gcc -Wa,-march=all -O2 -arch arm64 -I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk -mmacosx-version-min=11 -c /Users/john/Development/Gnucash-Build/Gnucash-master-git-11-arm64/src/gnutls-3.7.3/lib/accelerated/aarch64/macosx/sha1-armv8.s -fno-common -DPIC -o macosx/.libs/sha1-armv8.o make[5]: *** [Makefile:2244: macosx/sha1-armv8.lo] Error 1 ``` Note the `-Wa,-march=all` in the gcc command line. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_932489685 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 3 06:54:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 May 2022 04:54:22 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_932882402 That implies that the configure check is not sufficient. I wonder what would be the minimal reproducer to detect that issue. The configure check is essentially this: ```console touch test.s gcc -Wa,-march=all -c test.s ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_932882402 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 3 09:52:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 May 2022 07:52:02 +0000 Subject: [gnutls-devel] GnuTLS | .github/workflows/macos.yml: pull in gtk-doc (!1580) In-Reply-To: References: Message-ID: Daiki Ueno commented: Since this is only about CI and build infrastructure, I'm merging it without approval. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1580#note_932983853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 3 09:52:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 May 2022 07:52:07 +0000 Subject: [gnutls-devel] GnuTLS | .github/workflows/macos.yml: pull in gtk-doc (!1580) In-Reply-To: References: Message-ID: Merge request !1580 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1580 Project:Branches: dueno/gnutls:wip/dueno/minor to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1580 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 3 12:24:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 May 2022 10:24:11 +0000 Subject: [gnutls-devel] GnuTLS | gnutls restricts TLSv1.3 identity to 128 characters (#1323) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Hello and thank you for your contribution. Do you need/prefer the identity restriction being lifted/modified on lower versions of TLS as well or is it sufficient to increase the length just for TLS 1.3? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1323#note_933187488 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 3 12:53:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 May 2022 10:53:35 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) In-Reply-To: References: Message-ID: Reassigned merge request 1583 https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 3 12:53:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 May 2022 10:53:36 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich This MR adds more stricter sanity checks where any certificate containing garbage bits should be prohibited. These strict sanity checks can be used by configuring gnutls with --enable-strict-x509 option. Closes #1218 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 3 18:52:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 May 2022 16:52:13 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: John Ralls commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_933707270 Indeed, config.log says >configure:11495: checking whether the compiler supports -Wa,-march=all configure:11509: result: yes Trying the test at the command line: ``` /Applications/Xcode.app/Contents/Developer/usr/bin/gcc -Wa,-march=all -c test.s Segmentation fault: 11 ``` But that's *not* what your commit does. From configure: ``` if "$CCAS" "$AARCH64_CCASFLAGS" -c conftest.c >/dev/null 2>&1; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } AARCH64_CCASFLAGS= fi ``` and in the shell ``` $ > /Applications/Xcode.app/Contents/Developer/usr/bin/gcc -Wa,-march=all -c test.c $ > ``` The difference is that configure is testing a C compile not an assembler run. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_933707270 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 3 19:16:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 May 2022 17:16:32 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_933733111 > .sec_param = GNUTLS_SEC_PARAM_WEAK, > - .no_tickets = 1 > + .no_tickets_tls12 = 1 So, we're changing the current meaning of PFS. Should that at least go into release notes? -- Alexander Sosedkin started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_933733117 > +** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority > + modifier have been added to disable session ticket usage in TLS 1.2 because > + it does not forward secrecy (#477). Future backward incompatibility: in the a verb like "provide" or "offer" has been omitted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 06:40:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 04:40:15 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_934161181 > .group_list = &supported_groups_normal, > .profile = GNUTLS_PROFILE_LOW, > .sec_param = GNUTLS_SEC_PARAM_WEAK, > - .no_tickets = 1 > + .no_tickets_tls12 = 1 Good point, amended the NEWS entry. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_934161181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 06:55:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 04:55:47 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_934167014 Thank you for this info! I've updated the MR to manually creating `conftest.s`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_934167014 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 09:14:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 07:14:13 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_934265154 > > ** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority > modifier have been added to disable session ticket usage in TLS 1.2 because > - it does not forward secrecy (#477). Future backward incompatibility: in the > - next major release of GnuTLS, we plan to remove those flag and modifier, and > - make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2. > + it does not provide forward secrecy (#477). On the other hand, since session > + tickets in TLS 1.3 does provide forward secrecy, the PFS priority string now s/does/do/ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_934265154 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 10:26:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 08:26:05 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Merge request !1475 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 Project:Branches: dueno/gnutls:wip/dueno/session-ticket-tls13-only to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Hubert Kario (@mention me if you need reply) and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 10:34:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 08:34:46 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/algorithms/protocols.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_934364319 > gnutls_protocol_t cur_prot; > const version_entry_st *p, *max = NULL; > > + if (!session->internals.priorities) { Since this is an internal function, I think we can assume `session` is always non-NULL. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_934364319 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 10:34:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 08:34:53 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: All discussions on merge request !1475 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 10:35:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 08:35:04 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475#note_934364803 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 10:35:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 08:35:10 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Merge request !1475 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 Project:Branches: dueno/gnutls:wip/dueno/session-ticket-tls13-only to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Hubert Kario (@mention me if you need reply) and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 13:14:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 11:14:21 +0000 Subject: [gnutls-devel] GnuTLS | tls: add flag to disable session ticket in TLS 1.2 (!1475) In-Reply-To: References: Message-ID: Merge request !1475 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 Project:Branches: dueno/gnutls:wip/dueno/session-ticket-tls13-only to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Hubert Kario (@mention me if you need reply) and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 15:26:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 13:26:06 +0000 Subject: [gnutls-devel] GnuTLS | tests/cert-tests/pkcs12.sh: use portable sed invocations (!1584) In-Reply-To: References: Message-ID: Reassigned merge request 1584 https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 15:26:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 13:26:06 +0000 Subject: [gnutls-devel] GnuTLS | tests/cert-tests/pkcs12.sh: use portable sed invocations (!1584) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 Project:Branches: dueno/gnutls:wip/dueno/bsdsed to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno .. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 15:47:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 13:47:16 +0000 Subject: [gnutls-devel] GnuTLS | lib/fipshmac tool should be able to run on system libgnutls.so (#1359) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1359 Currently, `lib/fipshmac` invocation relies on the run-time linker to determine the path to libgnutls.so. As the libtool-generated wrapper script tweaks `LD_LIBRARY_PATH`, there is no way to tell it the right path. A possible improvement would be to extend the tool to take a path to libgnutls.so from the command line. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1359 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 4 17:24:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 May 2022 15:24:51 +0000 Subject: [gnutls-devel] GnuTLS | lib/fipshmac tool should be able to run on system libgnutls.so (#1359) In-Reply-To: References: Message-ID: Reassigned Issue 1359 https://gitlab.com/gnutls/gnutls/-/issues/1359 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1359 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 08:42:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 06:42:17 +0000 Subject: [gnutls-devel] GnuTLS | tests/cert-tests/pkcs12.sh: use portable sed invocations (!1584) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 12:18:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 10:18:54 +0000 Subject: [gnutls-devel] GnuTLS | Extend fipshmac to take a path to libgnutls.so (!1585) In-Reply-To: References: Message-ID: Reassigned merge request 1585 https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 12:18:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 10:18:55 +0000 Subject: [gnutls-devel] GnuTLS | Extend fipshmac to take a path to libgnutls.so (!1585) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel4 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich This patch extends fipshmac to optionally take a path to libgnutls.so instead of fully relying on dynamic linker. `Usage: fipshmac [gnutls_so_path]` When argument `gnutls_so_path` is provided, it will be used as a path to libgnutls.so to calculate hmac from, otherwise the path will be obtained via dynamic linker. Closes #1359 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 12:44:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 10:44:37 +0000 Subject: [gnutls-devel] GnuTLS | Extend fipshmac to take a path to libgnutls.so (!1585) In-Reply-To: References: Message-ID: Merge request !1585 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel4 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 12:44:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 10:44:45 +0000 Subject: [gnutls-devel] GnuTLS | Extend fipshmac to take a path to libgnutls.so (!1585) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585#note_936193646 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 12:59:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 10:59:19 +0000 Subject: [gnutls-devel] GnuTLS | Extend fipshmac to take a path to libgnutls.so (!1585) In-Reply-To: References: Message-ID: Merge request !1585 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel4 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 13:50:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 11:50:51 +0000 Subject: [gnutls-devel] GnuTLS | lib/fipshmac tool should be able to run on system libgnutls.so (#1359) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1585 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1585) Issue #1359: https://gitlab.com/gnutls/gnutls/-/issues/1359 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1359 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 13:50:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 11:50:51 +0000 Subject: [gnutls-devel] GnuTLS | Extend fipshmac to take a path to libgnutls.so (!1585) In-Reply-To: References: Message-ID: Merge request !1585 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel4 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1585 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 14:10:50 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 12:10:50 +0000 Subject: [gnutls-devel] GnuTLS | tests/cert-tests/pkcs12.sh: use portable sed invocations (!1584) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Small polishing patch. Looks good imo. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584#note_936315140 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 14:10:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 12:10:53 +0000 Subject: [gnutls-devel] GnuTLS | tests/cert-tests/pkcs12.sh: use portable sed invocations (!1584) In-Reply-To: References: Message-ID: Merge request !1584 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 Project:Branches: dueno/gnutls:wip/dueno/bsdsed to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 14:28:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 12:28:23 +0000 Subject: [gnutls-devel] GnuTLS | tests/cert-tests/pkcs12.sh: use portable sed invocations (!1584) In-Reply-To: References: Message-ID: Merge request !1584 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 Project:Branches: dueno/gnutls:wip/dueno/bsdsed to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 16:53:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 14:53:08 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls_aead_cipher_encryptv2 work with SIV ciphers (#1312) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.5 (Mar 15, 2022?May 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/34 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1312 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 16:57:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 14:57:08 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 5 18:39:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 16:39:45 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: John Ralls commented: That works. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_936782182 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 6 01:25:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 May 2022 23:25:14 +0000 Subject: [gnutls-devel] GnuTLS | test suite does not build on OpenBSD/aarch64 (#1360) References: Message-ID: Brad Smith created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1360 Trying to build GnuTLS 3.7.4 on OpenBSD/aarch64 fails. must be included before as documented in the latter. Fixes "unknown type name 'va_list'" error on aarch64. The patch we currently have in our tree for that is the following.. ``` Index: tests/cmocka-common.h --- tests/cmocka-common.h.orig +++ tests/cmocka-common.h @@ -1,6 +1,7 @@ #ifndef GNUTLS_TESTS_CMOCKA_COMMON_H #define GNUTLS_TESTS_CMOCKA_COMMON_H +#include #include #include #include ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1360 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 6 06:12:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 May 2022 04:12:37 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Brad Smith commented: Regarding the description. This is relevant for Clang 13.0.0 and has been fixed with 13.0.1 or https://github.com/llvm/llvm-project/commit/d31f8cc6884ba3cc3e088fd57c4c533868e8a8b2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_937248824 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 6 10:09:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 May 2022 08:09:46 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_937438189 Thanks; I've mentioned it in the commit log. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_937438189 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 7 10:05:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 May 2022 08:05:43 +0000 Subject: [gnutls-devel] GnuTLS | Fix psk_ke_modes_recv_params() wrongly setting HSK_PSK_KE_MODE_INVALID (!1563) In-Reply-To: References: Message-ID: Daiki Ueno commented: @codesquid I've added a test case; could you check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1563#note_938492490 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 7 10:11:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 May 2022 08:11:52 +0000 Subject: [gnutls-devel] GnuTLS | tests/cmocka-common.h: include before (!1586) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1586 Project:Branches: dueno/gnutls:wip/dueno/cmocka-stdarg to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Fixes: #1360 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 7 10:11:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 May 2022 08:11:51 +0000 Subject: [gnutls-devel] GnuTLS | tests/cmocka-common.h: include before (!1586) In-Reply-To: References: Message-ID: Reassigned merge request 1586 https://gitlab.com/gnutls/gnutls/-/merge_requests/1586 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 7 10:12:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 May 2022 08:12:29 +0000 Subject: [gnutls-devel] GnuTLS | test suite does not build on OpenBSD/aarch64 (#1360) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the suggestion; I've filed it as !1586. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1360#note_938493696 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 7 10:12:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 May 2022 08:12:53 +0000 Subject: [gnutls-devel] GnuTLS | test suite does not build on OpenBSD/aarch64 (#1360) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.5 (Mar 15, 2022?May 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/34 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1360 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 7 20:56:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 May 2022 18:56:09 +0000 Subject: [gnutls-devel] GnuTLS | MinGW build fails with "asn1Parser: command not found" (#1361) References: Message-ID: Tim R?hsen created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1361 Cross-building with MinGW64 today with latest master revealed this issue: ``` make[2]: Entering directory '/usr/local/gnutls/lib' GEN pkix_asn1_tab.c GEN gnutls_asn1_tab.c GPERF priority_options.h /usr/local/gnutls/build-aux/missing: line 81: asn1Parser: command not found /usr/local/gnutls/build-aux/missing: line 81: asn1Parser: command not found WARNING: 'asn1Parser' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'asn1Parser' program. WARNING: 'asn1Parser' is missing on your system. You might have modified some files without having the proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package contains this missing 'asn1Parser' program. make[2]: *** [Makefile:3439: gnutls_asn1_tab.c] Error 127 make[2]: *** Waiting for unfinished jobs.... make[2]: *** [Makefile:3436: pkix_asn1_tab.c] Error 127 make[2]: Leaving directory '/usr/local/gnutls/lib' make[1]: *** [Makefile:2257: all-recursive] Error 1 make[1]: Leaving directory '/usr/local/gnutls' make: *** [Makefile:2182: all] Error 2 The command '/bin/sh -c cd gnutls && SKIP_PO=1 ./bootstrap && ./configure --build=x86_64-pc-linux-gnu --host=$PREFIX --prefix=$INSTALLDIR --with-nettle-mini --disable-shared --enable-static --with-included-libtasn1 --with-included-unistring --without-p11-kit --disable-doc --disable-tests --disable-full-test-suite --disable-tools --disable-cxx --disable-maintainer-mode --disable-libdane --disable-hardware-acceleration --disable-guile && make -j$(nproc) && make install' returned a non-zero code: 2 ``` I made a bunch of MinGW builds in the last years and never experienced this error before. I'd expect `--with-included-libtasn1` doesn't need an explicit installation of `asn1Parser`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1361 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 8 02:57:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 08 May 2022 00:57:25 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1587) References: Message-ID: Brad Smith created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1587 Project:Branches: brad0/gnutls:master to gnutls/gnutls:master Author: Brad Smith This adds support for detecting hardware support for crypto on OpenBSD/aarch64. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 8 07:23:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 08 May 2022 05:23:20 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1587) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! I suppose commit-check would succeed if "Signed-off-by:" is written literally (notice "-" instead of a space). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1587#note_938762244 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 8 07:30:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 08 May 2022 05:30:40 +0000 Subject: [gnutls-devel] GnuTLS | MinGW build fails with "asn1Parser: command not found" (#1361) In-Reply-To: References: Message-ID: Daiki Ueno commented: We removed the files generated by `asn1Parser` in !1566, because they create a lot of noise. I thought it is not a problem because `--with-included-libtasn1` still works with distribution tarball. How feasible would it be to install libtasn1 tools on your build environment? If it is impractical, we could build asn1Parser from the git submodule at bootstrap/build time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1361#note_938762869 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 8 14:29:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 08 May 2022 12:29:55 +0000 Subject: [gnutls-devel] GnuTLS | MinGW build fails with "asn1Parser: command not found" (#1361) In-Reply-To: References: Message-ID: Tim R?hsen commented: Thanks, I switched to a tarball based build :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1361#note_938831539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 8 14:29:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 08 May 2022 12:29:56 +0000 Subject: [gnutls-devel] GnuTLS | MinGW build fails with "asn1Parser: command not found" (#1361) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #1361: https://gitlab.com/gnutls/gnutls/-/issues/1361 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1361 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 09:28:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 07:28:29 +0000 Subject: [gnutls-devel] GnuTLS | psk_ke_modes_recv_params() wrongly sets HSK_PSK_KE_MODE_INVALID (#1303) In-Reply-To: References: Message-ID: Reassigned Issue 1303 https://gitlab.com/gnutls/gnutls/-/issues/1303 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1303 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 09:28:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 07:28:39 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls_aead_cipher_encryptv2 work with SIV ciphers (#1312) In-Reply-To: References: Message-ID: Reassigned Issue 1312 https://gitlab.com/gnutls/gnutls/-/issues/1312 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1312 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 09:29:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 07:29:30 +0000 Subject: [gnutls-devel] GnuTLS | test suite does not build on OpenBSD/aarch64 (#1360) In-Reply-To: References: Message-ID: Reassigned Issue 1360 https://gitlab.com/gnutls/gnutls/-/issues/1360 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1360 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 09:29:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 07:29:59 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1587) In-Reply-To: References: Message-ID: Reassigned merge request 1587 https://gitlab.com/gnutls/gnutls/-/merge_requests/1587 Assignee changed to Brad Smith -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 09:30:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 07:30:13 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: aarch64: add OpenBSD/aarch64 support (!1587) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.5 (Mar 15, 2022?May 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/34 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 09:31:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 07:31:05 +0000 Subject: [gnutls-devel] GnuTLS | 3.7.4 tarball lacks gtk-doc macro (#1341) In-Reply-To: References: Message-ID: Reassigned Issue 1341 https://gitlab.com/gnutls/gnutls/-/issues/1341 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 16:56:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 14:56:48 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Changes make sense. Created temporary files are not left behind. The change seems to fix referenced issues. LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_939931368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 16:56:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 14:56:57 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Merge request !1579 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579 Project:Branches: dueno/gnutls:wip/dueno/aarch64-ccasflags to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 16:59:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 14:59:55 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Reviewer changed from Zolt?n Fridrich to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:01:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:01:06 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:12:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:12:51 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/x509/dn.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583#note_939958181 > + * However, if asn_node.value contains ASN.1 TLV triplet with length = 0, > + * such DirectoryString is not rejected by the parser as the node itself is not empty. > + * Explicitely reject DirectoryString in such case. typo: Explicitely ? Explicitly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:13:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:13:03 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) In-Reply-To: References: Message-ID: Merge request !1583 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:14:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:14:10 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me, except a typo. Good to see that the strict-x509 mode is going to be quite useful! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583#note_939960889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:16:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:16:14 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) In-Reply-To: References: Message-ID: All discussions on merge request !1583 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:22:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:22:52 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) In-Reply-To: References: Message-ID: Merge request !1583 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:55:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:55:18 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Daiki Ueno commented: > Created temporary files are not left behind. To be clear, this is a documented [behavior](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.71/html_node/Guidelines.html) of autoconf :-) > If a test program needs to use or create a data file, give it a name that starts with conftest, such as conftest.data. The configure script cleans up by running ?rm -f -r conftest*? after running test programs and if the script is interrupted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579#note_940017586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:55:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:55:36 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: All discussions on merge request !1579 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1579 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:56:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:56:07 +0000 Subject: [gnutls-devel] GnuTLS | clang crash when building lib/accelerated/aarch64/macosx/sha512-armv8.s (#1347) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1579 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1579) Issue #1347: https://gitlab.com/gnutls/gnutls/-/issues/1347 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:56:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:56:07 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: lib/accelerated/aarch64/Makefile has hardcoded flag not supported by Clang (#1317) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit c0022807e93f27f8b92f26537bc78d204866f2bd Issue #1317: https://gitlab.com/gnutls/gnutls/-/issues/1317 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1317 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:56:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:56:08 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: check if compiler supports -Wa, -march=all (!1579) In-Reply-To: References: Message-ID: Merge request !1579 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579 Project:Branches: dueno/gnutls:wip/dueno/aarch64-ccasflags to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 17:56:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 15:56:08 +0000 Subject: [gnutls-devel] GnuTLS | clang crash when building lib/accelerated/aarch64/macosx/sha512-armv8.s (#1347) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via commit c0022807e93f27f8b92f26537bc78d204866f2bd Issue #1347: https://gitlab.com/gnutls/gnutls/-/issues/1347 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 18:24:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 16:24:15 +0000 Subject: [gnutls-devel] GnuTLS | Improve certificate sanity checks (!1583) In-Reply-To: References: Message-ID: Merge request !1583 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 9 20:39:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 May 2022 18:39:24 +0000 Subject: [gnutls-devel] GnuTLS | " --*-info --load-* " certtool "hangs" with mismatched information request and file type (#1362) References: Message-ID: James created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1362 gnutls 3.7.4 For instance, with: `certtool --key-info --load-certificate key.pem` certtool simply "hangs" indefinitely, with no error report or warning, even with --verbose or --debug enabled. certtool should first verify that the loaded file and the information request match, and then, if the match fails, report the "mismatch" and exit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1362 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 08:35:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 06:35:34 +0000 Subject: [gnutls-devel] GnuTLS | cli-debug build errors (#1363) References: Message-ID: Daniel Stenberg created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1363 I'm trying to get a GnuTLS 3.7.4 build working in a CI job for curl and I'm stuck with a build error I cannot understand and I'm looking for some clues on why this might happen. It builds fine locally on my debian system. This is how it ends on a ubuntu bionic system: ~~~ CC cli-debug.o cli-debug.c: In function 'main': cli-debug.c:283:6: warning: implicit declaration of function 'HAVE_OPT'; did you mean 'HAVE_PIPE'? [-Wimplicit-function-declaration] if (HAVE_OPT(STARTTLS_PROTO)) { ^~~~~~~~ HAVE_PIPE cli-debug.c:283:6: warning: nested extern declaration of 'HAVE_OPT' [-Wnested-externs] cli-debug.c:283:15: error: 'STARTTLS_PROTO' undeclared (first use in this function) if (HAVE_OPT(STARTTLS_PROTO)) { ^~~~~~~~~~~~~~ cli-debug.c:283:15: note: each undeclared identifier is reported only once for each function it appears in cli-debug.c:284:48: warning: implicit declaration of function 'OPT_ARG'; did you mean 'PF_ALG'? [-Wimplicit-function-declaration] snprintf(app_proto, sizeof(app_proto), "%s", OPT_ARG(STARTTLS_PROTO)); ^~~~~~~ PF_ALG cli-debug.c:284:48: warning: nested extern declaration of 'OPT_ARG' [-Wnested-externs] In file included from cli-debug.c:38: cli-debug.c: In function 'cmd_parser': gnutls-cli-debug-options.h:1:30: warning: implicit declaration of function 'process_options'; did you mean 'process_vm_writev'? [-Wimplicit-function-declaration] #define optionProcess(a,b,c) process_options(b,c) ^~~~~~~~~~~~~~~ cli-debug.c:357:14: note: in expansion of macro 'optionProcess' int optct = optionProcess(&gnutls_cli_debugOptions, argc, argv); ^~~~~~~~~~~~~ gnutls-cli-debug-options.h:1:30: warning: nested extern declaration of 'process_options' [-Wnested-externs] #define optionProcess(a,b,c) process_options(b,c) ^~~~~~~~~~~~~~~ cli-debug.c:357:14: note: in expansion of macro 'optionProcess' int optct = optionProcess(&gnutls_cli_debugOptions, argc, argv); ^~~~~~~~~~~~~ cli-debug.c:364:15: error: 'PORT' undeclared (first use in this function) if (HAVE_OPT(PORT)) ^~~~ cli-debug.c:365:10: error: 'OPT_VALUE_PORT' undeclared (first use in this function); did you mean 'SEM_VALUE_MAX'? port = OPT_VALUE_PORT; ^~~~~~~~~~~~~~ SEM_VALUE_MAX cli-debug.c:367:16: error: 'STARTTLS_PROTO' undeclared (first use in this function) if (HAVE_OPT(STARTTLS_PROTO)) ^~~~~~~~~~~~~~ cli-debug.c:378:15: error: 'DEBUG' undeclared (first use in this function) if (HAVE_OPT(DEBUG)) ^~~~~ cli-debug.c:379:11: error: 'OPT_VALUE_DEBUG' undeclared (first use in this function) debug = OPT_VALUE_DEBUG; ^~~~~~~~~~~~~~~ cli-debug.c:381:15: error: 'VERBOSE' undeclared (first use in this function) if (HAVE_OPT(VERBOSE)) ^~~~~~~ Makefile:2648: recipe for target 'cli-debug.o' failed make[3]: *** [cli-debug.o] Error 1 make[3]: Leaving directory '/home/zuul/pgtls/src' Makefile:2414: recipe for target 'all' failed make[2]: *** [all] Error 2 make[2]: Leaving directory '/home/zuul/pgtls/src' Makefile:2240: recipe for target 'all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory '/home/zuul/pgtls' Makefile:2165: recipe for target 'all' failed make: *** [all] Error 2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 09:04:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 07:04:28 +0000 Subject: [gnutls-devel] GnuTLS | cli-debug build errors (#1363) In-Reply-To: References: Message-ID: Daniel Stenberg commented: Ok, for my purposes I can duck for this issue with `--disable-tools` to configure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1363#note_940711482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 09:10:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 07:10:49 +0000 Subject: [gnutls-devel] GnuTLS | cli-debug build errors (#1363) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the report. Could you point me to the complete CI log? We [reworked](https://blogs.gnome.org/dueno/on-command-line-argument-parsing/) option handling code generation in 3.7.4, but it shouldn't affect the build process when building from a tarball. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1363#note_940720859 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 09:16:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 07:16:31 +0000 Subject: [gnutls-devel] GnuTLS | cli-debug build errors (#1363) In-Reply-To: References: Message-ID: Daniel Stenberg commented: [build log](https://object-storage.public.mtl1.vexxhost.net/swift/v1/bfd521072e894ebb99e66f72619daa8a/zuul-logs-curl_c0d/8829/8b21480c64e412ced7be3f8ce5a88964bc4ed884/check/curl-novalgrind-ngtcp2-gnutls/c0d935e/job-output.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1363#note_940728390 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 09:18:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 07:18:23 +0000 Subject: [gnutls-devel] GnuTLS | cli-debug build errors (#1363) In-Reply-To: References: Message-ID: Daniel Stenberg commented: My work on this is done over here: https://github.com/curl/curl/pull/8829 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1363#note_940730456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 09:30:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 07:30:27 +0000 Subject: [gnutls-devel] GnuTLS | cli-debug build errors (#1363) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.5 (Mar 15, 2022?May 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/34 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 09:30:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 07:30:44 +0000 Subject: [gnutls-devel] GnuTLS | cli-debug build errors (#1363) In-Reply-To: References: Message-ID: Daiki Ueno commented: In the build log I see: ```console 2022-05-09 21:38:29.971495 | ubuntu-bionic | short option v for version is already taken by passwd-conf 2022-05-09 21:38:29.971651 | ubuntu-bionic | Traceback (most recent call last): 2022-05-09 21:38:29.971665 | ubuntu-bionic | File "../python/cli-codegen.py", line 39, in 2022-05-09 21:38:29.971674 | ubuntu-bionic | cligen.code.generate_source(desc, info, args.c) 2022-05-09 21:38:29.971683 | ubuntu-bionic | File "/home/zuul/pgtls/python/cligen/code.py", line 374, in generate_source 2022-05-09 21:38:29.971692 | ubuntu-bionic | ''') 2022-05-09 21:38:29.971700 | ubuntu-bionic | AttributeError: 'str' object has no attribute 'removesuffix' ``` `str.removesuffix` is a new [addition](https://docs.python.org/3/whatsnew/3.9.html?highlight=removesuffix) in Python 3.9 while we support 3.6+. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1363#note_940747567 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 09:53:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 07:53:31 +0000 Subject: [gnutls-devel] GnuTLS | cligen: update git submodule (!1588) In-Reply-To: References: Message-ID: Reassigned merge request 1588 https://gitlab.com/gnutls/gnutls/-/merge_requests/1588 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1588 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 09:53:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 07:53:33 +0000 Subject: [gnutls-devel] GnuTLS | cligen: update git submodule (!1588) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1588 Project:Branches: dueno/gnutls:wip/dueno/cligen-update to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Fixes: #1363 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1588 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 10:11:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 08:11:32 +0000 Subject: [gnutls-devel] GnuTLS | 3.7.4 tarball lacks gtk-doc macro (#1341) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Sorry for the lack of support for `--{enable,disable}-gtk-doc`, it was my first release and I did not have gtk-doc installed. Currently there has been a change that makes the bootstrap fail whenever gtk-doc is not installed, therefore this will no longer be an issue in 3.7.5 release. I am closing this issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1341#note_940810886 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 10:11:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 08:11:33 +0000 Subject: [gnutls-devel] GnuTLS | 3.7.4 tarball lacks gtk-doc macro (#1341) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich Issue #1341: https://gitlab.com/gnutls/gnutls/-/issues/1341 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 10:25:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 08:25:49 +0000 Subject: [gnutls-devel] GnuTLS | cligen: update git submodule (!1588) In-Reply-To: References: Message-ID: Merge request !1588 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1588 Project:Branches: dueno/gnutls:wip/dueno/cligen-update to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1588 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 10:33:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 08:33:41 +0000 Subject: [gnutls-devel] GnuTLS | " --*-info --load-* " certtool "hangs" with mismatched information request and file type (#1362) In-Reply-To: References: Message-ID: Daiki Ueno commented: I think certtool is just waiting for private key from stdin, not even checking the loaded file. So I see two issues: 1. the tool should treat the `--load-certificate` option conflicting with `--key-info` 2. it might make sense to check with `isatty` and print some useful information rather than just waiting for input from stdin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1362#note_940848098 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 12:40:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 10:40:23 +0000 Subject: [gnutls-devel] GnuTLS | cli-debug build errors (#1363) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1588 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1588) Issue #1363: https://gitlab.com/gnutls/gnutls/-/issues/1363 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 12:40:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 10:40:24 +0000 Subject: [gnutls-devel] GnuTLS | cligen: update git submodule (!1588) In-Reply-To: References: Message-ID: Merge request !1588 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1588 Project:Branches: dueno/gnutls:wip/dueno/cligen-update to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1588 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 12:45:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 10:45:49 +0000 Subject: [gnutls-devel] GnuTLS | Make gnutls_aead_cipher_encryptv2 work with SIV ciphers (#1312) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1515 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1515) Issue #1312: https://gitlab.com/gnutls/gnutls/-/issues/1312 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1312 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 13:35:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 11:35:30 +0000 Subject: [gnutls-devel] GnuTLS | Fix psk_ke_modes_recv_params() wrongly setting HSK_PSK_KE_MODE_INVALID (!1563) In-Reply-To: References: Message-ID: Tim Kosse commented: @dueno The test looks okay to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1563#note_941157349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 14:08:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 12:08:56 +0000 Subject: [gnutls-devel] GnuTLS | Fix psk_ke_modes_recv_params() wrongly setting HSK_PSK_KE_MODE_INVALID (!1563) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for checking. As the code is mutually peer-reviewed, I'm going to merge it without approval :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1563#note_941207009 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 14:14:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 12:14:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix psk_ke_modes_recv_params() wrongly setting HSK_PSK_KE_MODE_INVALID (!1563) In-Reply-To: References: Message-ID: Merge request !1563 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1563 Project:Branches: dueno/gnutls:wip/dueno/psk-ke-mode to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1563 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 14:14:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 12:14:51 +0000 Subject: [gnutls-devel] GnuTLS | psk_ke_modes_recv_params() wrongly sets HSK_PSK_KE_MODE_INVALID (#1303) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1563 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1563) Issue #1303: https://gitlab.com/gnutls/gnutls/-/issues/1303 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1303 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 14:22:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 12:22:02 +0000 Subject: [gnutls-devel] GnuTLS | tests/cmocka-common.h: include before (!1586) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1586#note_941227771 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 14:22:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 12:22:06 +0000 Subject: [gnutls-devel] GnuTLS | tests/cmocka-common.h: include before (!1586) In-Reply-To: References: Message-ID: Merge request !1586 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1586 Project:Branches: dueno/gnutls:wip/dueno/cmocka-stdarg to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 14:22:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 12:22:32 +0000 Subject: [gnutls-devel] GnuTLS | test suite does not build on OpenBSD/aarch64 (#1360) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1586 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1586) Issue #1360: https://gitlab.com/gnutls/gnutls/-/issues/1360 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1360 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 10 14:22:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 May 2022 12:22:33 +0000 Subject: [gnutls-devel] GnuTLS | tests/cmocka-common.h: include before (!1586) In-Reply-To: References: Message-ID: Merge request !1586 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1586 Project:Branches: dueno/gnutls:wip/dueno/cmocka-stdarg to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 11 12:41:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 May 2022 10:41:59 +0000 Subject: [gnutls-devel] GnuTLS | Increase PSK identity limit to 256 characters (!1582) In-Reply-To: References: Message-ID: Merge request !1582 was closed by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1582 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 10:52:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 08:52:56 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.5 release (!2) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/abi-dump/-/merge_requests/2 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 10:52:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 08:52:58 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.5 release (!2) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 10:52:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 08:52:55 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.5 release (!2) In-Reply-To: References: Message-ID: Reassigned merge request 2 https://gitlab.com/gnutls/abi-dump/-/merge_requests/2 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 10:55:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 08:55:04 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.5 release (!2) In-Reply-To: References: Message-ID: Merge request !2 was merged Merge request URL: https://gitlab.com/gnutls/abi-dump/-/merge_requests/2 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 11:01:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 09:01:26 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.5 (!1589) In-Reply-To: References: Message-ID: Reassigned merge request 1589 https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 11:01:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 09:01:27 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.5 (!1589) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 11:04:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 09:04:46 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.5 (!1589) In-Reply-To: References: Message-ID: Merge request !1589 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 11:06:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 09:06:05 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.5 (!1589) In-Reply-To: References: Message-ID: Merge request !1589 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 17:45:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 15:45:46 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.5 (!1589) In-Reply-To: References: Message-ID: Merge request !1589 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1589 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 18:26:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 16:26:46 +0000 Subject: [gnutls-devel] GnuTLS | Expose a public interface for executing FIPS integrity tests on-demand (#1364) References: Message-ID: Richard Costa created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1364 ## Description of the feature: One of the FIPS-140-3 requirements is the ability of a crypto module to execute integrity tests on-demand. This can be done through a function which sets the FIPS state machine to the `LIB_STATE_SELFTEST`, executes the integrity tests on the appropriated modules and then sets the state to `LIB_STATE_OPERATIONAL` or `LIB_STATE_ERROR` based on the result. The function `_gnutls_fips_perform_self_checks2` can be used as an example on how to execute the procedure described above. The snippet below shows the interesting part: ``` if (_skip_integrity_checks == 0) { ret = check_binary_integrity(GNUTLS_LIBRARY_NAME, "gnutls_global_init"); if (ret == 0) { gnutls_assert(); goto error; } ret = check_binary_integrity(NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key"); if (ret == 0) { gnutls_assert(); goto error; } ret = check_binary_integrity(HOGWEED_LIBRARY_NAME, "nettle_mpz_sizeinbase_256_u"); if (ret == 0) { gnutls_assert(); goto error; } ret = check_binary_integrity(GMP_LIBRARY_NAME, "__gmpz_init"); if (ret == 0) { gnutls_assert(); goto error; } } return 0; error: _gnutls_switch_lib_state(LIB_STATE_ERROR); ``` ## Applications that this feature may be relevant to: Any application which requires a FIPS-140-3 compliant library. ## Is this feature implemented in other libraries (and which) libgcrypt and openssl -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 21:14:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 19:14:12 +0000 Subject: [gnutls-devel] GnuTLS | Export the DH functionality (#894) In-Reply-To: References: Message-ID: mike d commented: Any update on this? It looks like similar functionality for DH has been added, but are these functions still missing? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/894#note_945090876 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 12 21:24:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 May 2022 19:24:13 +0000 Subject: [gnutls-devel] GnuTLS | Export the DH functionality (#894) In-Reply-To: References: Message-ID: Daiki Ueno commented: I think the most recent attempt is !1395 (in particular https://gitlab.com/gnutls/gnutls/-/merge_requests/1395#note_909413370), which is currently targeting ECDH but could be generalized to also handle FFDH. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/894#note_945099399 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 09:03:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 07:03:48 +0000 Subject: [gnutls-devel] GnuTLS | Expose a public interface for executing FIPS integrity tests on-demand (#1364) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you elaborate which requirement you are referring to? If it is FIPS140-3 IG [10.3.E](https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf#page=64) Periodic Self-Testing, it says: > At security levels 1 and 2, acceptable means for initiating the periodic self-tests include a provided service, resetting, rebooting or power cycling. Aside from that I also wonder whether it's meaningful to repeat the library integrity check after the library is loaded. While it would be possible that the library file is modified afterwards, that doesn't affect the application behavior. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1364#note_945515515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 09:18:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 07:18:42 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.5 release (!3) In-Reply-To: References: Message-ID: Reassigned merge request 3 https://gitlab.com/gnutls/web-pages/-/merge_requests/3 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 09:18:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 07:18:43 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.5 release (!3) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 09:18:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 07:18:43 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.5 release (!3) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/3 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 09:19:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 07:19:06 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.5 release (!3) In-Reply-To: References: Message-ID: Merge request !3 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/3 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 12:04:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 10:04:03 +0000 Subject: [gnutls-devel] GnuTLS | Expose a public interface for executing FIPS integrity tests on-demand (#1364) In-Reply-To: References: Message-ID: Richard Costa commented: Hi, thanks for your answer. Yes, that's the requirement. Note that for many environments resetting, rebooting or power cycles are not adequate, so that's why I'd like to include a provided service (which essentially reuses function which are already provided). >From what I discussed with a FIPS specialist, there is the option of doing a deinitializing/initializing cycle of the library. However, I hold the opinion that such an alternative is quite extreme, since it not only executes integrity tests, but a whole bunch of other operations. I agree with you that integrity checks after library modules are loaded doesn't look very useful. However, this is still a FIPS requirement, so anyone who plans to get GnuTLS compliant will have to provide a alternative anyway. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1364#note_945763826 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 14:38:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 12:38:05 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Reassigned merge request 1590 https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 14:38:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 12:38:08 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 14:50:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 12:50:49 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 18:37:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 16:37:14 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Merge request !1590 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 13 18:39:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 May 2022 16:39:08 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me, thanks! Given that the steps are becoming complicated, maybe we could have some helper scripts in the future. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590#note_946328529 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 08:13:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 06:13:16 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: @dueno what do you mean by helper script? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590#note_947344350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 10:40:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 08:40:41 +0000 Subject: [gnutls-devel] GnuTLS | Turn off rfc2253-escape-test.sh test on mingw (!1591) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1591 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1591 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 10:40:42 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 08:40:42 +0000 Subject: [gnutls-devel] GnuTLS | Turn off rfc2253-escape-test.sh test on mingw (!1591) In-Reply-To: References: Message-ID: Reassigned merge request 1591 https://gitlab.com/gnutls/gnutls/-/merge_requests/1591 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1591 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 12:03:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 10:03:34 +0000 Subject: [gnutls-devel] GnuTLS | Expose a public interface for executing FIPS integrity tests on-demand (#1364) In-Reply-To: References: Message-ID: Daiki Ueno commented: @smuellerDD what's your take on this? Other parts, e.g., algorithm self-tests, are already exposed through ``. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1364#note_947663658 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 13:20:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 11:20:20 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590#note_947770564 I was thinking something like `devel/make-release.sh`, which creates tarball through a container. Windows binaries could also be generated in the same way, by exercising the steps in `mingw*` tasks in .gitlab-ci.yml through containers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590#note_947770564 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 13:24:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 11:24:35 +0000 Subject: [gnutls-devel] GnuTLS | Turn off rfc2253-escape-test.sh test on mingw (!1591) In-Reply-To: References: Message-ID: Merge request !1591 was closed by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1591 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1591 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 17:09:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 15:09:04 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.6 (May 15, 2022?Jul 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/35 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 17:09:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 15:09:10 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 17:09:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 15:09:01 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 17:19:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 15:19:39 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) References: Message-ID: David Woodhouse created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1365 In https://gitlab.com/openconnect/openconnect/-/issues/432 I have a Windows user (@juxeii) attempting to use system keys. It seems that the GnuTLS 'systemkey' tool is not installed, so it isn't really available to users. I provided one of my own but it doesn't seem to print any meaningful label just opaque hex IDs: ``` Label: (null) Cert: system:win:id=37835fdcdfe2817ee22d6b161e54812fe95867fe;type=cert Key: system:win:id=37835fdcdfe2817ee22d6b161e54812fe95867fe;type=privkey Label: (null) Cert: system:win:id=cd8469175c3bed4e2a9bbe7471019f2e9327943d;type=cert Key: system:win:id=cd8469175c3bed4e2a9bbe7471019f2e9327943d;type=privkey Label: (null) Cert: system:win:id=b2b139644c0a13aabc820969e2d97bb997596b66;type=cert Key: system:win:id=b2b139644c0a13aabc820969e2d97bb997596b66;type=privkey ``` How does the user relate these to the keys they see in certlm? Why are there only three? What do I tell the user other than "There is some magic string starting with `system:win:` which will make it use the key you want" ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 16 20:13:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 May 2022 18:13:23 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: Looks like this is more than a documentation/usability issue. Do we only support the `CERT_SYSTEM_STORE_CURRENT_USER` location? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_948406635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 17 07:48:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 May 2022 05:48:12 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590#note_948877736 Feels like unnecessary bloat to me. Release steps are clear enough to follow and adding additional automation magic will just be confusing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590#note_948877736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 17 08:53:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 May 2022 06:53:17 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) References: Message-ID: Jeremy Whiting created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1367 gnutls 3.7.5 causes alkimia unit tests to fail (Alkimia is here: https://invent.kde.org/office/alkimia ) because alkimia uses gmp, and gnutls 3.7.5 sets the realloc and free via mp_set_memory_functions, but doesn't set an alloc function. So __gmp_default_alloc is used for alloc, but gnutls_free_zero is used for free operations. If what's needed is to have a gnutls_alloc function I can take a stab at adding one tomorrow and will put up an MR after testing, etc. commit 41c9c845a342359327403431050d3458246896af Author: Tobias Heider Date: Mon Mar 14 16:17:28 2022 +0100 Use custom allocators for GMP to make sure temporary secrets from cryptographic operations in nettle are deleted safely. Signed-off-by: Tobias Heider is the commit that breaks things btw. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 17 11:13:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 May 2022 09:13:02 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: I thought about making it iterate over all the key stores mentioned in https://docs.microsoft.com/en-us/windows/win32/seccrypto/system-store-locations#cert_system_store_local_machine and asked @juxeii to test, but the cert isn't found *anywhere*. https://gitlab.com/openconnect/openconnect/-/issues/432#note_949126468 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_949176269 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 17 23:54:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 May 2022 21:54:59 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Adam Williamson commented: Fedora openQA testing is showing that anaconda (Fedora / RHEL's installer) crashes with gnutls 3.7.5 with an error `free(): invalid next size (fast)` - is this likely to be the same thing? See https://openqa.fedoraproject.org/tests/1270585#step/_live_build/51 . -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_950220312 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 17 23:59:23 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 May 2022 21:59:23 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Jeremy Whiting commented: Yeah, probably. I'm still not sure why the gnutls_zero_free that just does: ensure_bzero(p); free(p); causes issues, but will look into it more this evening. Try some changes to gnutls to see if I can get a working build for alkimia unit tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_950228372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 01:55:37 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 May 2022 23:55:37 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Tobias Heider commented: Thanks for the reports, I am working on a fix. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_950332727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 02:21:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 00:21:27 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Jeremy Whiting commented: Awesome, any idea why it's broken exactly? I'm not sure why using a free that also zero's the memory first is causing issues... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_950358026 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 07:51:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 05:51:02 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Jeremy Whiting commented: I took a couple stabs at this, first one I added a gnutls_allocate function that just does malloc. It was a shot in the dark since __gmp_default_allocate does the same (besides just reporting an error if it gives 0 back). With that alkimia tests still fail. Second attempt I just commented out the mp_set_memory_functions in lib/nettle/init.c and with that all alkimia tests pass again. I still don't understand why zeroing the memory before freeing causes free to assert though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_950551819 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 08:43:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 06:43:30 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: Not sure this is just an enhancement request. @juxeii reports that the required cert is visible in `certutil -v -user -store my` but still not reported by GnuTLS. This looks like it's something that *should* work, but doesn't. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_950596918 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 11:49:46 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 09:49:46 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 11:49:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 09:49:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Fix invalid write when gnutls_realloc_zero() is called with new_size < old_size ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 11:49:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 09:49:47 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Reassigned merge request 1592 https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 11:52:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 09:52:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 was reviewed by Tobias Heider -- Tobias Heider started a new discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950890791 > + if (new_size < old_size) { > + explicit_bzero((char *)data + new_size, old_size - new_size); > + p = realloc(data, new_size); This will fix the bug but break the functionality. realloc() can silently replace data and return a newly alloced buffer. If this happens there is no way to make sure data gets zeroed, which is why i reimplemented part of the realloc() logic in the first place. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 12:03:45 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 10:03:45 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950908611 > } > > - if (new_size == 0) > - goto done; > + if (old_size == new_size) > + return data; > > - if (new_size <= old_size) { > - size_t d = old_size - new_size; > - /* Don't bother reallocating */ > - if (d < old_size / 2) { > - explicit_bzero((char *)data + new_size, d); > - return data; > + if (new_size < old_size) { > + explicit_bzero((char *)data + new_size, old_size - new_size); > + p = realloc(data, new_size); Oh yeah, I see what you mean. :thumbsup: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950908611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 12:07:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 10:07:34 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Tobias Heider commented on a discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950914524 > } > > - if (new_size == 0) > - goto done; > + if (old_size == new_size) > + return data; > > - if (new_size <= old_size) { > - size_t d = old_size - new_size; > - /* Don't bother reallocating */ > - if (d < old_size / 2) { > - explicit_bzero((char *)data + new_size, d); > - return data; > + if (new_size < old_size) { > + explicit_bzero((char *)data + new_size, old_size - new_size); > + p = realloc(data, new_size); Here is the fix I originally proposed: https://gitlab.com/tobhe/gnutls/-/commit/97a4603dc56aa529558229e8754121af840babdd How would you feel about using this version (+cleanup if desired) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950914524 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 12:22:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 10:22:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950938145 > } > > - if (new_size == 0) > - goto done; > + if (old_size == new_size) > + return data; > > - if (new_size <= old_size) { > - size_t d = old_size - new_size; > - /* Don't bother reallocating */ > - if (d < old_size / 2) { > - explicit_bzero((char *)data + new_size, d); > - return data; > + if (new_size < old_size) { > + explicit_bzero((char *)data + new_size, old_size - new_size); > + p = realloc(data, new_size); looks correct -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950938145 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 12:26:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 10:26:53 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: All discussions on merge request !1592 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 12:39:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 10:39:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Tobias Heider commented: The new version looks good to me and passes all tests! Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950962958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 13:19:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 11:19:15 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_951020931 This is just a guess, but it might be worth trying out this patch !1592 . gnutls_realloc_zero() is broken and maybe that causes issues when we set it as a reallocfunc. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_951020931 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 13:45:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 11:45:49 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Tobias Heider commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_951061216 The cause of your bug indeed seems to be in `realloc()` which may cause memory corruption in the heap header structure. The log @AdamWill posted shows this: `free(): invalid next size (fast)` indicates that the size field in a fast bucket was corrupted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367#note_951061216 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 13:46:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 11:46:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_951061844 I think that with `if (d < old_size / 2)` condition you might never actually free unused memory leading to much higher memory consumption. If you had a program that allocates a huge chunk of memory then it starts shrinking it with realloc but never halving its size, you would never free the unused memory because we don't have the same info as an actual realloc, ie. the actual size of currently allocated memory. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_951061844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 14:03:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 12:03:35 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Tobias Heider commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_951086001 Right, as long as it never goes down to <= 1 or frees it explicitly gets freed. Tracking the original allocation size to make the logic more robust is not really possible with this API (and probably not worth it either). In the end it is a time vs space tradeoff. I am fine with going for memory efficiency. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_951086001 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 15:50:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 13:50:52 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.7.5 libgnutls-symbols.expsym not in: lib/.libs/libgnutls.30.dylib (#1370) References: Message-ID: Marius Schamschula created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1370 I'm trying to get gnutls 3.7.5 to build under MacPorts (I'm the port maintainer for gnutls). As with my previous attempt for 3.7.4, I get the following error: ``` libtool: link: /usr/bin/clang -dynamiclib -o .libs/libgnutls.30.dylib .libs/range.o .libs/record.o .libs/compress.o .libs/debug.o .libs/cipher.o .libs/handshake-tls13.o .libs/mbuffers.o .libs/buffers.o .libs/handshake.o .libs/errors.o .libs/dh.o .libs/kx.o .libs/cipher-cbc.o .libs/priority.o .libs/hash_int.o .libs/cipher_int.o .libs/session.o .libs/db.o .libs/x509_b64.o .libs/hello_ext.o .libs/auth.o .libs/sslv2_compat.o .libs/datum.o .libs/session_pack.o .libs/mpi.o .libs/pk.o .libs/cert-cred.o .libs/global.o .libs/constate.o .libs/anon_cred.o .libs/pkix_asn1_tab.o .libs/gnutls_asn1_tab.o .libs/mem.o .libs/fingerprint.o .libs/tls-sig.o .libs/ecc.o .libs/alert.o .libs/privkey_raw.o system/.libs/certs.o system/.libs/threads.o system/.libs/fastopen.o system/.libs/sockets.o .libs/str-iconv.o .libs/system.o .libs/profiles.o inih/.libs/ini.o .libs/str.o .libs/str-unicode.o .libs/str-idna.o .libs/state.o .libs/cert-cred-x509.o .libs/file.o .libs/supplemental.o .libs/random.o .libs/crypto-api.o .libs/privkey.o .libs/pcert.o .libs/pubkey.o .libs/locks.o .libs/dtls.o .libs/system_override.o .libs/crypto-backend.o .libs/verify-tofu.o .libs/pin.o .libs/tpm.o .libs/fips.o .libs/safe-memfuncs.o .libs/atfork.o .libs/randomart.o .libs/urls.o .libs/prf.o .libs/auto-verify.o .libs/dh-session.o .libs/cert-session.o .libs/handshake-checks.o .libs/dtls-sw.o .libs/dh-primes.o .libs/openpgp_compat.o .libs/crypto-selftests.o .libs/crypto-selftests-pk.o .libs/secrets.o .libs/extv.o .libs/hello_ext_lib.o .libs/ocsp-api.o .libs/stek.o .libs/cert-cred-rawpk.o .libs/iov.o system/.libs/ktls.o .libs/vko.o system/.libs/keys-dummy.o tls13/.libs/encrypted_extensions.o tls13/.libs/certificate_request.o tls13/.libs/certificate_verify.o .libs/tls13-sig.o tls13/.libs/finished.o tls13/.libs/key_update.o tls13/.libs/hello_retry.o tls13/.libs/session_ticket.o tls13/.libs/certificate.o tls13/.libs/early_data.o tls13/.libs/post_handshake.o tls13/.libs/psk_ext_parser.o tls13/.libs/anti_replay.o .libs/pkcs11.o .libs/pkcs11x.o .libs/pkcs11_privkey.o .libs/pkcs11_write.o .libs/pkcs11_secret.o .libs/pkcs11_int.o .libs/srp.o .libs/psk.o -Wl,-force_load,../gl/.libs/libgnu.a -Wl,-force_load,x509/.libs/libgnutls_x509.a -Wl,-force_load,ext/.libs/libgnutls_ext.a -Wl,-force_load,auth/.libs/libgnutls_auth.a -Wl,-force_load,algorithms/.libs/libgnutls_alg.a -Wl,-force_load,extras/.libs/libgnutls_extras.a -Wl,-force_load,accelerated/.libs/libaccelerated.a -Wl,-force_load,nettle/.libs/libcrypto.a -framework Security -framework CoreFoundation -L/opt/local/lib -lz -lintl -lp11-kit -lidn2 -lunistring -lpthread -ltasn1 -lnettle -lhogweed -lgmp -Os -arch x86_64 -Wl,-headerpad_max_install_names -Wl,-syslibroot -Wl,/Library/Developer/CommandLineTools/SDKs/MacOSX11.sdk -arch x86_64 -Wl,-framework -Wl,CoreFoundation -framework Security -framework CoreFoundation -install_name /opt/local/lib/libgnutls.30.dylib -compatibility_version 64 -current_version 64.0 -Wl,-single_module libtool: link: nmedit -s .libs/libgnutls-symbols.expsym .libs/libgnutls.30.dylib /Library/Developer/CommandLineTools/usr/bin/nmedit: error: symbols names listed in: .libs/libgnutls-symbols.expsym not in: /opt/local/var/macports/build/_Users_marius_Development_MacPorts_ports_devel_gnutls/gnutls-devel/work/gnutls-3.7.5/lib/.libs/libgnutls.30.dylib __gnutls_x86_cpuid_s make[4]: *** [libgnutls.la] Error 1 ``` See full log for more details. [gnutls-3.7.5.log.gz](/uploads/6d6f8bf5503d009c4612efdd734283e3/gnutls-3.7.5.log.gz) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1370 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 16:34:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 14:34:59 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me. When merging, please split the `Co-authored-by:` line into two (per person) to make `make AUTHORS` happy. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_951390515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 16:35:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 14:35:05 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Merge request !1592 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:01:11 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:01:11 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/tls-fuzzer: use more -x/-X instead of -e and less -n (!1593) In-Reply-To: References: Message-ID: Reassigned merge request 1593 https://gitlab.com/gnutls/gnutls/-/merge_requests/1593 Assignee changed to Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:01:15 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:01:15 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/tls-fuzzer: use more -x/-X instead of -e and less -n (!1593) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593 Project:Branches: asosedkin/gnutls:tlsfuzzer-update to gnutls/gnutls:master Author: Alexander Sosedkin Assignee: Alexander Sosedkin First change pins error messages to what they currently are instead of skipping them. Second change removes most of the -n limiters since tlsfuzzer now sets reasonable (~<10s/script) limits for most of the scripts by default. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:17:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:17:39 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: @dwmw2 I am really sorry! Something went wrong in the other thread. Your provided patched DLL http://david.woodhou.se/libgnutls-30.dll 7fd09cf4eb3c44b7960197f9d0fdf7de4a6620363d49dfdf1208c18c54cf592e **does work**. I can now see all certificates for `CERT_SYSTEM_STORE_LOCAL_MACHINE`. And so I tried to connect(GNUTLS_DEBUG_LEVEL=6): `C:\data\OpenConnect>openconnect --protocol=anyconnect --verbose --timestamp -c system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=cert -k system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=privkey --passwd-on-stdin myserver.com` Log is ``` gnutls[1]: There was a non-CA certificate in the trusted list: OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation,CN=Microsoft Root Authority. gnutls[3]: ASSERT: ../../../lib/x509/verify-high.c[gnutls_x509_trust_list_add_cas]:396 gnutls[1]: There was a non-CA certificate in the trusted list: C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority. gnutls[3]: ASSERT: ../../../lib/x509/verify-high.c[gnutls_x509_trust_list_add_cas]:396 gnutls[1]: There was a non-CA certificate in the trusted list: CN=WSUS Publishers Self-signed. gnutls[3]: ASSERT: ../../../lib/x509/common.c[_gnutls_x509_get_raw_field2]:1560 gnutls[3]: ASSERT: ../../../lib/x509/x509.c[gnutls_x509_crt_get_subject_unique_id]:3936 gnutls[3]: ASSERT: ../../../lib/x509/x509.c[gnutls_x509_crt_get_issuer_unique_id]:3986 gnutls[3]: ASSERT: ../../../lib/x509/common.c[_gnutls_x509_get_raw_field2]:1560 gnutls[3]: ASSERT: ../../../lib/x509/x509.c[gnutls_x509_crt_get_subject_unique_id]:3936 gnutls[3]: ASSERT: ../../../lib/x509/x509.c[gnutls_x509_crt_get_issuer_unique_id]:3986 gnutls[3]: ASSERT: ../../../lib/x509/common.c[_gnutls_x509_get_raw_field2]:1560 gnutls[3]: ASSERT: ../../../lib/x509/x509.c[gnutls_x509_crt_get_subject_unique_id]:3936 gnutls[3]: ASSERT: ../../../lib/x509/x509.c[gnutls_x509_crt_get_issuer_unique_id]:3986 gnutls[3]: ASSERT: ../../../lib/x509/verify-high.c[gnutls_x509_trust_list_add_cas]:396 gnutls[1]: There was a non-CA certificate in the trusted list: CN=Root Agency. [2022-05-18 16:09:19] Using system certificate system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=cert [2022-05-18 16:09:19] Using system key system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=privkey gnutls[3]: ASSERT: ../../lib/system/keys-win.c[privkey_import_ncrypt]:713 gnutls[3]: ASSERT: ../../lib/system/keys-win.c[_gnutls_privkey_import_system_url]:866 [2022-05-18 16:09:19] Error importing system key system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=privkey: The requested data were not available. [2022-05-18 16:09:19] Loading certificate failed. Aborting. ``` I guess it should now work since you patched the DLL which is used in openconnect?! I tried different argument permutations with and without `-k`, always same failure. Does it make any difference if the private key is exportable or not? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951469861 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:28:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:28:24 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: All discussions on merge request !1592 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:38:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:38:03 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: Ok, maybe you patched function `gnutls_system_key_iter_get_info` to use `CERT_SYSTEM_STORE_LOCAL_MACHINE`? Maybe we need also to patch `_gnutls_privkey_import_system_url`, which also uses the hardcoded `CERT_SYSTEM_STORE_CURRENT_USER` in `store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"MY");` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951504732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:40:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:40:51 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: I thought I had patched them all. I'll build you another one to be 100% sure. Thanks for retesting. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951509406 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:43:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:43:47 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: * http://david.woodhou.se/libgnutls-30.dll.local_machine d3612ba0f452e1057232061b8011f7014b8525e1066c78319e0a7a215f2fee4c -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951514283 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:50:57 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:50:57 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: Thx for rebuilding. Same problem still. Would it make sense to place some more logs? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951526245 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:53:04 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:53:04 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: Can you show the output of my `list-system-keys.exe` for the key you're trying to use, please? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951530344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:56:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:56:32 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/tls-fuzzer: use more -x/-X instead of -e and less -n (!1593) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) started a new discussion on tests/suite/tls-fuzzer/gnutls-nocert.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593#note_951536714 > "arguments" : ["-p", "@PORT@"] }, > {"name" : "test-record-layer-fragmentation.py", > "comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.", so this comment is not applicable any more? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593#note_951536714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 17:56:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 15:56:52 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: ``` Label: (null) Cert URI: system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=cert Key URI: system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=privkey gnutls[3]: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60 gnutls[3]: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60 Cert info: subject `CN=mysubject', issuer `CN=mycompany,DC=company-intranet,DC=net', serial 0x2c0008639c6358b134b56e2a0800010008639c, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-02-15 12:24:52 UTC', expires `2023-02-15 12:24:52 UTC', pin-sha256="qUH+mVq633yFDXUMmpUoqKzrHtesguJQ6NOG5mQBT3k=" ``` I just changed issuer and subject cos of sensitive information. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951537466 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 18:01:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 16:01:00 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/tls-fuzzer: use more -x/-X instead of -e and less -n (!1593) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on tests/suite/tls-fuzzer/gnutls-nocert.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593#note_951545433 > "arguments" : ["-p", "@PORT@"] }, > {"name" : "test-record-layer-fragmentation.py", > "comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.", Looks like it (c4ba0c1d0123dd80d3a7751b413e6756216a866a, b965ec1169f8ad0561b2b67f779d1c7e943edec6, https://gitlab.com/gnutls/gnutls/-/issues/272). I'll update the comment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593#note_951545433 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 18:07:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 16:07:52 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/tls-fuzzer: use more -x/-X instead of -e and less -n (!1593) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: besides that comment looks good -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593#note_951555043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 18:08:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 16:08:05 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/tls-fuzzer: use more -x/-X instead of -e and less -n (!1593) In-Reply-To: References: Message-ID: Merge request !1593 was approved by Hubert Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593 Project:Branches: asosedkin/gnutls:tlsfuzzer-update to gnutls/gnutls:master Author: Alexander Sosedkin Assignee: Alexander Sosedkin Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 18:23:56 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 16:23:56 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: Hm, I have no idea what's going on there or what `privkey_import_capi()` vs. `privkey_import_ncrypt()` are but let's try this... ```diff --- lib/system/keys-win.c.orig 2022-05-17 09:04:36.622836058 +0100 +++ lib/system/keys-win.c 2022-05-18 17:21:19.367532552 +0100 @@ -858,8 +858,8 @@ int _gnutls_privkey_import_system_url(gn goto cleanup; } - r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0); - if (!FAILED(r)) { /* if this works carry on with CNG */ + //r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0); + if (0 && !FAILED(r)) { /* if this works carry on with CNG */ ret = privkey_import_ncrypt(pkey, url, priv, kpi, &sctx); if (ret < 0) { ``` * http://david.woodhou.se/libgnutls-30.dll.local_machine-capi d30438ba40040feb01bb5c48c85c0cad81669978fce3615f74176d8337c8fa5c -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951576931 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 18:25:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 16:25:17 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: If you're able to get the OpenSSL ENGINE/provider working (just for `openssl s_client` or some other basic signing operation) that would be really interesting and potentially give us working code to compare with. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951578333 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 18:39:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 16:39:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Jeremy Whiting commented: I can confirm, gnutls with this patch applied on archlinux makes the alkimia unit tests pass again. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_951597633 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 18:42:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 16:42:51 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: The OpenSSL code seems to use `CryptAcquireCertificatePrivateKey()`. It doesn't call any `OpenKey()` functions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951602453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 19:01:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 17:01:51 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: ``` [2022-05-18 18:00:43] Using system certificate system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=cert [2022-05-18 18:00:43] Using system key system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=privkey gnutls[2]: error in opening CNG keystore: 1 from Microsoft Platform Crypto Provider gnutls[2]: error in getting cryptprov: -2146893804 from system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=privkey gnutls[3]: ASSERT: ../../lib/system/keys-win.c[privkey_import_capi]:472 gnutls[3]: ASSERT: ../../lib/system/keys-win.c[_gnutls_privkey_import_system_url]:881 [2022-05-18 18:00:43] Error importing system key system:win:id=468652b4198f2d11b68c6414a20f9e74e09adedf;type=privkey: The requested data were not available. [2022-05-18 18:00:43] Loading certificate failed. Aborting. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951623698 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 19:54:08 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 17:54:08 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: > EDIT: Do I see it right that `gnutls` finds a valid cert, but `openconnect` can't interpret the content? Well, in this case OpenConnect is just using GnuTLS for the underlying crypto operations. Sometimes I *have* done the low-level crypto and implemented TPM support in OpenConnect itself (which later got imported into GnuTLS). But this one is *all* GnuTLS. I would phrase it as _"GnuTLS finds a valid cert, but fails when OpenConnect asks it to actually *use* that cert"_ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951676750 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 21:19:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 19:19:17 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: Brian Wickman commented: It looks like from the error log that the code failed on the call to NCryptOpenStorageProvider (line 861) and so tries to interact with the key using the Windows legacy crypto API (I'm basing that on the log mentioning calling privkey_import_capi instead of privkey_import_ncrypt). The problem is that the reference in the log to trying to open the "Microsoft Platform Crypto Provider" means that the private key is stored in the TPM and therefore, IIRC, can only be interacted with via the modern API (CNG). Hopefully if the call to NCryptOpenStorageProvider can be made to succeed then it would work -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951769946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 22:02:28 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 20:02:28 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: @bwickman97 In the first patched version we have in the log `gnutls[3]: ASSERT: ../../lib/system/keys-win.c[_gnutls_privkey_import_system_url]:866` This indicates to me that the call `r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0);` in line 861 has been successful. And then in line 864, the call `ret = privkey_import_ncrypt(pkey, url, priv, kpi, &sctx);` happened. The call for the CAPI version only happened with the second patched version from @dwmw2, in which the call to `pNCryptOpenStorageProvider` is disabled. What does then `if (ret < 0)` mean? Success or failure? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951809258 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 22:20:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 20:20:16 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: Brian Wickman commented: Ah I missed that the last round of output had the initialization call patched out. Reading through again, if the key is in the local computer store vs. the current user store, then it looks like the call to NCryptOpenKey (inside privkey_import_ncrypt on line 710) needs to have flag NCRYPT_MACHINE_KEY_FLAG passed as the last parameter (https://docs.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptopenkey) to succeed but right now it's hard coded to 0. ... Windows API error codes are negative when interpreted as a signed integer so ret < 0 is failure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951835657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 22:26:53 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 20:26:53 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: @bwickman97 Great catch with `NCRYPT_MACHINE_KEY_FLAG`! @dwmw2 Can we try this next and undo your last patch? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951843949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 22:29:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 20:29:40 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: ```diff @@ -707,7 +707,7 @@ int privkey_import_ncrypt(gnutls_privkey WCHAR algo_str[64]; DWORD algo_str_size = 0; - r = pNCryptOpenKey(*sctx, &nc, kpi->pwszContainerName, 0, 0); + r = pNCryptOpenKey(*sctx, &nc, kpi->pwszContainerName, 0, NCRYPT_MACHINE_KEY_FLAG); if (FAILED(r)) { ret = gnutls_assert_val ``` * http://david.woodhou.se/libgnutls-30.dll.local_machine-flag 8499e243e43d953ab6ae3a527b7e572808926bb410ab998f521a4d3b9af587e9 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951847006 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 22:41:30 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 20:41:30 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: Thanks @bwickman97 for spotting that. So, if this actually works I think what we need to do is add a `location=` field to the key URI (and perhaps also a `store=`?) so that URLs look something like `system:win:location=local_machine;store=MY;id=xxx`. Then gnutls_system_key_iter_get_info() can iterate over *all* locations/stores (and perhaps the flags field starts to indicate *which* to iterate over?) Might be interesting to standardise on the format used by PowerShell and the OpenSSL engine/store though? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951861675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 22:48:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 20:48:43 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: It works now! You guys are fantastic. I am not connected to VPN without hacking anything :smile: @dwmw2 How can I use this patched DLL in conjunction with openconnect GUI? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951872022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 22:56:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 20:56:14 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: Brian Wickman commented: Glad I could help. Just happened to see this issue while looking up something else. It might be easier for the end user to combine the two fields into one `path` similar to PowerShell. So my thought would be something like: `system:win:local_machine\my...` and since the "my" folder is the 99% case then just assume that that was the intention if not specified. Similarly, assume the current user store (vs machine store) if no path is specified at all. That way the existing URL scheme still works and keeps the same behavior as it does now (current user and "my" folder). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951880756 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 18 23:03:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 May 2022 21:03:25 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: David Woodhouse commented: > @dwmw2 How can I use this patched DLL in conjunction with openconnect GUI? Er... how do we even make the OpenConnect-GUI installer again? If you install the version of openconnect-gui that you had originally, that'll give you stuff like spdlog dll. Then drop in all the files from the CLI openconnect-installer you've just been testing with, and replace openconnect-gui.exe with http://david.woodhou.se/openconnect-gui-machine.exe (9da718dd998d3f16ff84b73a07a6a0058d779743d688b1d5851b68fea12731b4). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_951885372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 06:48:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 04:48:32 +0000 Subject: [gnutls-devel] GnuTLS | System key usability issue (#1365) In-Reply-To: References: Message-ID: juxeii commented: Not sure I understand the stuff with `spdlog`. In order for other people to follow with a clean installation of the GUI, I downloaded and installed it from `https://github.com/openconnect/openconnect-gui/releases` This installer has not `spdlog.dll` or similar. Then I copied all files form the CLI over to this installation and replaced the GUI exe with the patched one above. Upon start it says that `libspdlog.dll` is missing. I then downloaded this dll from here `https://packages.msys2.org/package/mingw-w64-x86_64-spdlog?repo=mingw64` and tried again. This time it stops with a `0xc000007b` error, saying it cannot be started. Why is this `spdlog `needed and why is it not present in the standard installer? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365#note_952160801 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 10:30:20 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 08:30:20 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel4 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich This is a temporary solution for fixing the CI pipeline ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 10:30:18 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 08:30:18 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Reassigned merge request 1594 https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 14:49:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 12:49:25 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Daiki Ueno commented: Let's make it more explicit in the commit log and `tests/Makefile.am` that this is a temporary solution. By the way, after further checking, it seems that the failing tests are feeding some data to gnutls tools from stdin. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594#note_952838226 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 14:49:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 12:49:38 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Merge request !1594 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel4 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 17:02:13 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 15:02:13 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: I've tried to dig down to the root cause for some limited time and failed. I've also independently arrived at a conclusion that redirection plays a role here, but I suspect that it's not just input redirection that's suddenly problematic (e.g., tests/cert-tests/aki.sh also occasionally fails, but uses only output redirection). I've tried eliminating redirection in favor of `--infile`/`--outfile` in `tests/rfc2253-escape-test.sh` (https://gitlab.com/asosedkin/gnutls/-/commit/245b9cf48a4ac7dbf70ae80136f06513d6b80e23), then just `--infile`, and my current feeling is that input redirection fails reliably and output redirection fails probabilistically, but I don't have the hard facts to back that speculation of mine. `Application tried to create a window, but no driver could be loaded` etc. seems like a red herring to me. Please also file an issue to fix and restore the disabled coverage. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594#note_953090751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 17:09:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 15:09:35 +0000 Subject: [gnutls-devel] GnuTLS | Fix/reenable test scripts on mingw (#1371) References: Message-ID: Zolt?n Fridrich created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1371 Currently the testing scripts are disabled on mingw (!1594) due to a failure that occurs while trying to read/write from stdin/stdout. The error looks something like this: ``` 0030:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded. 0030:err:winediag:nodrv_CreateWindow L"Make sure that your X server is running and that $DISPLAY is set correctly." ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 17:11:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 15:11:51 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: here is the issue https://gitlab.com/gnutls/gnutls/-/issues/1371 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594#note_953113228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 17:12:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 15:12:06 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Merge request !1594 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel4 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 17:29:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 15:29:26 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Merge request !1594 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel4 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 17:30:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 15:30:05 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: All discussions on merge request !1590 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 17:30:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 15:30:14 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Merge request !1590 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 17:30:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 15:30:58 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Merge request !1592 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 19 21:19:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 May 2022 19:19:16 +0000 Subject: [gnutls-devel] GnuTLS | Check all OCSP responses (#1372) References: Message-ID: Evan Ward created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1372 ## Description of problem: Currently gnutls-cli fails to verify the server certificate that openssl s_client does verify. Based on the openssl output the relevant OCSP response is the 19th out of 20 responses. In https://gitlab.com/gnutls/gnutls/-/blob/master/lib/cert-session.c#L284 it seems that gnutls only checks the first OCSP response. Gnutls output: ``` |<3>| ASSERT: ../../../lib/x509/ocsp.c[gnutls_ocsp_resp_check_crt]:1414 |<3>| ASSERT: ../../lib/cert-session.c[check_ocsp_response]:286 |<1>| Got OCSP response with an unrelated certificate. |<3>| ASSERT: ../../lib/ocsp-api.c[gnutls_ocsp_status_request_get2]:98 |<3>| ASSERT: ../../../lib/x509/name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 |<3>| ASSERT: ../../../lib/x509/name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 - Status: The certificate is NOT trusted. The received OCSP status response is invalid. *** PKI verification of server certificate failed... |<3>| ASSERT: ../../lib/handshake.c[_gnutls_run_verify_callback]:3000 |<3>| ASSERT: ../../lib/handshake.c[handshake_client]:3119 *** Fatal error: Error in the certificate. ``` The message "Got OCSP response with an unrelated certificate." is correct as 19 unrelated responses were received. That should not preclude verifying the one valid response. ## Version of gnutls used: 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: 100% reproducible for the particular site. Steps to Reproduce: * Find a server that includes OCSP responses for many unrelated certificates along with the correct response. Make sure the correct response is not first in the list. Say example.com * gnutls-cli example.com * observe failure to verify certs ## Actual results: see description ## Expected results: gnutls checks all OCSP responses before deciding the OCSP is invalid. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 20 03:02:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 May 2022 01:02:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Jeremy Whiting commented: Looks like only the mingw tests are failing, looking at the rfc2253 one it's trying to do X stuff on windows vista? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_953813741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 21 07:29:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 May 2022 05:29:07 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Daiki Ueno commented: I suspect that this might be a regression between wine 7.2 and 7.5; in particular, [this](https://bugs.winehq.org/show_bug.cgi?id=52743) might be relevant, though I couldn't work it around using `wine64` instead of `wine` as suggested. @mooninite perhaps you have some insights? If there is a wine 7.8 package we could run the test with it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594#note_955302160 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 21 13:09:43 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 May 2022 11:09:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.7.5 libgnutls-symbols.expsym not in: lib/.libs/libgnutls.30.dylib (#1370) In-Reply-To: References: Message-ID: Marius Schamschula commented: See: https://github.com/macports/macports-ports/pull/14613#issuecomment-1121898829 and https://trac.macports.org/ticket/53295 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1370#note_955372109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 21 13:11:05 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 May 2022 11:11:05 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.7.5 libgnutls-symbols.expsym not in: lib/.libs/libgnutls.30.dylib (#1370) In-Reply-To: References: Message-ID: Marius Schamschula commented: For the moment using the workaround `configure.args-append --disable-hardware-acceleration` This is not a good permanent solution. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1370#note_955372436 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 22 07:31:58 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 May 2022 05:31:58 +0000 Subject: [gnutls-devel] cligen | Add two missing SPDX-License-Identifier tags. (!1) In-Reply-To: References: Message-ID: Reassigned merge request 1 https://gitlab.com/gnutls/cligen/-/merge_requests/1 Assignee changed to Andreas Metzler -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/1 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 22 07:32:03 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 May 2022 05:32:03 +0000 Subject: [gnutls-devel] cligen | Add two missing SPDX-License-Identifier tags. (!1) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/cligen/-/merge_requests/1 Project:Branches: ametzler/cligen:2022-more-spdx to gnutls/cligen:main Author: Andreas Metzler Assignee: Andreas Metzler A trivial change, adding two missing PDX-License-Identifier tags. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/1 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 07:40:21 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 05:40:21 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_955954717 the mingw test failure is unrelated to gnutls afaik -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_955954717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 07:40:29 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 05:40:29 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: All discussions on merge request !1592 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 09:34:39 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 07:34:39 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Merge request !1592 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 09:34:49 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 07:34:49 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Merge request !1590 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 09:40:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 07:40:47 +0000 Subject: [gnutls-devel] GnuTLS | Add release steps for windows builds (!1590) In-Reply-To: References: Message-ID: Merge request !1590 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1590 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 10:08:16 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 08:08:16 +0000 Subject: [gnutls-devel] GnuTLS | Build error when enable fips under cross compile (#1373) References: Message-ID: leimaohui created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1373 ## Description of problem: When enable fips, the following build error happens: ./fipshmac > .libs/.gnutls.hmac-t && mv .libs/.gnutls.hmac-t .libs/.gnutls.hmac libtool: link: (cd ".libs" && rm -f "libgnutlsxx.so.30" && ln -s "libgnutlsxx.so.30.0.0" "libgnutlsxx.so.30") libtool: link: (cd ".libs" && rm -f "libgnutlsxx.so" && ln -s "libgnutlsxx.so.30.0.0" "libgnutlsxx.so") /ubinux-dev/ubinux002/build-poky/tmp/work/core2-32-poky-linux/gnutls/3.7.5-r0/build/lib/.libs/lt-fipshmac: error while loading shared libraries: libgnutls.so.30: cannot open shared object file: No such file or directory I think fipshmac command should not be executed on cross compile environment, and it should be executed on target, isn't it? ## Version of gnutls used: 3.7.5 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Isn't related to Distributor. ## How reproducible: In a cross compile environment. Steps to Reproduce: * one * two * three ## Actual results: ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 10:38:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 08:38:19 +0000 Subject: [gnutls-devel] GnuTLS | Build error when enable fips under cross compile (#1373) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Hello and thank you for the report. I am not sure if this issue is cross-compilation specific. From what I know, if I try to build gnutls with fips mode enabled on the system (setting the flag --enable-fips140-mode for gnutls does not trigger this by itself) the build fails because fipshmac is executed but libgnutls.so is not yet created. Build should succeed if you build gnutls with --enable-fips140-mode but the system is not in fips mode. We will look further into this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1373#note_956160237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 10:42:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 08:42:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.7.5 libgnutls-symbols.expsym not in: lib/.libs/libgnutls.30.dylib (#1370) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Hello and thank you for the bug report and additional references. However, bugfix will not be part of the upcoming 3.7.6 release but I will schedule this for 3.7.7. We will look into it and see what we can do. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1370#note_956168504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 11:01:32 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 09:01:32 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1592 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1592) Issue #1367: https://gitlab.com/gnutls/gnutls/-/issues/1367 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 11:01:34 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 09:01:34 +0000 Subject: [gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592) In-Reply-To: References: Message-ID: Merge request !1592 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 11:10:07 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 09:10:07 +0000 Subject: [gnutls-devel] GnuTLS | mp_set_memory_functions (#1367) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.6 (May 15, 2022?Jul 15, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/35 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1367 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 11:14:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 09:14:14 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.7.5 libgnutls-symbols.expsym not in: lib/.libs/libgnutls.30.dylib (#1370) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.7 (Jun 1, 2022?Jul 1, 2022) ( https://gitlab.com/gnutls/gnutls/-/milestones/36 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1370 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 12:22:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 10:22:26 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.6 release (!3) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 12:22:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 10:22:26 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.6 release (!3) In-Reply-To: References: Message-ID: Reassigned merge request 3 https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 12:45:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 10:45:36 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.7.5 libgnutls-symbols.expsym not in: lib/.libs/libgnutls.30.dylib (#1370) In-Reply-To: References: Message-ID: Marius Schamschula commented: Thanks for the update! I'll keep an eye out for it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1370#note_956367530 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 14:39:59 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 12:39:59 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.6 release (!3) In-Reply-To: References: Message-ID: Reviewer changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 23 16:36:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 May 2022 14:36:44 +0000 Subject: [gnutls-devel] GnuTLS | libdane: fix typo in Makefile.am (!1595) References: Message-ID: Asad Mehmood created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595 Project:Branches: mehmooda/gnutls:mehmooda-master-patch-83491 to gnutls/gnutls:master Author: Asad Mehmood Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 24 11:52:19 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 May 2022 09:52:19 +0000 Subject: [gnutls-devel] GnuTLS | Segfaults on verify callout in _gnutls_trust_list_get_issuer (#1374) References: Message-ID: Tobias Heider created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1374 This issue was originally reported in the Ubuntu bug tracker, I am forwarding it here since it looks like it might be an upstream GnuTLS bug. [Original report](https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1974214). > We are experiencing segfaults in exim since upgrading from impish (4.94.2-7ubuntu2 with libgnutls30 3.7.1-5ubuntu1) to jammy (4.95-4ubuntu2 with libgnutls30 3.7.3-4ubuntu1), in _gnutls_trust_list_get_issuer, seemingly in the sender/recipient verify callout during message submission. > > Typically the initial attempt to submit a message crashes an exim child thread, but the same message is accepted when the sender retries. > > gdb backtrace: ``` Thread 2.1 "exim4" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fe2f844d080 (LWP 29278)] 0x00007fe2f8f3eb2b in _gnutls_trust_list_get_issuer (flags=, issuer=, cert=, list=) at x509/../../../lib/x509/verify-high.c:1026 1026 x509/../../../lib/x509/verify-high.c: No such file or directory. (gdb) bt #0 0x00007fe2f8f3eb2b in _gnutls_trust_list_get_issuer (flags=, issuer=, cert=, list=) at x509/../../../lib/x509/verify-high.c:1026 #1 gnutls_x509_trust_list_get_issuer (list=list at entry=0x55ef6bd9c260, cert=0x55ef6bd9be20, issuer=issuer at entry=0x7ffc82dba510, flags=flags at entry=16) at x509/../../../lib/x509/verify-high.c:1129 #2 0x00007fe2f8f3f679 in gnutls_x509_trust_list_verify_crt2 (list=0x55ef6bd9c260, cert_list=0x7ffc82dba5c0, cert_list_size=, data=, elements=, flags=33554432, voutput=0x7ffc82dba888, func=0x0) at x509/../../../lib/x509/verify-high.c:1522 #3 0x00007fe2f8ed7516 in _gnutls_x509_cert_verify_peers (status=0x7ffc82dba888, elements=0, data=0x0, session=0x55ef6c0c1150) at ../../lib/cert-session.c:597 #4 gnutls_certificate_verify_peers (session=0x55ef6c0c1150, data=data at entry=0x0, elements=elements at entry=0, status=status at entry=0x7ffc82dba888) at ../../lib/cert-session.c:776 #5 0x00007fe2f8ed8000 in gnutls_certificate_verify_peers2 (session=, status=status at entry=0x7ffc82dba888) at ../../lib/cert-session.c:653 #6 0x000055ef6b7698ef in verify_certificate (state=, errstr=0x7ffc82dbaa20) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/tls-gnu.c:2519 #7 0x000055ef6b7a5d7b in tls_client_start.constprop.0 (cctx=cctx at entry=0x55ef6be0e688, conn_args=conn_args at entry=0x55ef6bdfe5f8, tlsp=0x55ef6b7f59c0 , errstr=errstr at entry=0x7ffc82dbaa20, cookie=) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/tls-gnu.c:3593 #8 0x000055ef6b78b0ef in smtp_setup_conn (sx=0x55ef6bdfe5e8, suppress_tls=) at transports/smtp.c:2673 #9 0x000055ef6b776350 in do_callout (pm_mailfrom=, se_mailfrom=, options=, callout_connect=, callout_overall=, callout=, tf=0x7ffc82dbbc10, host_list=, addr=0x7ffc82dbbdd0) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/verify.c:677 #10 verify_address (vaddr=, fp=, options=, callout=, callout_overall=, callout_connect=, se_mailfrom=, pm_mailfrom=, routed=) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/verify.c:1947 #11 0x000055ef6b6f1660 in acl_verify (where=where at entry=0, addr=addr at entry=0x7ffc82dbc5e0, arg=0x55ef6babc2b8 "recipient/defer_ok/callout=30s,defer_ok,use_postmaster", user_msgptr=user_msgptr at entry=0x7ffc82dbca50, log_msgptr=log_msgptr at entry=0x7ffc82dbca58, basic_errno=basic_errno at entry=0x7ffc82dbc38c) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:2168 #12 0x000055ef6b6f479e in acl_check_condition (level=, basic_errno=0x7ffc82dbc38c, log_msgptr=, user_msgptr=, epp=, addr=, where=, cb=0x55ef6babc298, verb=) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:3838 #13 acl_check_internal (where=where at entry=0, addr=addr at entry=0x7ffc82dbc5e0, s=s at entry=0x55ef6bab9990 "acl_check_rcpt", user_msgptr=user_msgptr at entry=0x7ffc82dbca50, log_msgptr=log_msgptr at entry=0x7ffc82dbca58) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:4225 #14 0x000055ef6b6f7b9e in acl_check (where=0, recipient=, s=0x55ef6bab9990 "acl_check_rcpt", user_msgptr=0x7ffc82dbca50, log_msgptr=0x7ffc82dbca58) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:4539 #15 0x000055ef6b75c2fd in smtp_setup_msg () at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/smtp_in.c:5283 #16 0x000055ef6b6e5cda in handle_smtp_call (accepted=0x7ffc82dbceb0, accept_socket=, listen_socket_count=, listen_sockets=) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/daemon.c:551 #17 daemon_go () at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/daemon.c:2594 #18 main (argc=, cargv=) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/exim.c:4947 ``` A similar issue has been discussed on the [exim4 mailing list](https://lists.exim.org/lurker/message/20211008.224037.c1fee944.gl.html), but I couldn't find a corresponding upstream bug report. It looks like #1277 might be related but the reported version already contains the fix for that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1374 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 24 13:58:00 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 May 2022 11:58:00 +0000 Subject: [gnutls-devel] GnuTLS | Segfaults on verify callout in _gnutls_trust_list_get_issuer (#1374) In-Reply-To: References: Message-ID: Andreas Metzler commented: This is a recently fixed bug on exim's side, not a gnutls issue. https://bugs.exim.org/show_bug.cgi?id=2886 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1374#note_958048822 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 24 14:00:44 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 May 2022 12:00:44 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Michael Cronenworth commented: I am not familiar with this issue, but I pushed Wine 7.9 to Fedora if that helps you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594#note_958053063 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 24 14:47:27 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 May 2022 12:47:27 +0000 Subject: [gnutls-devel] GnuTLS | Segfaults on verify callout in _gnutls_trust_list_get_issuer (#1374) In-Reply-To: References: Message-ID: Issue was closed by Tobias Heider Issue #1374: https://gitlab.com/gnutls/gnutls/-/issues/1374 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1374 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 24 14:47:26 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 May 2022 12:47:26 +0000 Subject: [gnutls-devel] GnuTLS | Segfaults on verify callout in _gnutls_trust_list_get_issuer (#1374) In-Reply-To: References: Message-ID: Tobias Heider commented: Thank you Andreas, I must have missed that one! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1374#note_958134226 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 24 16:46:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 May 2022 14:46:48 +0000 Subject: [gnutls-devel] GnuTLS | libdane: fix typo in Makefile.am (!1595) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Hello, change looks good. Can you please add Signed-off-by part to your commit message so the CI will pass? It should look something like this `Signed-off-by: Firstname Lastname ` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595#note_958370682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 24 19:12:54 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 May 2022 17:12:54 +0000 Subject: [gnutls-devel] GnuTLS | `certtool` permits creation of certificates with "negative" serial numbers (#1237) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: Sorry, this does still seem to be an issue. @ZoltanFridrich 's example is not an example of the stated problem: the fact that zero is out of bounds doesn't have anything to do with the fact that some bitstring serial numbers might have the high bit set. For example, if i offer the example hex string (`0xabcd`) as the serial number, the [produced certificate](/uploads/1eef43ae81491ccbfb7a941a1a6c5aac/x.crt.txt)produced certificate has the high bit set in the serial number. `dumpasn1` even complains about it: ``` 13 2: INTEGER 43981 : Error: Integer is encoded as a negative value. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1237#note_958565139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 24 19:12:55 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 May 2022 17:12:55 +0000 Subject: [gnutls-devel] GnuTLS | `certtool` permits creation of certificates with "negative" serial numbers (#1237) In-Reply-To: References: Message-ID: Issue was reopened by Daniel Kahn Gillmor Issue 1237: https://gitlab.com/gnutls/gnutls/-/issues/1237 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 25 15:01:01 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 May 2022 13:01:01 +0000 Subject: [gnutls-devel] GnuTLS | libdane: fix typo in Makefile.am (!1595) In-Reply-To: References: Message-ID: Merge request !1595 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595 Project:Branches: mehmooda/gnutls:mehmooda-master-patch-83491 to gnutls/gnutls:master Author: Asad Mehmood Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 25 15:12:47 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 May 2022 13:12:47 +0000 Subject: [gnutls-devel] GnuTLS | libdane: fix typo in Makefile.am (!1595) In-Reply-To: References: Message-ID: Merge request !1595 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595 Project:Branches: mehmooda/gnutls:mehmooda-master-patch-83491 to gnutls/gnutls:master Author: Asad Mehmood Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 25 17:26:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 May 2022 15:26:02 +0000 Subject: [gnutls-devel] GnuTLS | libdane: fix typo in Makefile.am (!1595) In-Reply-To: References: Message-ID: Merge request !1595 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595 Project:Branches: mehmooda/gnutls:mehmooda-master-patch-83491 to gnutls/gnutls:master Author: Asad Mehmood -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1595 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 26 05:47:48 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 May 2022 03:47:48 +0000 Subject: [gnutls-devel] abi-dump | [WIP] (DO NOT MERGE YET) Regenerate from 3.7.6 release (!3) In-Reply-To: References: Message-ID: Merge request !3 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 26 07:00:51 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 May 2022 05:00:51 +0000 Subject: [gnutls-devel] GnuTLS | Build error when enable fips under cross compile (#1373) In-Reply-To: References: Message-ID: Daiki Ueno commented: Given that `fipshmac` internally `dlopen`'s shared libraries, it wouldn't work under cross-compilation settings. I see a couple of approaches: 1. skip `.hmac` generation under cross-compilation: it should be sufficient as long as the generated binaries are not directly executable (it may not be the case if `binfmt_misc` is set up as in our aarch64 CI) 2. enhance `fipshmac` to cover the cross-compilation scenario: it could take the paths of target libraries instead of `dlopen` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1373#note_960570808 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 26 09:23:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 May 2022 07:23:33 +0000 Subject: [gnutls-devel] GnuTLS | Disable test scripts on windows (!1594) In-Reply-To: References: Message-ID: Daiki Ueno commented: @mooninite thank you! I've [tried](https://gitlab.com/dueno/gnutls/-/commit/6392694c0fd885741b0705df2cafe26eed9dcd88#587d266bb27a4dc3022bbed44dfa19849df3044c_138_138) and confirmed that it indeed [fixes](https://gitlab.com/dueno/gnutls/-/jobs/2508623982) the issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1594#note_960669567 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 26 10:06:10 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 May 2022 08:06:10 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.6 release (!3) In-Reply-To: References: Message-ID: Reviewer changed from Daiki Ueno to Unassigned -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 26 10:17:14 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 May 2022 08:17:14 +0000 Subject: [gnutls-devel] GnuTLS | Build error when enable fips under cross compile (#1373) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1373#note_960727887 2. that would actually be a very simple change -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1373#note_960727887 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 26 20:29:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 May 2022 18:29:09 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.6 release (!3) In-Reply-To: References: Message-ID: Daiki Ueno commented: @ZoltanFridrich I'm ok with merging this, but in general it is not necessary to update the dump files if there are no changes in the ABI. Doesn't `make abi-check` succeed without this change? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3#note_961503768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 09:29:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 07:29:41 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.7.6 release (!3) In-Reply-To: References: Message-ID: Merge request !3 was closed by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 09:30:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 07:30:38 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.6 (!1596) In-Reply-To: References: Message-ID: Reassigned merge request 1596 https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 09:30:40 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 07:30:40 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.6 (!1596) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 09:57:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 07:57:41 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.6 (!1596) In-Reply-To: References: Message-ID: Merge request !1596 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 10:04:52 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 08:04:52 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.6 (!1596) In-Reply-To: References: Message-ID: Merge request !1596 was scheduled to merge after pipeline succeeds by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 12:13:35 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 10:13:35 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.6 (!1596) In-Reply-To: References: Message-ID: Merge request !1596 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 13:50:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 11:50:22 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.6 release (!4) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/4 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 13:50:22 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 11:50:22 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.6 release (!4) In-Reply-To: References: Message-ID: Reassigned merge request 4 https://gitlab.com/gnutls/web-pages/-/merge_requests/4 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 13:50:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 11:50:36 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.7.6 release (!4) In-Reply-To: References: Message-ID: Merge request !4 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/4 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 27 16:12:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 14:12:02 +0000 Subject: [gnutls-devel] GnuTLS | How to test QUIC implementation with shipped binaries? (#1375) References: Message-ID: Paul Menzel created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1375 Can the QUIC implementation added in merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1353/ be tested with the shipped binaries like `gnutls-cli`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1375 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 28 00:05:02 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 May 2022 22:05:02 +0000 Subject: [gnutls-devel] GnuTLS | How to test QUIC implementation with shipped binaries? (#1375) In-Reply-To: References: Message-ID: Daiki Ueno commented: `gnutls-cli` and `gnutls-serv` currently do not support QUIC, while ngtcp2 includes [examples](https://github.com/ngtcp2/ngtcp2/tree/main/examples) which can be compiled with GnuTLS, as well as there is a simple echo [program](https://gitlab.com/dueno/quic-echo) I wrote some time ago, though the included ngtcp2 submodule is a bit behind the latest release. It might make sense to port them to `gnutls-cli` and `gnutls-serv`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1375#note_963007389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat May 28 15:07:06 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 May 2022 13:07:06 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Hannes Reinecke commented: Thanks for doing this. Patch look okay from my side. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_963216464 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 29 04:15:17 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 29 May 2022 02:15:17 +0000 Subject: [gnutls-devel] GnuTLS | build: Revert "Disable test scripts on windows" (!1597) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 Project:Branches: dueno/gnutls:wip/dueno/mingw-tests to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno This reverts commit d2b99e3b3429e9b9a6fbff46598fd4c6a0910f65. It turned out that the test failures under mingw were caused by a regression in wine 7.5, possibly: https://bugs.winehq.org/show_bug.cgi?id=52743 Now that the latest wine package based on wine 7.9 has no issues with running those test scripts, this enables them again in the build process. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 29 04:15:38 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 29 May 2022 02:15:38 +0000 Subject: [gnutls-devel] GnuTLS | build: Revert "Disable test scripts on windows" (!1597) In-Reply-To: References: Message-ID: Reassigned merge request 1597 https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 29 04:55:33 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 29 May 2022 02:55:33 +0000 Subject: [gnutls-devel] GnuTLS | build: Revert "Disable test scripts on windows" (!1597) In-Reply-To: References: Message-ID: Reviewer changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 30 10:27:31 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 May 2022 08:27:31 +0000 Subject: [gnutls-devel] GnuTLS | build: Revert "Disable test scripts on windows" (!1597) In-Reply-To: References: Message-ID: Merge request !1597 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 Project:Branches: dueno/gnutls:wip/dueno/mingw-tests to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 30 10:28:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 May 2022 08:28:09 +0000 Subject: [gnutls-devel] GnuTLS | Fix/reenable test scripts on mingw (#1371) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1597 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1597) Issue #1371: https://gitlab.com/gnutls/gnutls/-/issues/1371 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 30 10:28:09 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 May 2022 08:28:09 +0000 Subject: [gnutls-devel] GnuTLS | build: Revert "Disable test scripts on windows" (!1597) In-Reply-To: References: Message-ID: Merge request !1597 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 Project:Branches: dueno/gnutls:wip/dueno/mingw-tests to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1597 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 30 14:52:36 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 May 2022 12:52:36 +0000 Subject: [gnutls-devel] GnuTLS | Android: undefined reference to rpl_malloc (#1376) References: Message-ID: Adrien B?raud created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1376 ## Description of problem: When cross compiling GnuTLS for Android using the NDK (reproduced with r23 and r25), GnuTLS declares `rpl_malloc` but doesn't seem to build an implementation, causing a link error: `cannot locate symbol "rpl_malloc"` ## Version of gnutls used: Bug reproduced with GnuTLS 3.7.6 This seems to be a regression, since the bug can't be reproduced with GnuTLS 3.7.1 ## Distributor of gnutls Using official tarballs from gnupg.org. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1376 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 30 14:56:12 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 May 2022 12:56:12 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) References: Message-ID: Adrien B?raud created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1377 ## Description of problem: When cross compiling GnuTLS for Android (aarch64) using the NDK r25, the build fails with the following error: `clang-14: error: the clang compiler does not support '-march=all'`. ## Version of gnutls used: Bug reproduced with GnuTLS 3.7.6 ## Distributor of gnutls Using official tarballs from gnupg.org. ## Actual results: ``` make[4]: Entering directory 'native-aarch64-linux-android/gnutls/lib/accelerated/aarch64' CC aarch64-common.lo CC sha-aarch64.lo CC hmac-sha-aarch64.lo CC aes-cbc-aarch64.lo CC aes-gcm-aarch64.lo CC aes-ccm-aarch64.lo CCAS elf/sha1-armv8.lo clang-14: error: the clang compiler does not support '-march=all' ``` ## Expected results: Build should succeed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 30 16:16:25 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 May 2022 14:16:25 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Issue was closed by Adrien B?raud Issue #1377: https://gitlab.com/gnutls/gnutls/-/issues/1377 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 30 16:16:41 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 May 2022 14:16:41 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Adrien B?raud commented: Was fixed in latest version -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_964636103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 30 22:58:24 2022 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 May 2022 20:58:24 +0000 Subject: [gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_965046526 > + > +** libgnutls: Length limit for TLS PSK usernames has been increased > + from 128 to 65535 characters. Let's reference the issue number (or this PR). Also expand the commit log. -- Daiki Ueno started a new discussion on lib/auth/psk.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_965046533 > + gnutls_free(info->username); > + info->username = gnutls_malloc(username->size + 1); > + assert(info->username); Can we change the return type of this function to `int` and propagate `GNUTLS_E_MEMORY_ERROR` to the caller? -- Daiki Ueno started a new discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_965046538 > > -#define MAX_USERNAME_SIZE 128 > +#define MAX_USERNAME_SIZE 65535 Maybe good to mention why we chose this limit e.g., RFC 4279 [section 2](https://datatracker.ietf.org/doc/html/rfc4279#section-2) and RFC 8446 [section 4.2.11](https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.11) ? -- Daiki Ueno started a new discussion on lib/handshake-checks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_965046540 > - strncmp(session->internals.saved_username, username, username_length) != 0) { > + if (session->internals.saved_username) { > + int saved_username_length = strlen(session->internals.saved_username); We have added support for non-NULL-terminated PSK usernames since https://gitlab.com/gnutls/gnutls/-/merge_requests/917. Is the usage of `strlen` safe with such usernames? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: