From gnutls-devel at lists.gnutls.org Sat Apr 1 02:57:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 00:57:53 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337594311 > #include "intprops.h" > > +#include This shouldn't be necessary; for library source files `` is included through `"gnutls_int.h"`. -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337594312 > + > + /* genrating random permute */ > + gnutls_global_init(); We shouldn't call `gnutls_global_init` (and `_deinit`) in the library code; it should be implicitly called through ELF [constructor](https://gcc.gnu.org/onlinedocs/gcc-12.2.0/gcc/Common-Function-Attributes.html#index-constructor-function-attribute). -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337594313 > + sizeof(uint32_t)); > + if (ret < 0) > + return -1; Let's just return `ret` (which is be one of the `GNUTLS_E_*` values and represents the reason of the failure). -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337594315 > + } > + > + /* genrating random permute */ Typo: `genrating` ? `generating`. Also I'd suggest `permute` ? `permutation`. -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337594318 > + for (uint32_t i = sz - 1; i > 0; i--) { > + int ret = gnutls_rnd(GNUTLS_RND_RANDOM, (void *)&rnd_n, > + sizeof(uint32_t)); We could reduce the size of random value, as we are sending at most 64 extensions at a time. -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337594320 > + /* To shuffle extension sending order */ > + uint32_t shuffled_n[MAX_EXT_TYPES]; > + ret = shuffle_arr(shuffled_n, MAX_EXT_TYPES); As mentioned in the issue description, `pre_shared_key` exntesion (and maybe `padding`) must always be processed at last, because it needs to [calculate](https://www.rfc-editor.org/rfc/rfc8446#section-4.2.11) the hash of ClientHello content for binders. -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337594321 > + uint32_t temp = arr[i]; > + arr[i] = arr[j]; > + arr[j] = temp; This algorithm seems to be equivalent to the modern version of the Fisher?Yates shuffle as in [Wikipedia](https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle); kudos you ended up with it :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 06:43:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 04:43:15 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337631264 > + return gnutls_assert_val(ret); > + > + /* oderdering dumbfw and pre_shared_key as last extensions */ Can't we simply `shuffle_arr(shuffled_n, MAX_EXT_TYPES - 2)`? Also typo: "orderdering" ? "ordering" -- Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337631266 > > +static > +int shuffle_arr(uint8_t * arr, uint8_t sz) Actually there is a special enum type `extensions_t`. So I would make this function more specific like: ```c static int shuffle_exts(extensions_t *exts, size_t size) { ... } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 07:10:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 05:10:09 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: @Ajit commented on a discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337634536 > ret - 4); > } > > + /* To shuffle extension sending order */ > + uint8_t shuffled_n[MAX_EXT_TYPES]; > + ret = shuffle_arr(shuffled_n, MAX_EXT_TYPES); > + if (ret < 0) > + return gnutls_assert_val(ret); > + > + /* oderdering dumbfw and pre_shared_key as last extensions */ `MAX_EXT_TYPES=64`, and `GNUTLS_EXTENSION_PRE_SHARED_KEY=26` so we couldn't. { sorry for typos >_< } -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337634536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 09:27:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 07:27:26 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337654613 > ret - 4); > } > > + /* To shuffle extension sending order */ > + uint8_t shuffled_n[MAX_EXT_TYPES]; > + ret = shuffle_arr(shuffled_n, MAX_EXT_TYPES); > + if (ret < 0) > + return gnutls_assert_val(ret); > + > + /* oderdering dumbfw and pre_shared_key as last extensions */ That's a good point; we allocate `extfuncs` more than `GNUTLS_EXTENSION_MAX` as we support sending custom extensions through `gnutls_ext_register`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337654613 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 09:29:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 07:29:27 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337655752 > } > > + /* To shuffle extension sending order */ > + extensions_t shuffled_exts[MAX_EXT_TYPES]; > + ret = shuffle_exts(shuffled_exts, MAX_EXT_TYPES); > + if (ret < 0) > + return gnutls_assert_val(ret); > + > + /* ordering dumbfw and pre_shared_key as last extensions */ > + extensions_t temp = shuffled_exts[MAX_EXT_TYPES - 2]; > + shuffled_exts[MAX_EXT_TYPES - 2] = GNUTLS_EXTENSION_DUMBFW; > + shuffled_exts[GNUTLS_EXTENSION_DUMBFW] = temp; > + > + temp = shuffled_exts[MAX_EXT_TYPES - 1]; > + shuffled_exts[MAX_EXT_TYPES - 1] = GNUTLS_EXTENSION_PRE_SHARED_KEY; > + shuffled_exts[GNUTLS_EXTENSION_PRE_SHARED_KEY] = temp; Now we have 3 places doing element swapping; maybe we could define an inline function for that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337655752 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 09:38:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 07:38:57 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: @Ajit commented on a discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337657790 > } > > + /* To shuffle extension sending order */ > + extensions_t shuffled_exts[MAX_EXT_TYPES]; > + ret = shuffle_exts(shuffled_exts, MAX_EXT_TYPES); > + if (ret < 0) > + return gnutls_assert_val(ret); > + > + /* ordering dumbfw and pre_shared_key as last extensions */ > + extensions_t temp = shuffled_exts[MAX_EXT_TYPES - 2]; > + shuffled_exts[MAX_EXT_TYPES - 2] = GNUTLS_EXTENSION_DUMBFW; > + shuffled_exts[GNUTLS_EXTENSION_DUMBFW] = temp; > + > + temp = shuffled_exts[MAX_EXT_TYPES - 1]; > + shuffled_exts[MAX_EXT_TYPES - 1] = GNUTLS_EXTENSION_PRE_SHARED_KEY; > + shuffled_exts[GNUTLS_EXTENSION_PRE_SHARED_KEY] = temp; Yeahhh!, I'll do that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337657790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 09:43:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 07:43:00 +0000 Subject: [gnutls-devel] GnuTLS | Export the DH functionality (#894) In-Reply-To: References: Message-ID: akun demo slot 4d slot5000 agentotoplay commented: Another resource : * [Situs DEMO SLOT](https://gitlab.com/gitlab-com/federal/-/issues/14416#note_1337654168) * [SLOT DEMO](https://gitlab.com/gitlab-com/federal/-/issues/14416#note_1337654168) * [Akun Demo Slot](https://gitlab.com/gitlab-com/federal/-/issues/14416#note_1337654168) * [DEMO SLOT PRAGMATIC](https://gitlab.com/gitlab-com/federal/-/issues/14416#note_1337654168) * [SLOT DEMO PRAGMATIC](https://gitlab.com/gitlab-com/federal/-/issues/14416#note_1337654168) * [AGENTOTOPLAY](https://gitlab.com/gitlab-com/federal/-/issues/14512) * [LINK AGENTOTOPLAY](https://gitlab.com/gitlab-com/federal/-/issues/14512) * [SITUS AGENTOTOPLAY](https://gitlab.com/gitlab-com/federal/-/issues/14512) * [GAME SLOT](https://gitlab.com/gitlab-com/federal/-/issues/14512) * [SLOT 4D](https://gitlab.com/gitlab-com/federal/-/issues/14512) * [SLOT DEMO](https://gitlab.com/gitlab-com/federal/-/issues/14512) * [DEMO SLOT](https://gitlab.com/gitlab-com/federal/-/issues/14512) * [Slot 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Slot5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Slot Gacor 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Situs Slot 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Bandar Slot 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Agen Slot 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Slot Pulsa 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Slot Gacor Pulsa 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Slot Gacor Maxwin 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Slot Online 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) * [Situs Slot Online 5000](https://gitlab.com/gitlab-com/federal/-/issues/14534#note_1337656985) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/894#note_1337658246 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 12:02:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 10:02:42 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: Daiki Ueno commented: Nice work! The only CI failures I see are in the tests expecting fixed extension order; maybe we could have an option (maybe a priority string modifier, in `lib/priority_options.gperf`) to not reorder the extensions? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337678691 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 12:32:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 10:32:50 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: @Ajit commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337682744 thankss :dancer: , I'll try O.o -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337682744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 12:42:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 10:42:37 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: @Ajit commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337683932 it's kinda new to me, so like I have doubt after having an option for `not reorder extensions` do we have to modify tests too? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337683932 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 13:50:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 11:50:21 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: @Ajit commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337693064 do we also have to change tests to use `not reorder` options?? or can have option to use `reorder exts` for src/gnutls-cli
Kinda confused here >_< -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337693064 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 1 18:17:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 16:17:53 +0000 Subject: [gnutls-devel] GnuTLS | Make check fails on (#1478) References: Message-ID: Ahmed Zaki created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1478 ## Description of problem: After building gnutls I do get quite a few test failures when running make check. ## Version of gnutls used: 3.6.16 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) building from source ## How reproducible: Steps to Reproduce: * ./configure --with-included-unistring ``` configure: summary of build options: version: 3.6.16 shared 58:2:28 Host/Target system: x86_64-pc-linux-gnu Build system: x86_64-pc-linux-gnu Install prefix: /usr/local Compiler: gcc Valgrind: no CFlags: -g -O2 Library types: Shared=yes, Static=no Local libopts: yes Local libtasn1: no Local unistring: yes Use nettle-mini: no Documentation: yes (manpages: yes) configure: External hardware support: /dev/crypto: no Hardware accel: x86-64 Padlock accel: yes Random gen. variant: getrandom PKCS#11 support: yes TPM support: no configure: Optional features: (note that included applications might not compile properly if features are disabled) SSL3.0 support: no SSL2.0 client hello: yes Allow SHA1 sign: no DTLS-SRTP support: yes ALPN support: yes OCSP support: yes SRP support: yes PSK support: yes DHE support: yes ECDHE support: yes GOST support: yes Anon auth support: yes Heartbeat support: yes IDNA support: no Non-SuiteB curves: yes FIPS140 mode: no Strict DER time: yes configure: Optional libraries: Guile wrappers: no C++ library: yes DANE library: no OpenSSL compat: no configure: System files: Trust store pkcs11: Trust store dir: Trust store file: /etc/ssl/certs/ca-certificates.crt Blacklist file: CRL file: Configuration file: /etc/gnutls/config DNSSEC root key file: /etc/unbound/root.key ``` * make * make check ## Actual results: Testsuite summary for GnuTLS 3.6.16 ============================================================================ # TOTAL: 458 # PASS: 390 # SKIP: 53 # XFAIL: 0 # FAIL: 15 # XPASS: 0 # ERROR: 0 I am particularly interested in why x509_dn test fails : log shows : ``` FAIL: x509dn ============ trying NORMAL:-VERS-ALL:+VERS-TLS1.2 cert_callback:122: client: could not retrieve RDN 0. server:279: server: Handshake has failed (Error in the pull function.) FAIL x509dn (exit status: 1) ``` ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1478 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 00:58:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 22:58:32 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: All discussions on merge request !1737 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 00:58:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 22:58:14 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: Merge request !1737 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 Project:Branches: peonix/gnutls:dev0 to gnutls/gnutls:master Author: @Ajit Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 01:05:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 23:05:02 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1737 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1737) Issue #1465: https://gitlab.com/gnutls/gnutls/-/issues/1465 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 01:05:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 23:05:01 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: Merge request !1737 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 Project:Branches: peonix/gnutls:dev0 to gnutls/gnutls:master Author: @Ajit -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 01:25:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 23:25:07 +0000 Subject: [gnutls-devel] GnuTLS | fips: add additional pbkdf limit checks as defined in SP 800-132 (!1736) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1736#note_1337813115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 01:25:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 23:25:00 +0000 Subject: [gnutls-devel] GnuTLS | fips: add additional pbkdf limit checks as defined in SP 800-132 (!1736) In-Reply-To: References: Message-ID: Merge request !1736 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1736 Project:Branches: tobhe/gnutls:pbkdf to gnutls/gnutls:master Author: Tobias Heider -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 01:24:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Apr 2023 23:24:51 +0000 Subject: [gnutls-devel] GnuTLS | fips: add additional pbkdf limit checks as defined in SP 800-132 (!1736) In-Reply-To: References: Message-ID: Merge request !1736 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1736 Project:Branches: tobhe/gnutls:pbkdf to gnutls/gnutls:master Author: Tobias Heider Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 02:59:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 02 Apr 2023 00:59:57 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 Project:Branches: dueno/gnutls:wip/dueno/shuffle-exts-followup to gnutls/gnutls:master Author: Daiki Ueno This adds a documentation for this new feature in both the manual and NEWS. Also adding a bit of a refactoring to the code. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 2 04:53:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 02 Apr 2023 02:53:53 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) In-Reply-To: References: Message-ID: @Ajit commented: lot of thankss for helping out, it was so awesome :innocent:
hoping to work with you in GSOC :dagger: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737#note_1337840931 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 3 18:59:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Apr 2023 16:59:17 +0000 Subject: [gnutls-devel] GnuTLS | Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: ATHARVA S MARATHE commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726#note_1339373775 The Author and Signed-off-by are now matched. Apologies for the delayed response -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726#note_1339373775 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 3 18:59:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 03 Apr 2023 16:59:31 +0000 Subject: [gnutls-devel] GnuTLS | Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: All discussions on merge request !1726 were resolved by ATHARVA S MARATHE https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 02:51:45 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 00:51:45 +0000 Subject: [gnutls-devel] GnuTLS | certtool: reject negative serial numbers (!1739) References: Message-ID: Elias Gustafsson created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1739 Project:Branches: Eligus/gnutls:certtool-negative-serial to gnutls/gnutls:master Author: Elias Gustafsson According to RFC 5280 section 4.1.2.2, certificate serial numbers must be positive integers, so `certtool` should reject hexadecimal serial numbers that would be interpreted as negative numbers. This patch adds checks that reject all serial numbers with the high bit set to 1. Fixes #1237 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 05:42:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 03:42:11 +0000 Subject: [gnutls-devel] GnuTLS | certtool: reject negative serial numbers (!1739) In-Reply-To: References: Message-ID: Daiki Ueno commented: It looks good to me; thank you for taking this and also adding the test case! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1739#note_1339938378 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 05:42:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 03:42:15 +0000 Subject: [gnutls-devel] GnuTLS | certtool: reject negative serial numbers (!1739) In-Reply-To: References: Message-ID: Merge request !1739 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1739 Project:Branches: Eligus/gnutls:certtool-negative-serial to gnutls/gnutls:master Author: Elias Gustafsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 05:49:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 03:49:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: Merge request !1726 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 Project:Branches: maratheatharva/gnutls:issue1471 to gnutls/gnutls:master Author: ATHARVA S MARATHE -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 10:03:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 08:03:03 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) References: Message-ID: Ricky-Tigg created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1479 **v.:** 3.8.0 | Hello. The presence of algorithms that are attested either **unsecure**, **non-secure** can be observed as part of some _Priority_ categories (_&1098_), thus it won't be needed to expand the existing report further. We know that it may be solved within eight years. Now Here we can observe that the instructions for `--priority` **are ignored**. Illustration | All those cipher suites were excluded from the query, however as demonstrated, they were not processed accordingly: ``` $ GNU='gnutls-cli -l --priority PFS:-VERS-TLS-ALL:+VERS-TLS1.3' $ $GNU | head -1 && $GNU | grep -v 'TLS1[.]3$' | grep 'TLS1[.][0-9]$' Cipher suites for PFS:-VERS-TLS-ALL:+VERS-TLS1.3 TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2c TLS1.2 TLS_ECDHE_ECDSA_CHACHA20_POLY1305 0xcc, 0xa9 TLS1.2 TLS_ECDHE_ECDSA_AES_256_CCM 0xc0, 0xad TLS1.2 TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a TLS1.0 TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 0xc0, 0x2b TLS1.2 TLS_ECDHE_ECDSA_AES_128_CCM 0xc0, 0xac TLS1.2 TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 TLS1.0 TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2 TLS_ECDHE_RSA_CHACHA20_POLY1305 0xcc, 0xa8 TLS1.2 TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 TLS1.0 TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2 TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 TLS1.0 TLS_DHE_RSA_AES_256_GCM_SHA384 0x00, 0x9f TLS1.2 TLS_DHE_RSA_CHACHA20_POLY1305 0xcc, 0xaa TLS1.2 TLS_DHE_RSA_AES_256_CCM 0xc0, 0x9f TLS1.2 TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 TLS1.0 TLS_DHE_RSA_AES_128_GCM_SHA256 0x00, 0x9e TLS1.2 TLS_DHE_RSA_AES_128_CCM 0xc0, 0x9e TLS1.2 TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 TLS1.0 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 11:38:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 09:38:54 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) In-Reply-To: References: Message-ID: Daiki Ueno commented: Those ciphersuites are listed because they are used in DTLS; with `-VERS-DTLS-ALL`, you would get the desired output: ```console $ gnutls-cli -l --priority PFS:-VERS-TLS-ALL:-VERS-DTLS-ALL:+VERS-TLS1.3 Cipher suites for PFS:-VERS-TLS-ALL:-VERS-DTLS-ALL:+VERS-TLS1.3 TLS_AES_256_GCM_SHA384 0x13, 0x02 TLS1.3 TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 TLS1.3 TLS_AES_128_GCM_SHA256 0x13, 0x01 TLS1.3 TLS_AES_128_CCM_SHA256 0x13, 0x04 TLS1.3 Protocols: VERS-TLS1.3 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479#note_1340321039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 11:47:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 09:47:31 +0000 Subject: [gnutls-devel] GnuTLS | need configurable echo server inactivity timeout (#1471) In-Reply-To: References: Message-ID: Daiki Ueno commented: Should be fixed with !1726. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1471#note_1340342623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 11:49:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 09:49:15 +0000 Subject: [gnutls-devel] GnuTLS | Make check fails (#1478) In-Reply-To: References: Message-ID: Daiki Ueno commented: 3.6.16 is a bit too old. Would you be able to reproduce the issue with 3.8.0 or 3.7.9? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1478#note_1340347179 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 11:47:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 09:47:30 +0000 Subject: [gnutls-devel] GnuTLS | need configurable echo server inactivity timeout (#1471) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1471: https://gitlab.com/gnutls/gnutls/-/issues/1471 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 14:23:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 12:23:33 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) In-Reply-To: References: Message-ID: Ricky-Tigg commented: That is what i had attempted to achieve. According to the structures of our `gnutls-cli` commands, it can be concluded that the complete syntax to filter cipher suites and protocols to enable is `gnutls-cli -l --priority :`. As it is obvious in gnutls-cli(1), 9 Feb. 2023, **there is no mention** covering secondary strings while main strings are dully documented, even twice with `--priority` and `--priority-list`. I took model from a source non-affiliated with the GnuTLS organisation in order to use some of those secondary strings. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479#note_1340604069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 14:59:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 12:59:10 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) In-Reply-To: References: Message-ID: Andreas Metzler commented: Nowadays (version 3.7.9) gnutls-cli(1) doc on --priority only documents PERFORMANCE, NORMAL, et.al and points to the canocial docs for everything else.: > Check the GnuTLS manual on section ?Priority strings? for more information on the allowed keywords Looking at https://www.gnutls.org/manual/html_node/Priority-Strings.html one finds: ``` TLS versions VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2, VERS-TLS1.3, VERS-DTLS0.9, VERS-DTLS1.0, VERS-DTLS1.2. Catch all are VERS-ALL, and will enable all protocols from NORMAL priority. To distinguish between TLS and DTLS versions you can use VERS-TLS-ALL and VERS-DTLS-ALL. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479#note_1340664553 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 16:33:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 14:33:57 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) In-Reply-To: References: Message-ID: Ricky-Tigg commented: "_Nowadays (version 3.7.9) gnutls-cli(1)_" Supposing it is so, that would be the first time i work with a newer version of installed _man_-page from the distribution repository i enabled than the one a developer of a related project works with. That is most improbable. Therefore very link _https://www.gnutls.org/documentation.html_ appears to be **invariably missing** along with each sentence beginning with that formulation: "_Check the GnuTLS manual on section ?Priority strings? for more information on_" Your very mention illustrates it. If only that link could be guessed from the writer's expressions "_GnuTLS manual_" and "_section ?Priority strings?_". It sadly turns to be the most banal issue since related to documentation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479#note_1340854254 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 4 17:54:23 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Apr 2023 15:54:23 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) In-Reply-To: References: Message-ID: Andreas Metzler commented: @Ricky-Tigg wrote "Nowadays (version 3.7.9) gnutls-cli(1)" > Supposing it is so, that would be the first time i work with a newer version of installed man-page from the distribution repository i enabled than the one a developer of a related project works with. That is most improbable. I have a hard time parsing this. You have never said what version of GnuTLS you were unhappy with. > Therefore very link https://www.gnutls.org/documentation.html appears to be invariably missing > along with each sentence beginning with that formulation: > > "Check the GnuTLS manual on section ?Priority strings? for more information on" > Your very mention illustrates it. If only that link could be guessed from the writer's > expressions "GnuTLS manual" and "section ?Priority strings?". It sadly turns to be the most banal issue since related to documentation. I do not get your problem. Was the term "GnuTLS manual" not clear enough? Did you try to find it and failed to find it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479#note_1340994016 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 5 06:42:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Apr 2023 04:42:17 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented: Joy, pipeline succeeded. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1341615761 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 5 08:48:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Apr 2023 06:48:18 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) In-Reply-To: References: Message-ID: Ricky-Tigg commented: _And later_. Well, you lost me for good. Then help did not come to you. And won't come ?for a reason. Nonetheless developers, nothing you can be proud of by leaving one of yours (**assumed**) like that, with trouble to read. Not quite the GNU spirit. But in the meanwhile, i knew what must be done. Here it is: _You_ (that _Andreas Metzle_)_. You did great. Sure you did. And you others, is it not so? Come on, say yes! In short. on behalf of everyone, keep it up, you're on the right track._ Feeling **much** better now? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479#note_1341714432 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 5 08:50:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Apr 2023 06:50:58 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) In-Reply-To: References: Message-ID: Ricky-Tigg commented: _And later_. Well, you lost me for good. Then help did not come to you. And won't come ?for a reason. Nonetheless developers, nothing you can be proud of by leaving one of yours (**assumed**) like that, with trouble to read. Not quite the GNU spirit. But in the meanwhile, i knew what must be done. Here it is: _You_ (that _Andreas Metzler_)_,you did great. Sure you did. And you others, is it not so? Come on, say yes! In short. on behalf of everyone, keep it up, you're on the right track._ Feeling **much** better now? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479#note_1341717005 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 5 09:28:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Apr 2023 07:28:32 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Merge request !1716 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 Project:Branches: ametzler/gnutls:tmp-ametzler-faketime to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 5 09:28:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Apr 2023 07:28:42 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1341764666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 5 09:28:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Apr 2023 07:28:56 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Merge request !1716 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 Project:Branches: ametzler/gnutls:tmp-ametzler-faketime to gnutls/gnutls:master Author: Andreas Metzler -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 5 09:48:44 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Apr 2023 07:48:44 +0000 Subject: [gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479) In-Reply-To: References: Message-ID: Daiki Ueno commented: @Ricky-Tigg I can understand your frustration about the documentation (any concrete suggestions for improvement are always welcome), but the above comment is way too far over the line. If you continue discussing in such a harsh tone naming others, I will have to lock this issue. Let's be respectful to others; [the kind communications guidelines](https://www.gnu.org/philosophy/kind-communication.html) might be a good start. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479#note_1341795213 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 6 00:50:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Apr 2023 22:50:56 +0000 Subject: [gnutls-devel] GnuTLS | Make check fails (#1478) In-Reply-To: References: Message-ID: Ahmed Zaki commented: I tried again with 3.7.9 ``` configure: summary of build options: version: 3.7.9 shared 64:3:34 Host/Target system: x86_64-pc-linux-gnu Build system: x86_64-pc-linux-gnu Install prefix: /usr/local Compiler: gcc Valgrind: no CFlags: -g -O2 Library types: Shared=yes, Static=no Local libtasn1: no Local unistring: yes Use nettle-mini: no Documentation: yes (manpages: yes) configure: External hardware support: /dev/crypto: no AF_ALG support: no Hardware accel: x86-64 Padlock accel: yes Random gen. variant: getrandom PKCS#11 support: yes TPM support: no TPM2 support: auto KTLS support: no configure: TPM2 library: configure: Optional features: (note that included applications might not compile properly if features are disabled) SSL3.0 support: no SSL2.0 client hello: yes Allow SHA1 sign: no DTLS-SRTP support: yes ALPN support: yes OCSP support: yes SRP support: yes PSK support: yes DHE support: yes ECDHE support: yes GOST support: yes Anon auth support: yes Heartbeat support: yes IDNA support: no Non-SuiteB curves: yes FIPS140 mode: no Strict DER time: yes configure: Optional libraries: Guile wrappers: no C++ library: yes DANE library: no OpenSSL compat: no configure: System files: Trust store pkcs11: Trust store dir: Trust store file: /etc/ssl/certs/ca-certificates.crt Blacklist file: CRL file: Configuration file: /etc/gnutls/config DNSSEC root key file: /etc/unbound/root.key configure: WARNING: *** *** The DNSSEC root key file in /etc/unbound/root.key was not found. *** This file is needed for the verification of DNSSEC responses. *** Use the command: unbound-anchor -a "/etc/unbound/root.key" *** to generate or update it. *** ``` ``` ============================================================================ Testsuite summary for GnuTLS 3.7.9 ============================================================================ # TOTAL: 483 # PASS: 3 # SKIP: 28 # XFAIL: 0 # FAIL: 452 # XPASS: 0 # ERROR: 0 ============================================================================ See tests/test-suite.log Please report to bugs at gnutls.org ============================================================================ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1478#note_1343027710 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 6 05:07:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Apr 2023 03:07:10 +0000 Subject: [gnutls-devel] GnuTLS | Make check fails (#1478) In-Reply-To: References: Message-ID: Ahmed Zaki commented: Ok I figured out the problem. It was libnettle.. Even when I specify the location of the libnettle installation using `PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig` when running configure the linking fails to find the library. I had to explicitly set `LD_LIBRARY_PATH` env var to point to where libnettle is installed which fixed the many failures. x509dn test succeeds as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1478#note_1343122073 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 6 08:02:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Apr 2023 06:02:27 +0000 Subject: [gnutls-devel] GnuTLS | Make check fails (#1478) In-Reply-To: References: Message-ID: Andreas Metzler commented: Afaik if the nettle installation location /usr/local/lib64/ is not in your compiler search path then /usr/local/lib64/pkgconfig/{nettle,hogweed}.pc will need to have "-Wl,-rpath -Wl,/usr/local/lib64" in Libs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1478#note_1343335818 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 10 01:40:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 09 Apr 2023 23:40:20 +0000 Subject: [gnutls-devel] GnuTLS | Support reading and writing private keys in PKCS#8 v2 format (#1474) In-Reply-To: References: Message-ID: Ajit commented: @dueno is there any API to export PKCS#8 private key into file?? or any others ways.
what I have been got is that, `pkix.asn` here we have structure for old privatekeyInfo and func `privkey_pkcs8.c:167 encode_to_private_key_info()` here we encoding private keys as pkcs#8. Kinda of been stucked with this, so any kinda of suggestions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1474#note_1346233986 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 10 15:23:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 10 Apr 2023 13:23:07 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 11 00:51:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 10 Apr 2023 22:51:05 +0000 Subject: [gnutls-devel] libtasn1 | Draft: Master (!89) References: Message-ID: Ahmed Zaki created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89 Project:Branches: zaki_ahmed/libtasn1:master to gnutls/libtasn1:master Author: Ahmed Zaki This PR includes three new test cases Test_gnutls.c Test_p11kit_1.c Test_swtpm.c These test cases are extracted from gnutls, p11kit and swtpm respectively. The test cases are automatically extracted from those projects. Prior to adding those test cases coverage in /lib was as follows using 'make check': ``` lines......: 87.6% (2903 of 3313 lines) functions..: 95.0% (96 of 101 functions) branches...: 71.3% (2108 of 2955 branches) ``` After adding these test cases coverage is increased as follows: ``` lines......: 88.0% (2914 of 3313 lines) functions..: 96.0% (97 of 101 functions) branches...: 71.7% (2120 of 2955 branches) ``` * [X] Test suite updated with functionality tests ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 11 01:20:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 10 Apr 2023 23:20:41 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on tests/x509cert.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740#note_1347422873 > > + /* test for gnutls_certificate_set_x509_trust */ > + global_init(); You could just move the above `gnutls_global_deinit()` to the bottom, instead of re-initializing the library. -- Daiki Ueno started a new discussion on tests/x509cert.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740#note_1347422882 > + GNUTLS_X509_FMT_PEM, > + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); > + if (ret < 0 || ret != (int)list_size) { nit: I would write this way: `ret< 0 || (unsigned int)ret != list_size`, as `ret` (`int`) should be safely typecasted to `unsigned int` if it is non-negative. -- Daiki Ueno started a new discussion on tests/x509cert.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740#note_1347422897 > + ret = gnutls_certificate_set_x509_trust(x509_cred, list, list_size); > + if (ret < 0 || ret != (int)list_size) { > + fail("gnutls_certificate_set_x509_trust"); `fail` does not add newline "\n" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 11 04:49:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Apr 2023 02:49:41 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) In-Reply-To: References: Message-ID: All discussions on merge request !1740 were resolved by xuraoqing https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 11 14:33:44 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Apr 2023 12:33:44 +0000 Subject: [gnutls-devel] Guile-GnuTLS | guile: Set record port write wait fd. (!10) References: Message-ID: Christopher Baines created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/10 Project:Branches: cbaines/guile:record-port-write-wait-fd to gnutls/guile:master Author: Christopher Baines This is important for using suspendable ports. * guile/src/core.c (scm_init_gnutls_session_record_port_type): Call scm_set_port_write_wait_fd. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 12 03:41:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Apr 2023 01:41:05 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) In-Reply-To: References: Message-ID: xuraoqing commented: @dueno pipeline fail?it seems faketime command not found?I dont know why it happen? ./../scripts/common.sh: line 106: faketime: command not found Compatibility checks using OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-serv-safe-renegotiation.sh (exit status: 77) FAIL: tls-fuzzer/tls-fuzzer-nocert -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740#note_1349113961 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 12 08:22:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Apr 2023 06:22:33 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740#note_1349289250 The tlsfuzzer test in `fedora-SSL-3.0/test` is known to be flaky; would it help if you retrigger the job? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740#note_1349289250 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 12 11:18:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Apr 2023 09:18:19 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects the correct digital certificate. (#1476) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1476: https://gitlab.com/gnutls/gnutls/-/issues/1476 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 12 11:18:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Apr 2023 09:18:18 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects the correct digital certificate. (#1476) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm closing this as the certificate itself has problems preventing verification (expiration date and missing chain). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1476#note_1349543430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 12 17:25:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Apr 2023 15:25:50 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Savely Krasovsky commented: @adrienberaud how did you solve the problem? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1350171022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 12 18:00:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Apr 2023 16:00:33 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Adrien B?raud commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1350226508 IIRC it was an NDK bug that was fixed by updating the NDK to r25c. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1350226508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 12 18:42:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 12 Apr 2023 16:42:40 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Savely Krasovsky commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1350282477 @adrienberaud It was the latest version in my case. But after updating GnuTLS to 3.7.9 problem solved... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1350282477 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 11:20:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 09:20:21 +0000 Subject: [gnutls-devel] libtasn1 | Master (!89) In-Reply-To: References: Message-ID: Ahmed Zaki marked merge request !89 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 11:55:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 09:55:55 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) In-Reply-To: References: Message-ID: Merge request !1740 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 11:56:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 09:56:03 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) In-Reply-To: References: Message-ID: All discussions on merge request !1740 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 11:56:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 09:56:27 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) In-Reply-To: References: Message-ID: Merge request !1740 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 11:56:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 09:56:37 +0000 Subject: [gnutls-devel] GnuTLS | add test for gnutls_certificate_set_x509_trust (!1740) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1740#note_1351177673 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 13:19:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 11:19:34 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 16:45:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 14:45:54 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738#note_1351717500 > + * UINT8_MAX. > + */ > + ret = gnutls_rnd(GNUTLS_RND_RANDOM, permutation, sizeof(permutation)); why not just `size`? -- Alexander Sosedkin started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738#note_1351717513 > + messages are shuffled. As this behavior may cause compatibility > + issue with legacy applications that do not accept the last > + extension without payload, the behavior can be reverted when the "can be reverted when X" could be read as if X is a necessary, but not sufficient. "can be reverted with %NO_SHUFFLE_EXTENSIONS priority keyword"? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 16:46:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 14:46:42 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738#note_1351719443 > /* Initializing extensions array */ > for (i = 0; i < MAX_EXT_TYPES; i++) { > - shuffled_exts[i] = i; > + indices[i] = i; > } > > - /* ordering dumbfw and pre_shared_key as last extensions */ > - swap_exts(&shuffled_exts[MAX_EXT_TYPES - 2], > - &shuffled_exts[GNUTLS_EXTENSION_DUMBFW]); > - swap_exts(&shuffled_exts[MAX_EXT_TYPES - 1], > - &shuffled_exts[GNUTLS_EXTENSION_PRE_SHARED_KEY]); > - > - if (session->internals.priorities->no_exts_shuffle == 1) > - goto next; > + if (!session->internals.priorities->no_shuffle_extensions) { > + /* Ordering padding and pre_shared_key as last extensions */ Do we really need to explicitly put them at the very end, or can we just leave them in place and sort from 0 to GNUTLS_EXTENSION_MAX - 2 - 1 (alternatively, GNUTLS_EXTENSION_DUMBFW - 1)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738#note_1351719443 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 13 17:59:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 15:59:49 +0000 Subject: [gnutls-devel] libtasn1 | Master (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented: Hi @jas, Would you be able to help me to debug the reason for the pipeline failure and how to fix it? I am struggling a bit to identify the reason for the failure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1351851087 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 14 01:28:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Apr 2023 23:28:13 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/hello_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738#note_1352287369 > /* Initializing extensions array */ > for (i = 0; i < MAX_EXT_TYPES; i++) { > - shuffled_exts[i] = i; > + indices[i] = i; > } > > - /* ordering dumbfw and pre_shared_key as last extensions */ > - swap_exts(&shuffled_exts[MAX_EXT_TYPES - 2], > - &shuffled_exts[GNUTLS_EXTENSION_DUMBFW]); > - swap_exts(&shuffled_exts[MAX_EXT_TYPES - 1], > - &shuffled_exts[GNUTLS_EXTENSION_PRE_SHARED_KEY]); > - > - if (session->internals.priorities->no_exts_shuffle == 1) > - goto next; > + if (!session->internals.priorities->no_shuffle_extensions) { > + /* Ordering padding and pre_shared_key as last extensions */ It needs to be done that way, because the extension array is supposed to be sparse so user-defined extensions can be inserted with `gnutls_ext_register`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738#note_1352287369 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 14 18:51:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Apr 2023 16:51:41 +0000 Subject: [gnutls-devel] libtasn1 | Contributing test cases to libtasn1 (#44) In-Reply-To: References: Message-ID: Ahmed Zaki commented: @jas I have the merge request up but I am struggling to figure out whats the code formatting style to use. It seems the pipelines is breaking on that. I tried `make indent` but still it's breaking on Debian. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/44#note_1353359920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 14 19:27:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Apr 2023 17:27:21 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Andreas Metzler commented: Hello Ahmed, looks like a indent error. Afaict the commited version (tested bb95a4f286e4c4453a81c9a67539b6fc5969cc31 ) has not been run through `make indent` since installing GNU indent and running make indent changes the files ~~~ (sid)ametzler at argenau:/tmp/TA/libtasn1$ git status On branch master Your branch is up to date with 'origin/master'. Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git restore ..." to discard changes in working directory) modified: tests/Test_gnutls.c modified: tests/Test_p11kit_1.c modified: tests/Test_swtpm.c [...] (sid)ametzler at argenau:/tmp/TA/libtasn1$ git diff diff --git a/tests/Test_gnutls.c b/tests/Test_gnutls.c index 221fb52..a7e0def 100644 --- a/tests/Test_gnutls.c +++ b/tests/Test_gnutls.c @@ -628,53 +628,55 @@ const asn1_static_node gnutls_asn1_tab[] = { {"GNUTLS", 536872976, NULL}, {NULL, 0, NULL} }; -static int _gnutls_global_init() +static int +_gnutls_global_init () { - int res; + int res; [...] ~~~ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353426060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 14 19:31:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Apr 2023 17:31:37 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented: Thank you @ametzler ! I have run it through `make indent` now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353434067 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 14 19:40:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Apr 2023 17:40:26 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented: @ametzler I am still getting a failure even after running `make indent` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353450780 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 15 07:09:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Apr 2023 05:09:01 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Andreas Metzler commented: Still seeing changes after `make indent` with 1f009b5 : ~~~ (sid)ametzler at argenau:/tmp/TA/libtasn1$ git reset --hard HEAD is now at 1f009b5 running make indent (sid)ametzler at argenau:/tmp/TA/libtasn1$ git status On branch master Your branch is up to date with 'origin/master'. nothing to commit, working tree clean (sid)ametzler at argenau:/tmp/TA/libtasn1$ make indent indent -ppi 1 $(./build-aux/vc-list-files -C . | /usr/bin/sed 's|^\./||' | if test -f ./.x-indent; then /usr/bin/grep -vEf ./.x-indent; else /usr/bin/grep -Ev -e "${VC_LIST_EXCEPT_DEFAULT-ChangeLog}"; fi | /usr/bin/grep -Ev -e '(^(maint.mk|gtk-doc.make|build-aux/.*|lib/gl/.*|lib/ASN1\.c|m4/pkg.m4|doc/gdoc|windows/.*|doc/fdl-1.3.texi|fuzz/.*_fuzzer.(in|repro)/.*)$|^$)' | grep '\.[ch]\(.in\)\?$') && \ indent -ppi 1 $(./build-aux/vc-list-files -C . | /usr/bin/sed 's|^\./||' | if test -f ./.x-indent; then /usr/bin/grep -vEf ./.x-indent; else /usr/bin/grep -Ev -e "${VC_LIST_EXCEPT_DEFAULT-ChangeLog}"; fi | /usr/bin/grep -Ev -e '(^(maint.mk|gtk-doc.make|build-aux/.*|lib/gl/.*|lib/ASN1\.c|m4/pkg.m4|doc/gdoc|windows/.*|doc/fdl-1.3.texi|fuzz/.*_fuzzer.(in|repro)/.*)$|^$)' | grep '\.[ch]\(.in\)\?$') (sid)ametzler at argenau:/tmp/TA/libtasn1$ git status On branch master Your branch is up to date with 'origin/master'. Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git restore ..." to discard changes in working directory) modified: tests/Test_p11kit_1.c ~~~ [still.diff.txt](/uploads/208b6d1c2c21c882c80ab1ba5aba2cb5/still.diff.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353939213 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 15 07:37:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Apr 2023 05:37:16 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented: Thanks @ametzler . Can you let me know which version of indent are you using or using in the CI? I tried now version 2.2.13 in 5d2c33dd . -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353943268 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 15 07:43:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Apr 2023 05:43:38 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Andreas Metzler commented: (sid)ametzler at argenau:/tmp/TA/libtasn1$ indent --version GNU indent 2.2.12 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353943941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 15 07:55:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Apr 2023 05:55:04 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Andreas Metzler commented: Do you have some local indent config in $HOME/.indent.pro? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353946375 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 15 07:58:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Apr 2023 05:58:30 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented: I don't no. I think it was the version indeed. Using version 2.2.12 seems to have fixed the pipeline in e748ab33 , using 2.2.13 didn't work. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353947197 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 15 09:55:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Apr 2023 07:55:56 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented: So I believe the merge request is ready now and the only failing test is the same one that is failing for the main line pipeline. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1353973877 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 15 13:29:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Apr 2023 11:29:48 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1354026693 Ahmed Zaki @zaki_ahmed wrote > I don't no. I think it was the version indeed. Using version 2.2.12 seems to have fixed the pipeline in e748ab33 , using 2.2.13 didn't work. FWIW this sent me investigating, I tried re-indenting with the amd64 binaries available on snapshot.debian.org and a local build of 2.2.13: Indent output for 2.2.9, 2.2.10 and 2.2.11 is identical, but different from 2.2.12, 2.2.13 is differrent again, offering a third variant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1354026693 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 16 20:39:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 16 Apr 2023 18:39:21 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: All discussions on merge request !89 were resolved by Ahmed Zaki https://gitlab.com/gnutls/libtasn1/-/merge_requests/89 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 18 13:43:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Apr 2023 11:43:05 +0000 Subject: [gnutls-devel] GnuTLS | `The certificate issuer is unknown.` despite certificate being present (#1455) In-Reply-To: References: Message-ID: Paul Menzel commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1356934166 Sorry for nagging, but is there a 3.7.10 and 3.8.2 release planned? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1455#note_1356934166 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 20 09:29:45 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Apr 2023 07:29:45 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: David Woodhouse commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1359928521 What is GnuTLS doing to trigger this issue? I'm not really happy with having to build the Android version of OpenConnect with a development branch instead of 3.8 as the workaround... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1359928521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 20 16:01:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Apr 2023 14:01:17 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: All discussions on merge request !1738 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 20 16:12:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Apr 2023 14:12:19 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: Merge request !1738 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 Project:Branches: dueno/gnutls:wip/dueno/shuffle-exts-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 20 16:23:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Apr 2023 14:23:41 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: Merge request !1738 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 Project:Branches: dueno/gnutls:wip/dueno/shuffle-exts-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 20 16:23:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Apr 2023 14:23:56 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738#note_1360736496 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 21 03:44:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Apr 2023 01:44:42 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented: Hi @ametzler and @jas, Do you think this PR is good to merge ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1361467323 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 21 09:09:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Apr 2023 07:09:19 +0000 Subject: [gnutls-devel] GnuTLS | doc: mention ClientHello extensions shuffling (!1738) In-Reply-To: References: Message-ID: Merge request !1738 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 Project:Branches: dueno/gnutls:wip/dueno/shuffle-exts-followup to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 24 05:47:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Apr 2023 03:47:05 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: All discussions on merge request !1727 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 24 05:47:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Apr 2023 03:47:15 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: Merge request !1727 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 Project:Branches: dueno/gnutls:wip/dueno/clang-format to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 24 17:14:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Apr 2023 15:14:35 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: Merge request !1727 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 Project:Branches: dueno/gnutls:wip/dueno/clang-format to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 24 18:22:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Apr 2023 16:22:13 +0000 Subject: [gnutls-devel] GnuTLS | ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short writes (!1723) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723#note_1364872945 I see the following pattern in our examples (copy-pasted from doc/examples/ex-client-anon.c): ```c #define LOOP_CHECK(rval, cmd) \ do { \ rval = cmd; \ } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \ assert(rval >= 0) ... LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); ``` Do I understand correctly that 1. as short writes used to return GNUTLS_E_INTERRUPTED/AGAIN even if something is written, our examples used to be incorrect when KTLS is used because they over-sent on interruption? 2. as short writes started suppressing GNUTLS_E_INTERRUPTED/AGAIN and reporting a partial write, our examples became uniformly incorrect with and without KTLS, because now they're going to under-send on interruption? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723#note_1364872945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 24 18:54:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Apr 2023 16:54:28 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730#note_1364982434 > if (info == NULL) > return NULL; > > - if (info->username[0] != 0 To me, it looks like we've lost a check that `info->username` is not an empty string (`if ('\0` && ...)` -> `if (!NULL && !NULL)`). Is that the case? acceptable? intended? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730#note_1364982434 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 25 16:29:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Apr 2023 14:29:31 +0000 Subject: [gnutls-devel] GnuTLS | Support ECH (#595) In-Reply-To: References: Message-ID: Hans-Christoph Steiner commented: https://gitlab.com/gnutls/gnutls/-/issues/595#note_1366946128 As part of https://defo.ie, we're working to help push ECH forward. We're happy to discuss ECH in detail, as needed. We're in the process of finalizing the HPKE code for OpenSSL, for example. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/595#note_1366946128 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 25 22:33:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Apr 2023 20:33:00 +0000 Subject: [gnutls-devel] GnuTLS | C++ doc example does not compile if gnulib overrides the "write" function on mingw (#1480) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1480 Hello, Mingw does not have a "write" function, but it has a "_write" function. Gnulib is smart: it defines the "write" macro as "_write" on mingw. The only problem is, the C++ STL defines a method in std::ostream, named "write". Since "write" is a macro, now some C++ code somewhere is compiled as a call to std::ostream::_write, which does not exist. The only solution I see is to use a C++ namespace for gnulib: https://www.gnu.org/software/gnulib/manual/html_node/A-C_002b_002b-namespace-for-gnulib.html This is for doc/examples/ex-cxx.cpp -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1480 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 25 22:42:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Apr 2023 20:42:05 +0000 Subject: [gnutls-devel] GnuTLS | Makefile for doc/examples has wrong arguments to find gnulib (#1481) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1481 Hello, doc/examples/Makefile.am looks for gnulib in ?/src/gl instead of ?/gl. This breaks mingw builds. Best regards, Vivien -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1481 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 25 22:46:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Apr 2023 20:46:30 +0000 Subject: [gnutls-devel] GnuTLS | (sorry I misread) (#1481) In-Reply-To: References: Message-ID: Issue was closed by Vivien Kraus Would Rather Not Be On Gitlab_com Issue #1481: https://gitlab.com/gnutls/gnutls/-/issues/1481 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1481 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 26 10:44:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Apr 2023 08:44:51 +0000 Subject: [gnutls-devel] GnuTLS | C++ doc example does not compile if gnulib overrides the "write" function on mingw (#1480) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1480#note_1368196625 Thank you for the report and the suggestion. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1480#note_1368196625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 26 10:44:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Apr 2023 08:44:51 +0000 Subject: [gnutls-devel] GnuTLS | C++ doc example does not compile if gnulib overrides the "write" function on mingw (#1480) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1480 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 26 10:50:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Apr 2023 08:50:49 +0000 Subject: [gnutls-devel] GnuTLS | need configurable echo server inactivity timeout (#1471) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 26 10:51:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Apr 2023 08:51:10 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 26 10:51:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Apr 2023 08:51:26 +0000 Subject: [gnutls-devel] GnuTLS | Inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier (#1468) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1468 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 26 10:52:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Apr 2023 08:52:02 +0000 Subject: [gnutls-devel] GnuTLS | kTLS gets desynchronised when sending (in gnutls_record_send) (#1470) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1470 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 26 10:55:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Apr 2023 08:55:50 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 28 23:36:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Apr 2023 21:36:19 +0000 Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket authentication algorithm (#1482) References: Message-ID: Michael Catanzaro created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1482 [This paper](https://www.usenix.org/conference/usenixsecurity23/presentation/hebrok) in section 4 recommends that GnuTLS switch the authentication algorithm used for session tickets from HMAC-SHA1 to HMAC-SHA-256. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: