From gnutls-devel at lists.gnutls.org Fri Dec 1 00:33:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Nov 2023 23:33:17 +0000 Subject: [gnutls-devel] GnuTLS | Regression in certtool handling Ed25519 keys from PKCS#11 in 3.8.2 (#1515) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1674597616 Writing a new shell script test (like tests/pkcs11/p11-kit-load.sh) using different tool sounds like a good idea. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1674597616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 1 00:34:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Nov 2023 23:34:55 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: Unbreak importing EdDSA keys with curve name in parameters (!1795) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/pubkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795#note_1674598490 > -gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters, > - gnutls_ecc_curve_t *outcurve) > +int gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters, nit: if we expose this as an internal function used across multiple modules, I would prefix it with `_gnutls` so it is obvious. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 1 09:08:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Dec 2023 08:08:01 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: Unbreak importing EdDSA keys with curve name in parameters (!1795) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795#note_1674902077 As for testing, it might be sufficient to have a unit test around `_gnutls_pubkey_parse_ecc_eddsa_params`, against some fixture CKA_EC_PARAMS attributes either manually crafted or captured with PKCS11Spy. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795#note_1674902077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 1 20:08:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Dec 2023 19:08:40 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: Unbreak importing EdDSA keys with curve name in parameters (!1795) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 was reviewed by Jakub Jelen -- Jakub Jelen commented on a discussion on lib/pubkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795#note_1676036312 > -gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters, > - gnutls_ecc_curve_t *outcurve) > +int gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters, Changed. Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 1 20:08:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Dec 2023 19:08:39 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: Unbreak importing EdDSA keys with curve name in parameters (!1795) In-Reply-To: References: Message-ID: All discussions on merge request !1795 were resolved by Jakub Jelen https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 1 23:07:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Dec 2023 22:07:38 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: Unbreak importing EdDSA keys with curve name in parameters (!1795) In-Reply-To: References: Message-ID: Merge request !1795 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 Project:Branches: jjelen/gnutls:eddsa-fix to gnutls/gnutls:master Author: Jakub Jelen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 1 23:07:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Dec 2023 22:07:13 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: Unbreak importing EdDSA keys with curve name in parameters (!1795) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795#note_1676207550 Thank you so much for this! After installing opensc in the base image, the new test also works. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795#note_1676207550 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 1 23:07:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Dec 2023 22:07:17 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: Unbreak importing EdDSA keys with curve name in parameters (!1795) In-Reply-To: References: Message-ID: Merge request !1795 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 Project:Branches: jjelen/gnutls:eddsa-fix to gnutls/gnutls:master Author: Jakub Jelen Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 1 23:07:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Dec 2023 22:07:39 +0000 Subject: [gnutls-devel] GnuTLS | Regression in certtool handling Ed25519 keys from PKCS#11 in 3.8.2 (#1515) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1795 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1795) Issue #1515: https://gitlab.com/gnutls/gnutls/-/issues/1515 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 2 14:32:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 02 Dec 2023 13:32:04 +0000 Subject: [gnutls-devel] web-pages | GnuTLS 3.8.2 signed with expired key (#6) In-Reply-To: References: Message-ID: Tim R?hsen commented: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1676590152 > I note that Tim's certificate (1CB27DBC98614B2D5841646D08302DB6A2670428) appears to be actually expired. Hm, that key should not be expired. At least it's not expired locally ``` sec rsa4096 2014-06-26 [SC] 1CB2 7DBC 9861 4B2D 5841 646D 0830 2DB6 A267 0428 uid [ultimate] Tim R?hsen ssb rsa4096 2014-06-26 [E] ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1676590152 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 04:00:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 03:00:36 +0000 Subject: [gnutls-devel] GnuTLS | specify osstatus_error takes in an OSStatus as its first argument (!1794) In-Reply-To: References: Message-ID: Mark Harfouche commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794#note_1677073345 thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794#note_1677073345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 09:12:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 08:12:53 +0000 Subject: [gnutls-devel] libtasn1 | Fix codespell typos. (!93) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/93 Project:Branches: jas/libtasn1:jas/new-codespell-fixes to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/93 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 09:18:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 08:18:12 +0000 Subject: [gnutls-devel] libtasn1 | BIT STRING input to asn1_der_coding producing incorrect result (#47) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/issues/47#note_1677316869 While I think the assignment file in the original report is incorrect, there may be some problem with BIT STRING encodings: ``` jas at kaka:~$ cat foo MYEXAMPLE { } DEFINITIONS IMPLICIT TAGS ::= BEGIN mySeq ::= SEQUENCE { myBit BIT STRING } END jas at kaka:~$ cat bar dp MYEXAMPLE.mySeq myBit 01001100 jas at kaka:~$ asn1Coding foo bar Parse: done. var=dp, value=MYEXAMPLE.mySeq var=myBit, value=01001100 name:NULL type:SEQUENCE name:myBit type:BIT_STR value(8):30 Coding: SUCCESS ----------------- Number of bytes=6 30 04 03 02 00 30 ----------------- OutputFile=bar.out Writing: done. jas at kaka:~$ dumpasn1 bar.out 0 4: SEQUENCE { 2 2: BIT STRING : '00001100'B : Error: Spurious zero bits in bitstring. : } 0 warnings, 1 error. jas at kaka:~$ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/47#note_1677316869 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 09:36:45 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 08:36:45 +0000 Subject: [gnutls-devel] libtasn1 | Fix codespell typos. (!93) In-Reply-To: References: Message-ID: Merge request !93 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/93 Project:Branches: jas/libtasn1:jas/new-codespell-fixes to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/93 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 10:35:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 09:35:03 +0000 Subject: [gnutls-devel] libtasn1 | Update gnulib submodule. (!94) In-Reply-To: References: Message-ID: Merge request !94 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/94 Project:Branches: jas/libtasn1:jas/update-gnulib to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/94 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 10:34:46 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 09:34:46 +0000 Subject: [gnutls-devel] libtasn1 | Update gnulib submodule. (!94) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/94 Project:Branches: jas/libtasn1:jas/update-gnulib to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/94 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 17:08:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 16:08:18 +0000 Subject: [gnutls-devel] web-pages | update OpenPGP release certificates, publishing minimal versions of each cert (Closes #6) (!10) References: Message-ID: Daniel Kahn Gillmor created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/10 Project:Branches: dkg/gnutls-web-pages:fix-openpgp-certs to gnutls/web-pages:master Author: Daniel Kahn Gillmor closes: #6 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 17:17:46 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 16:17:46 +0000 Subject: [gnutls-devel] web-pages | GnuTLS 3.8.2 signed with expired key (#6) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented on a discussion: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1678259737 ah, i just got an updated copy of Tim's key from keyserver.ubuntu.com (it's not published on `keys.openpgp.org`) Please see !10, which i think would resolve this issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1678259737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 4 20:57:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Dec 2023 19:57:33 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Add experimental support for post-quantum algorithms in X.509 certificates (!1786) In-Reply-To: References: Message-ID: David Dudas marked merge request !1786 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1786 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 5 14:54:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Dec 2023 13:54:49 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Add experimental support for post-quantum algorithms in X.509 certificates (!1786) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1786#note_1679967927 Hello David, FYI I proposed an idea on making liboqs agnostic to crypto libs at https://github.com/open-quantum-safe/liboqs/issues/1599 (also a draft PR at https://github.com/open-quantum-safe/liboqs/pull/1603). Perhaps we could go with that direction in the long run. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1786#note_1679967927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 7 11:32:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 07 Dec 2023 10:32:37 +0000 Subject: [gnutls-devel] GnuTLS | Draft: DTLS1_3-client (!1667) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1667 was reviewed by Franti?ek Kren?elok -- Franti?ek Kren?elok started a new discussion on lib/dtls13.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1667#note_1683692410 > + > + exp_sn = params->read.sequence_number; > + for (uint64_t sn = exp_sn; sn < exp_sn + DTLS_SEQ_NUM_LIM; sn++) { @FrantisekKrenzelok Note to self: rewrite... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1667 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 7 20:41:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 07 Dec 2023 19:41:25 +0000 Subject: [gnutls-devel] GnuTLS | Integrate test vectors from Project Wycheproof (#1475) In-Reply-To: References: Message-ID: Anshul Singh commented: https://gitlab.com/gnutls/gnutls/-/issues/1475#note_1684888482 @dueno Is this issue active? I want to try working on it so can I get it assigned to me? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1475#note_1684888482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 7 23:52:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 07 Dec 2023 22:52:49 +0000 Subject: [gnutls-devel] GnuTLS | Integrate test vectors from Project Wycheproof (#1475) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1475#note_1685080077 @levihackerman-102 I think it's open; a couple of people showed interest in the past, though I have seen no actual implementation started. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1475#note_1685080077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 8 07:50:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Dec 2023 06:50:52 +0000 Subject: [gnutls-devel] GnuTLS | Integrate test vectors from Project Wycheproof (#1475) In-Reply-To: References: Message-ID: Anshul Singh commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1475#note_1685483855 Oh ok, I'll start working on it. Could you explain a bit more about the issue? I've setup the dev environment. I'm also reading the docs for both. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1475#note_1685483855 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 8 16:56:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Dec 2023 15:56:13 +0000 Subject: [gnutls-devel] GnuTLS | aarch64/armv8 assembler files not supporting PAC/BTI (#1517) References: Message-ID: ggardet1 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1517 ## Description of problem: On aarch64/arm64, when we build with gcc13 and `-mbranch-protection=standard` to enable Pointer Authentication (PAC) and Branch Target Identification (BTI), the final link disable them, because some assembler code do not support PAC and BTI. The following warning message shows the issue: ``` [ 161s] /usr/lib64/gcc/aarch64-suse-linux/13/../../../../aarch64-suse-linux/bin/ld: accelerated/.libs/libaccelerated.a(aes-aarch64.o): warning: BTI turned on by -z force-bti when all inputs do not have BTI in NOTE section. [ 161s] /usr/lib64/gcc/aarch64-suse-linux/13/../../../../aarch64-suse-linux/bin/ld: accelerated/.libs/libaccelerated.a(ghash-aarch64.o): warning: BTI turned on by -z force-bti when all inputs do not have BTI in NOTE section. [ 161s] /usr/lib64/gcc/aarch64-suse-linux/13/../../../../aarch64-suse-linux/bin/ld: accelerated/.libs/libaccelerated.a(sha1-armv8.o): warning: BTI turned on by -z force-bti when all inputs do not have BTI in NOTE section. [ 161s] /usr/lib64/gcc/aarch64-suse-linux/13/../../../../aarch64-suse-linux/bin/ld: accelerated/.libs/libaccelerated.a(sha256-armv8.o): warning: BTI turned on by -z force-bti when all inputs do not have BTI in NOTE section. [ 161s] /usr/lib64/gcc/aarch64-suse-linux/13/../../../../aarch64-suse-linux/bin/ld: accelerated/.libs/libaccelerated.a(sha512-armv8.o): warning: BTI turned on by -z force-bti when all inputs do not have BTI in NOTE section. ``` Note: To show this message you need to also pass the `-z force-bti` ldflag. This point to assembler files: ``` [ 135s] libtool: compile: gcc -Wa,-march=all -mbranch-protection=standard -O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g -c elf/aes-aarch64.s -fPIC -DPIC -o elf/.libs/aes-aarch64.o [ 135s] libtool: compile: gcc -Wa,-march=all -mbranch-protection=standard -O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g -c elf/ghash-aarch64.s -fPIC -DPIC -o elf/.libs/ghash-aarch64.o [ 135s] libtool: compile: gcc -Wa,-march=all -mbranch-protection=standard -O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g -c elf/sha1-armv8.s -fPIC -DPIC -o elf/.libs/sha1-armv8.o [ 135s] libtool: compile: gcc -Wa,-march=all -mbranch-protection=standard -O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g -c elf/sha256-armv8.s -fPIC -DPIC -o elf/.libs/sha256-armv8.o [ 135s] libtool: compile: gcc -Wa,-march=all -mbranch-protection=standard -O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g -c elf/sha512-armv8.s -fPIC -DPIC -o elf/.libs/sha512-armv8.o ``` This is a matter to add `paciasp`/`autiasp` in start/end of functions for PAC and `BTI C` (or `hint #34`) as landing pad on branches for BTI. More information on : * PAC: https://developer.arm.com/documentation/102433/0100/Return-oriented-programming * BTI: https://developer.arm.com/documentation/102433/0100/Jump-oriented-programming ## Version of gnutls used: 3.8.2 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) openSUSE Tumbleweed ## How reproducible: Build on aarch64 with `-mbranch-protection=standard` and `-z force-bti`. ## Actual results: BTI disabled at link time. ## Expected results: BIT should be supported. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1517 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 11 20:51:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Dec 2023 19:51:02 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Add experimental support for post-quantum algorithms in X.509 certificates (!1786) In-Reply-To: References: Message-ID: David Dudas commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1786#note_1689339624 Hello, Thank you, @dueno, for update. In the latest commit, I've implemented the short-term solution by dynamically loading liboqs using dlopen. I've tried to create a whole new layer between liboqs and gnutls pqc code, so in the pqc.h and pqc.c, I've defined some new macros, pqc init/deinit functions and the other pqc related functions that are initialized with dlsym. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1786#note_1689339624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 09:29:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 08:29:16 +0000 Subject: [gnutls-devel] GnuTLS | ABI compatibility of 3.8.2 (#1518) References: Message-ID: xiacunshun created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1518 Hello, I noticed that `allow_wrong_pms` of `struct internals_st` has been removed. But `gnutls_alert_send` uses `session->internals.alert_read_func` which may has wrong address when apps linked with old library. I am not sure is it an ABI compatibility problem? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1518 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 10:54:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 09:54:18 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Add experimental support for post-quantum algorithms in X.509 certificates (!1786) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1786#note_1690131605 According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000303 it isn't clear when/if liboqs is going to be a stable library suitable as a dependency. So I think depending on liboqs is fine for testing purposes, but if we include anything it should be done via Nettle, or some other light weight crypto library, or by including a reference implementation in GnuTLS (similar how OpenSSH includes some crypto code for non-standard stuff). I think the Nettle route would be the best. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1786#note_1690131605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 11:31:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 10:31:02 +0000 Subject: [gnutls-devel] GnuTLS | ABI compatibility of 3.8.2 (#1518) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1518#note_1690199069 No, `struct internals_st` is an internal structure defined in a private header file (gnutls_int.h) and thus no members are directly accessible. For example `session->internals.alert_read_func` can only be set using `gnutls_alert_set_read_function`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1518#note_1690199069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 11:32:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 10:32:51 +0000 Subject: [gnutls-devel] GnuTLS | aarch64/armv8 assembler files not supporting PAC/BTI (#1517) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.3 (Oct 23, 2023?Dec 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/41 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1517 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 11:40:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 10:40:17 +0000 Subject: [gnutls-devel] GnuTLS | Integrate test vectors from Project Wycheproof (#1475) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1475#note_1690214181 I haven't done much research into it, but I would probably start with looking at the testvectors they provide, e.g., [ecdh_secp256r1_test.json](https://github.com/google/wycheproof/blob/master/testvectors/ecdh_secp256r1_test.json), write a small test program using GnuTLS in C, and then create a Python script that reads the JSON file and calls the test program with necessary arguments. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1475#note_1690214181 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 13:21:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 12:21:49 +0000 Subject: [gnutls-devel] GnuTLS | cli: fix --ca-auto-retrieve crash when no caIssuer is present in AIA (!1792) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.3 (Oct 23, 2023?Dec 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/41 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 13:51:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 12:51:55 +0000 Subject: [gnutls-devel] GnuTLS | ABI compatibility of 3.8.2 (#1518) In-Reply-To: References: Message-ID: xiacunshun commented: https://gitlab.com/gnutls/gnutls/-/issues/1518#note_1690436437 So I found that the gnutls_session_t structure is also defined in a private header file, and only declared in a public header file. This means that even for applications compiled based on the old library, when linking to the new library, they still initialize and use the structure through the methods provided by the library. Therefore, there is no ABI compatibility issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1518#note_1690436437 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 14:15:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 13:15:04 +0000 Subject: [gnutls-devel] GnuTLS | ABI compatibility of 3.8.2 (#1518) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich Issue #1518: https://gitlab.com/gnutls/gnutls/-/issues/1518 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1518 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 15:03:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 14:03:18 +0000 Subject: [gnutls-devel] GnuTLS | cli: fix --ca-auto-retrieve crash when no caIssuer is present in AIA (!1792) In-Reply-To: References: Message-ID: Merge request !1792 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792 Project:Branches: dueno/gnutls:wip/dueno/cli-aia-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 15:03:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 14:03:01 +0000 Subject: [gnutls-devel] GnuTLS | cli: fix --ca-auto-retrieve crash when no caIssuer is present in AIA (!1792) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792#note_1690556498 Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792#note_1690556498 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 15:29:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 14:29:13 +0000 Subject: [gnutls-devel] GnuTLS | cli: fix --ca-auto-retrieve crash when no caIssuer is present in AIA (!1792) In-Reply-To: References: Message-ID: Merge request !1792 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792 Project:Branches: dueno/gnutls:wip/dueno/cli-aia-fixes to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 16:33:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 15:33:10 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793#note_1690729936 Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793#note_1690729936 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 16:33:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 15:33:18 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: Merge request !1793 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 Project:Branches: dueno/gnutls:wip/dueno/ktls-utsname to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 16:33:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 15:33:25 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.3 (Oct 23, 2023?Dec 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/41 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 12 16:33:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Dec 2023 15:33:11 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: All discussions on merge request !1793 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 13 16:42:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 13 Dec 2023 15:42:02 +0000 Subject: [gnutls-devel] web-pages | GnuTLS 3.8.2 signed with expired key (#6) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1692883843 Meanwhile I uploaded my key to `keys.openpgp.org`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1692883843 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 15 10:17:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 15 Dec 2023 09:17:42 +0000 Subject: [gnutls-devel] web-pages | update OpenPGP release certificates, publishing minimal versions of each cert (Closes #6) (!10) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/web-pages/-/merge_requests/10#note_1696009441 Thank you for this; looks good to me. By the way Zoltan's key is about to expire in a week. @ZoltanFridrich could you update it? Meanwhile I'm merging this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/10#note_1696009441 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 15 10:17:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 15 Dec 2023 09:17:50 +0000 Subject: [gnutls-devel] web-pages | update OpenPGP release certificates, publishing minimal versions of each cert (Closes #6) (!10) In-Reply-To: References: Message-ID: Merge request !10 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/10 Project:Branches: dkg/gnutls-web-pages:fix-openpgp-certs to gnutls/web-pages:master Author: Daniel Kahn Gillmor -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 15 10:17:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 15 Dec 2023 09:17:50 +0000 Subject: [gnutls-devel] web-pages | GnuTLS 3.8.2 signed with expired key (#6) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !10 (https://gitlab.com/gnutls/web-pages/-/merge_requests/10) Issue #6: https://gitlab.com/gnutls/web-pages/-/issues/6 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 27 06:51:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Dec 2023 05:51:06 +0000 Subject: [gnutls-devel] GnuTLS | Modernize web-pages infrastructure (#1519) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1519 Our web pages are generated using WML, which is a good tool but has the following drawbacks: - The tool is not available in many [distributions](https://repology.org/project/wml/versions) - It is not trivial to integrate paginated, blog-like information It would be nice if we could migrate to a modern static site generator, such as [Nikola](https://getnikola.com/) or [Jekyll](https://jekyllrb.com/). A couple of tricky things I can think of are: - The current permalinks (e.g., links to security advisories) should continue working - We probably should avoid non-free JavaScript -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 29 06:45:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Dec 2023 05:45:52 +0000 Subject: [gnutls-devel] GnuTLS | Modernize web-pages infrastructure (#1519) In-Reply-To: References: Message-ID: Abhinav Srivastava commented: https://gitlab.com/gnutls/gnutls/-/issues/1519#note_1709479323 I've loved using Hugo, which has some flexibility on how we want the UI to look like, and support for markdown + katex etc. I love Jekyll, but I find Hugo to be closer to WML in terms of how we structure a website. Would you be open to using Hugo or is Jekyll/Nikola preferred choice for now? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1519#note_1709479323 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 31 03:04:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 31 Dec 2023 02:04:29 +0000 Subject: [gnutls-devel] GnuTLS | Modernize web-pages infrastructure (#1519) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1519#note_1710284504 Yes, Hugo would also be a possibility. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1519#note_1710284504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: