From gnutls-devel at lists.gnutls.org Thu Jun 1 16:12:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 01 Jun 2023 14:12:17 +0000 Subject: [gnutls-devel] GnuTLS | tests: update tests/suite/ciphersuite after a96b04ff (!1745) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1745 Project:Branches: dueno/gnutls:wip/dueno/test-ciphersuites to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 3 13:33:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 03 Jun 2023 11:33:53 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Bump manpage copyright year (!1746) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746 Project:Branches: ametzler/gnutls:tmp-ametzler-2023-manpage-copyright-year to gnutls/gnutls:master Author: Andreas Metzler Manpages still say "Copyright (C) 2020-2021", fix this. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 4 09:10:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Jun 2023 07:10:53 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Bump manpage copyright year (!1746) In-Reply-To: References: Message-ID: Merge request !1746 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746 Project:Branches: ametzler/gnutls:tmp-ametzler-2023-manpage-copyright-year to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 4 13:37:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Jun 2023 11:37:01 +0000 Subject: [gnutls-devel] GnuTLS | Bump manpage copyright year (!1746) In-Reply-To: References: Message-ID: Andreas Metzler marked merge request !1746 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 4 13:37:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 04 Jun 2023 11:37:24 +0000 Subject: [gnutls-devel] GnuTLS | Bump manpage copyright year (!1746) In-Reply-To: References: Message-ID: Merge request !1746 was scheduled to merge after pipeline succeeds by Andreas Metzler Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746 Project:Branches: ametzler/gnutls:tmp-ametzler-2023-manpage-copyright-year to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 5 05:56:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 05 Jun 2023 03:56:55 +0000 Subject: [gnutls-devel] GnuTLS | Problems related to the suite after the fips mode is turned off (#1485) References: Message-ID: wang cheng created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1485 ## Description of problem: The fips mode of the system will generate /etc/system-fips and /proc/sys/crypto/fips_enabled files. Gnutls will use these two files to handle fips-related tasks in global init. But there is a bug in _gnutls_global_init: ``` #ifdef ENABLE_FIPS140 res = _gnutls_fips_mode_enabled(); /* res == 1 -> fips140-2 mode enabled * res == 2 -> only self checks performed - but no failure * res == not in fips140 mode */ if (res != 0) { _gnutls_debug_log("FIPS140-2 mode: %d\n", res); _gnutls_priority_update_fips(); /* first round of self checks, these are done on the * nettle algorithms which are used internally */ ret = _gnutls_fips_perform_self_checks1(); if (res != 2) { if (ret < 0) { gnutls_assert(); goto out; } } } #endif ``` When the system disables fips mode, the result of `_gnutls_fips_mode_enabled` function is res=2. As mentioned in the above code, only self checks will perform when res=2. But `_gnu_tls_priority update fips` is called, which caused the changing of algorithm suite selection. This is inconsistent with actual fips status. So a if syntax should be added before the `_gnutls_priority_update_fips` function. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1485 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 07:25:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 05:25:56 +0000 Subject: [gnutls-devel] GnuTLS | Bump manpage copyright year (!1746) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746#note_1419256204 Looks like some infrastructure issue, as I see this in the log `RuntimeError: GCOV returncode was 3.` Let me bump the base image to Fedora 38. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1746#note_1419256204 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 09:32:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 07:32:20 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 38 images (!1747) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747 Project:Branches: dueno/gnutls:wip/dueno/ci-fedora38 to gnutls/gnutls:master Author: Daiki Ueno This updates the base CI image from Fedora 37 to Fedora 38. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 15:15:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 13:15:02 +0000 Subject: [gnutls-devel] GnuTLS | Support for ECH (encrypted client hello) (!1748) References: Message-ID: Ajit Singh created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748 Project:Branches: peonix/gnutls:ech_ext to gnutls/gnutls:ech Author: Ajit Singh This Merge Request is in progress implementation of [ECH-draft](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-16) as discussed in [#595](https://gitlab.com/gnutls/gnutls/-/issues/595). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 19:10:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 17:10:24 +0000 Subject: [gnutls-devel] GnuTLS | Support for ECH (encrypted client hello) (!1748) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420523358 I suggest splitting this MR into two (porting HPKE files and ECH support), so we can merge (and test) them individually. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420523358 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 19:10:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 17:10:24 +0000 Subject: [gnutls-devel] GnuTLS | Support for ECH (encrypted client hello) (!1748) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1748 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/nettle/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420523326 > + > +libcrypto_la_SOURCES += \ > + hpke.c hpke-types.c hpke.h hpke-internal.h \ I suggest creating a subdirectory, say `hpke/` to copy those files, so we can easily maintain them and related files like `nettle-alloca.h`. -- Daiki Ueno started a new discussion on lib/nettle/hpke-aead-aes128.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420523333 > + > +const struct hpke_aead nettle_hpke_aead_aes128 = { > + HPKE_AEAD_AES_128_GCM, This is now indented according to the Linux coding style by the `devel/indent-gnutls` script, but Nettle uses a different coding style (GNU). I would rather modify the script to exclude them, e.g., adding `grep -z -v ./lib/nettle/hpke` in the script. -- Daiki Ueno started a new discussion on lib/nettle/hpke-hkdf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420523342 > + goto out; > + } > + while (ecc_scalar_set((struct hpke_dhkem *)dhkem, z)) { This doesn't look correct, as `ecc_scalar_set` is defined as: ```c int ecc_scalar_set (struct ecc_scalar *s, const mpz_t z); ``` Given `sk` is already initialized with the curve, maybe you could write `ecc_scalar_set (sk, z)` instead? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 22:19:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 20:19:13 +0000 Subject: [gnutls-devel] GnuTLS | Porting HPKE (!1749) References: Message-ID: Ajit Singh created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749 Project:Branches: peonix/gnutls:hpke-ref to gnutls/gnutls:ech Author: Ajit Singh This merge request ports the necessary hpke files from the [npocs:hpke](https://git.lysator.liu.se/npocs/nettle/-/tree/hpke?ref_type=heads) repository and includes refactoring changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 22:31:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 20:31:10 +0000 Subject: [gnutls-devel] GnuTLS | Support for ECH (encrypted client hello) (!1748) In-Reply-To: References: Message-ID: Ajit Singh commented on a discussion on lib/nettle/hpke-hkdf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420764947 > + const struct hpke_dhkem *dhkem, > + struct ecc_scalar *sk, struct ecc_point *pk) > +{ > + int r = 1, counter = 0; > + uint8_t *dkp_prk = NULL, *bytes = NULL; > + mpz_t z, t; > + > + mpz_init(z); > + > + dkp_prk = _nettle_labeled_extract_kem(NULL, "dkp_prk", ikm, ikm_len, > + dhkem); > + if (!dkp_prk) { > + r = 0; > + goto out; > + } > + while (ecc_scalar_set((struct hpke_dhkem *)dhkem, z)) { I'm not sure if sk data field values are same as dhkem, so in next change I tried doing this by typecasting `struct dhkem *` to struct `ecc_scalar *` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420764947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 22:52:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 20:52:50 +0000 Subject: [gnutls-devel] GnuTLS | error build gnutls and dependency non root (admin) user (#1486) References: Message-ID: Andy Kimpe created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1486 ## Description of problem: error build on no root (admin) acces so it's impossible for me to install dependencies with dnf and so I have to compile gnutls and all it's dependencies in my $HOME ## Version of gnutls used: libunistring 1.1 nettle 3.9 gnutls 3.8.0 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora 38 no admin acces build gnutls and all dependency to $HOME directory ## How reproducible: Steps to Reproduce: ``` #!/bin/bash cd $HOME rm -rf $HOME/ffmpeg_sources $HOME/ffmpeg_build $HOME/bin mkdir -p $HOME/ffmpeg_sources export PKG_CONFIG_PATH="$HOME/ffmpeg_build/lib/pkgconfig" export LD_LIBRARY_PATH="$HOME/ffmpeg_build/lib" export LD_RUN_PATH="$HOME/ffmpeg_build/lib" export LDFLAGS="-Wl,-rpath=$HOME/ffmpeg_build/lib" export PATH="$PATH:$HOME/bin" export HOGWEED_LIBS="$HOME/ffmpeg_build/lib" export NETTLE_LIBS="$HOME/ffmpeg_build/lib" export NETTLE_CFLAGS="-I$HOME/ffmpeg_build/include/" export GMP_LIBS="$HOME/ffmpeg_build/lib" sourcedown() { cd $HOME/ffmpeg_sources/ rm -rf * wget $1 tar -xvf $(find $HOME/ffmpeg_sources/ -type f) rm -f *.tar* cd $(ls) } sourcebuild() { make -j$(nproc) make install } sourcedown https://www.nasm.us/pub/nasm/releasebuilds/2.16.01/nasm-2.16.01.tar.gz ./autogen.sh ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin" sourcebuild sourcedown https://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin" sourcebuild sourcedown http://artfiles.org/openssl.org/source/openssl-3.1.1.tar.gz ./config --prefix=$HOME/ffmpeg_build --openssldir=$HOME/ffmpeg_build make -j$(nproc) # install no doc make install_sw make install_ssldirs mv $HOME/ffmpeg_build/bin/c_rehash $HOME/bin/ mv $HOME/ffmpeg_build/bin/openssl $HOME/bin/ rm -rf $HOME/ffmpeg_build/target/bin/ cd $HOME/ffmpeg_sources/ rm -rf * git clone --branch stable --depth 1 https://code.videolan.org/videolan/x264.git cd x264 ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --enable-static sourcebuild cd /root/ffmpeg_sources/ rm -rf * git clone --branch stable --depth 2 https://bitbucket.org/multicoreware/x265_git cd /root/ffmpeg_sources/x265_git/build/linux $CMAKE -G "Unix Makefiles" -DCMAKE_INSTALL_PREFIX="$HOME/ffmpeg_build" -DBIN_INSTALL_DIR:PATH=$HOME/bin/ -DENABLE_SHARED:bool=off ../../source sourcebuild sourcedown https://github.com/mstorsjo/fdk-aac/archive/refs/tags/v2.0.2.tar.gz autoreconf -fiv ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --disable-shared sourcebuild sourcedown https://downloads.sourceforge.net/project/lame/lame/3.100/lame-3.100.tar.gz ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --disable-shared --enable-nasm sourcebuild sourcedown https://archive.mozilla.org/pub/opus/opus-1.3.1.tar.gz ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --disable-shared sourcebuild cd /root/ffmpeg_sources/ rm -rf * wget -O /root/ffmpeg_sources/libvpx-1.13.0.tar.gz https://chromium.googlesource.com/webm/libvpx/+archive/d6eb9696aa72473c1a11d34d928d35a3acc0c9a9.tar.gz mkdir -p libvpx-1.13.0 cd /root/ffmpeg_sources/libvpx-1.13.0 tar -xvf /root/ffmpeg_sources/libvpx-1.13.0.tar.gz ./configure --prefix="$HOME/ffmpeg_build" --disable-examples --disable-unit-tests --enable-vp9-highbitdepth --as=yasm sourcebuild sourcedown https://ftp.gnu.org/gnu/nettle/nettle-3.9.tar.gz ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --libdir="$HOME/ffmpeg_build/lib" --enable-shared --enable-fat --enable-mini-gmp sourcebuild sourcedown https://gmplib.org/download/gmp/gmp-6.2.1.tar.xz ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --enable-static --enable-cxx sourcebuild sourcedown https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --enable-static sourcebuild sourcedown https://ftp.gnu.org/gnu/libunistring/libunistring-1.1.tar.gz ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --enable-static sourcebuild sourcedown https://ftp.gnu.org/gnu/libidn/libidn2-2.3.4.tar.gz ./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin/" --enable-static sourcebuild sourcedown https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.0.tar.xz ./configure --prefix=$HOME/ffmpeg_build --bindir=$HOME/bin/ --libdir=$HOME/ffmpeg_build/lib \ --enable-gost --enable-sha1-support --disable-static --disable-openssl-compatibility \ --disable-non-suiteb-curves --without-tpm --with-tpm2 --enable-ktls \ --enable-libdane --without-zlib --without-brotli --without-zstd --disable-rpath ``` ## Actual results: ``` configure: error: *** *** Libunistring was not found. To use the included one, use --with-included-unistring ``` try with -with-included-unistring parameter ``` ./configure --prefix=$HOME/ffmpeg_build --bindir=$HOME/bin/ --libdir=$HOME/ffmpeg_build/lib \ --enable-gost --enable-sha1-support --disable-static --disable-openssl-compatibility \ --disable-non-suiteb-curves --without-tpm --with-tpm2 --enable-ktls \ --enable-libdane --without-zlib --without-brotli --without-zstd --disable-rpath -with-included-unistring ``` ## Expected results: ``` checking for nettle_rsa_sec_decrypt... no configure: error: Nettle lacks the required rsa_sec_decrypt function ``` thank you in advance for your help also it would be good to indicate the solution in the readme of the project because you only indicate how to install the dependencies when you have admin rights but not when you don't have them -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 22:57:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 20:57:05 +0000 Subject: [gnutls-devel] GnuTLS | Support for ECH (encrypted client hello) (!1748) In-Reply-To: References: Message-ID: Ajit Singh commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420795711 Create a new MR for porting hpke https://gitlab.com/gnutls/gnutls/-/merge_requests/1749 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1420795711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 23:21:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 21:21:59 +0000 Subject: [gnutls-devel] GnuTLS | Update README.md (!1750) References: Message-ID: Andy Kimpe created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750 Project:Branches: andykimpe/gnutls:master to gnutls/gnutls:master Author: Andy Kimpe add non admin parameter to build for solve issue https://gitlab.com/gnutls/gnutls/-/issues/1486 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 23:22:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 21:22:21 +0000 Subject: [gnutls-devel] GnuTLS | error build gnutls and dependency non root (admin) user (#1486) In-Reply-To: References: Message-ID: Andy Kimpe commented: https://gitlab.com/gnutls/gnutls/-/issues/1486#note_1420823447 solved please accept this pull for write to readme example https://gitlab.com/gnutls/gnutls/-/merge_requests/1750 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1486#note_1420823447 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 23:23:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 21:23:39 +0000 Subject: [gnutls-devel] GnuTLS | error build gnutls and dependency non root (admin) user (#1486) In-Reply-To: References: Message-ID: Issue was closed by Andy Kimpe Issue #1486: https://gitlab.com/gnutls/gnutls/-/issues/1486 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 6 23:24:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 06 Jun 2023 21:24:20 +0000 Subject: [gnutls-devel] GnuTLS | error build gnutls and dependency non root (admin) user (#1486) In-Reply-To: References: Message-ID: Issue was reopened by Andy Kimpe Issue 1486: https://gitlab.com/gnutls/gnutls/-/issues/1486 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 05:59:45 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 03:59:45 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1421102943 Hi is there any update on merging this ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1421102943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 06:14:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 04:14:14 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_priority_update_fips is called when the fips mode is off (#1485) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1421116417 Thank you for the report, but I don't think this is a bug: the return value 2 means `GNUTLS_FIPS140_LAX`as defined as: > The library still uses the FIPS140-2 relevant algorithms but all forbidden by FIPS140-2 operations are allowed; this is useful when the application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). https://www.gnutls.org/manual/html_node/FIPS140_002d2-mode.html#Relaxing-FIPS140_002d2-requirements Therefore, it not only affects self-tests but also is meant to simulate the FIPS behavior. If that is not clear, we can update the comment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1421116417 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 09:39:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 07:39:26 +0000 Subject: [gnutls-devel] GnuTLS | Support for ECH (encrypted client hello) (!1748) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/hpke-hkdf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1421353259 > + const struct hpke_dhkem *dhkem, > + struct ecc_scalar *sk, struct ecc_point *pk) > +{ > + int r = 1, counter = 0; > + uint8_t *dkp_prk = NULL, *bytes = NULL; > + mpz_t z, t; > + > + mpz_init(z); > + > + dkp_prk = _nettle_labeled_extract_kem(NULL, "dkp_prk", ikm, ikm_len, > + dhkem); > + if (!dkp_prk) { > + r = 0; > + goto out; > + } > + while (ecc_scalar_set((struct hpke_dhkem *)dhkem, z)) { The issue is that `struct dhkem *` and `ecc_scalar *` are completely different types and you can't safely typecast. Perhaps you could try adding this modification to the HPKE branch of nettle and run the tests, and I guess you will most likely see a segmentation fault. If you don't want to touch `sk` in this loop, one option would be to create a temporary scalar variable: ```c ecc_scalar tmp_sk; ecc_scalar_init (&tmp_sk, dhkem->ecc); while (!ecc_scalar_set (&tmp_sk, z)) { ... } ecc_scalar_clear (&tmp_sk); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1421353259 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 11:05:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 09:05:34 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_priority_update_fips is called when the fips mode is off (#1485) In-Reply-To: References: Message-ID: wang cheng commented: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1421539327 Thank you for your reply. But your description is a bit different from my understanding. I know from the `gnutls_fips_mode_t` in the `gnutls.h` that the return value is 2 corresponding to the `GNUTLS_FIPS140_SELFTESTS` state: > A transient state during library initialization. That state cannot be set or seen by applications. ``` typedef enum gnutls_fips_mode_t { GNUTLS_FIPS140_DISABLED = 0, GNUTLS_FIPS140_STRICT = 1, GNUTLS_FIPS140_SELFTESTS = 2, GNUTLS_FIPS140_LAX = 3, GNUTLS_FIPS140_LOG = 4 } gnutls_fips_mode_t; ``` When the system fips mode is turned off (but `/etc/system-fips` has been generated), and the environment variable GNUTLS_FORCE_FIPS_MODE is not set, gnutls will enter the GNUTLS_FIPS140_SELFTESTS state. As described above, the application in its current state should not perceive a difference compared to GNUTLS_FIPS140_DISABLED mode. Maybe the call to the `_gnutls_priority_update_fips` function needs tweaking? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1421539327 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 11:07:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 09:07:37 +0000 Subject: [gnutls-devel] GnuTLS | Update README.md (!1750) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1750 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on README.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750#note_1421543332 > ``` > > +Build to no admin acces example to use typo: acces ? access -- Daiki Ueno started a new discussion on README.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750#note_1421543344 > +Build to no admin acces example to use > + > +`for --prefix=$HOME --bindir=$HOME/bin --sbindir=$HOME/sbin --libdir=$HOME=/lib` typo: `--libdir=$HOME=/lib` -- Daiki Ueno started a new discussion on README.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750#note_1421543347 > +export GMP_LIBS="-L$HOME/lib -lgmp" > +export LIBTASN1_CFLAGS="-I$HOME/include" > +export LIBTASN1_LIBS="-L$HOME/lib -ltasn1" As both Nettle, GMP, and libtasn1 provide pkgconfig scripts, it shouldn't be necessary to specify `NETTLE_CFLAGS`, `NETTLE_LIBS`, `HOGWEED_CFLAGS`, `HOGWEED_LIBS`, `GMP_CFLAGS`, `GMP_LIBS`, ` LIBTASN1_CFLAGS`, and `LIBTASN1_LIBS`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 11:12:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 09:12:59 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 38 images (!1747) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747#note_1421552163 looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747#note_1421552163 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 11:12:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 09:12:59 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 38 images (!1747) In-Reply-To: References: Message-ID: Merge request !1747 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747 Project:Branches: dueno/gnutls:wip/dueno/ci-fedora38 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 11:12:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 09:12:59 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 38 images (!1747) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1747 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747#note_1421552151 > } > - memcpy(cache_db[i].session_data.data, data.data, data.size); > + if (data.size > 0) { This should be unnecessary. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 11:29:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 09:29:19 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 38 images (!1747) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747#note_1421581734 > return GNUTLS_E_MEMORY_ERROR; > cache_db[i].session_data.data = ptr; > } > - memcpy(cache_db[i].session_data.data, data.data, data.size); > + if (data.size > 0) { This is to suppress a new warning from clang-analyzer: ```console serv.c:2069:2: warning: Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker] memcpy(cache_db[i].session_data.data, data.data, data.size); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747#note_1421581734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 11:56:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 09:56:42 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 38 images (!1747) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on src/serv.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747#note_1421629544 > return GNUTLS_E_MEMORY_ERROR; > cache_db[i].session_data.data = ptr; > } > - memcpy(cache_db[i].session_data.data, data.data, data.size); > + if (data.size > 0) { in that case its fine -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747#note_1421629544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 11:56:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 09:56:42 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 38 images (!1747) In-Reply-To: References: Message-ID: All discussions on merge request !1747 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1747 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 12:07:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 10:07:24 +0000 Subject: [gnutls-devel] GnuTLS | Update README.md (!1750) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750#note_1421648243 Should it go to INSTALL.md instead? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750#note_1421648243 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 16:23:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 14:23:24 +0000 Subject: [gnutls-devel] GnuTLS | Support for ECH (encrypted client hello) (!1748) In-Reply-To: References: Message-ID: Ajit Singh commented on a discussion on lib/nettle/hpke-hkdf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1422141005 > + const struct hpke_dhkem *dhkem, > + struct ecc_scalar *sk, struct ecc_point *pk) > +{ > + int r = 1, counter = 0; > + uint8_t *dkp_prk = NULL, *bytes = NULL; > + mpz_t z, t; > + > + mpz_init(z); > + > + dkp_prk = _nettle_labeled_extract_kem(NULL, "dkp_prk", ikm, ikm_len, > + dhkem); > + if (!dkp_prk) { > + r = 0; > + goto out; > + } > + while (ecc_scalar_set((struct hpke_dhkem *)dhkem, z)) { Here, I saw https://gitlab.com/peonix/gnutls/-/blob/hpke-ref/lib/nettle/hpke/hpke-dhkem.c#L68 that its usage is same way as you told earlier (initializing sk from dhkem itself). So, `ecc_scalar_set (sk, z)` this will work fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748#note_1422141005 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 16:51:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 14:51:12 +0000 Subject: [gnutls-devel] GnuTLS | Support for ECH (encrypted client hello) (!1748) In-Reply-To: References: Message-ID: All discussions on merge request !1748 were resolved by Ajit Singh https://gitlab.com/gnutls/gnutls/-/merge_requests/1748 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 18:23:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 16:23:04 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_priority_update_fips is called when the fips mode is off (#1485) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1422391156 Sorry for that I was confused that the value 2 actually means `GNUTLS_FIPS140_SELFTESTS`. That said, I still think that we should emulate FIPS-enabled behavior even if the mode is `GNUTLS_FIPS140_SELFTESTS`, as it is only for internal use as documented: > GNUTLS_FIPS140_SELFTESTS > > A transient state during library initialization. That state cannot be set or seen by applications. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1422391156 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 18:35:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 16:35:32 +0000 Subject: [gnutls-devel] GnuTLS | Update README.md (!1750) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750#note_1422409919 I am not convinced GnuTLS should try to document this special case in README or INSTALL. There is a handful of fairly standard tricks and workarounds for modifiying a standard set of install instructions to do this. It absolutely makes no sense try to squeeze this into every INSTALL file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1750#note_1422409919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 7 18:49:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 07 Jun 2023 16:49:41 +0000 Subject: [gnutls-devel] GnuTLS | m4/hooks.m4: Fixed typo (!1751) References: Message-ID: Ajit Singh created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1751 Project:Branches: peonix/gnutls:dev-fix to gnutls/gnutls:master Author: Ajit Singh `./configure --enable-srp-authentication` prints out `Checking whether to enable srp: No`. This MR fixed this undesired behavior. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 8 04:44:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Jun 2023 02:44:52 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_priority_update_fips is called when the fips mode is off (#1485) In-Reply-To: References: Message-ID: wang cheng commented: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1422909155 I'm sorry I didn't describe the problem clearly. `_gnutls_fips_mode_reset_zombie` is called in `_gnutls_global_init`. ``` /* This _fips_mode == 2 is a strange mode where checks are being * performed, but its output is ignored. */ void _gnutls_fips_mode_reset_zombie(void) { if (_global_fips_mode == GNUTLS_FIPS140_SELFTESTS) { _global_fips_mode = GNUTLS_FIPS140_DISABLED; } } ``` In the above, `_global_fips_mode` is set to `GNUTLS_FIPS140_DISABLED`. There is a state transition here. This is the reason for description: > A transient state during library initialization. **That state cannot be set or seen by applications**. After initialization, applications can get the fips state(`GNUTLS_FIPS140_DISABLED`) from `gnutls_fips140_mode_enabled` api. But guntls has already called `_gnutls_priority_update_fips` when `/etc/system-fips` has been generated, making certain algorithm suites unusable. Therefore, the `GNUTLS_FIPS140_DISABLED` fips state is different from the actual initialization operation. The best way to solve this problem is to add `if (res != GNUTLS_FIPS140_SELFTESTS)` before the `_gnutls_priority_update_fips` calling. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1422909155 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 8 07:10:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Jun 2023 05:10:11 +0000 Subject: [gnutls-devel] GnuTLS | m4/hooks.m4: Fixed typo (!1751) In-Reply-To: References: Message-ID: Merge request !1751 was approved by Andreas Metzler Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1751 Project:Branches: peonix/gnutls:dev-fix to gnutls/gnutls:master Author: Ajit Singh Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 8 15:06:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Jun 2023 13:06:48 +0000 Subject: [gnutls-devel] GnuTLS | tests: update tests/suite/ciphersuite after a96b04ff (!1745) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on tests/suite/ciphersuite/test-ciphers.js: https://gitlab.com/gnutls/gnutls/-/merge_requests/1745#note_1423798261 > - console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname); > - process.exit(1); > - } > - } else { > - if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) { > - console.log("Broken ciphersuite name: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname); > - process.exit(1); > - } > - } > + if (cs.min_version !== "TLS1.3") { > + if (cs.mac == "AEAD") { > + if (kx + "-" + cipher != cs.gnutlsname && kx + "-" + cipher + "-SHA256" != cs.gnutlsname && kx + "-" + cipher + "-SHA384" != cs.gnutlsname) { > + console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname); > + process.exit(1); > + } > + } else if (!cipher.match(/GOST/)) { nit: maybe GOST case could benefit from having a check as well, even if it'd be just a hardcoded one -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1745#note_1423798261 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 8 15:07:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 08 Jun 2023 13:07:28 +0000 Subject: [gnutls-devel] GnuTLS | tests: update tests/suite/ciphersuite after a96b04ff (!1745) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1745#note_1423799251 Change looks OK to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1745#note_1423799251 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 15 18:13:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Jun 2023 16:13:30 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Bind the random number generator (!8) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/8#note_1432827257 @civodul This one is the easiest to start with. Could you look at it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/8#note_1432827257 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 15 21:46:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 15 Jun 2023 19:46:15 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) References: Message-ID: David Thompson created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/13 Project:Branches: flockofbirbs/guile-gnutls:x509-bindings to gnutls/guile:master Author: David Thompson This patch set makes it possible to generate X.509 private keys and certificates with Guile. I haven't written much C code or used Guile's C API in quite awhile but I tried my best. The license headers indicate that there's FSF copyright assignment involved here, which is fine because I filed my paperwork for it years ago. I also threw in a `guix.scm` file to make it easy for Guix users to create a dev environment using `guix shell`, which has become the norm for Guile projects. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 06:43:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 04:43:14 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1433382073 Hello! I have a similar problem for the alpine job. It worked fine on the last commit, but alpine must have changed something. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1433382073 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 07:29:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 05:29:52 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com started a new discussion on guile/modules/gnutls/build/enums.scm: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1433405833 > #f > "GNUTLS_NAME_")) > > +(define %privkey-enum I useFor my own MR, I used keyword arguments for these, because not all flags are relevant at the same time. For instance, https://gitlab.com/gnutls/guile/-/merge_requests/9/diffs#0e4b413978b35951608f99c74c1a279836c5ca5d_3909_5173 Is it better to pass a list of flags? I can change my own code if that?s better. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1433405833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 09:52:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 07:52:42 +0000 Subject: [gnutls-devel] GnuTLS | Export the DH functionality (#894) In-Reply-To: References: Message-ID: Riesi commented: https://gitlab.com/gnutls/gnutls/-/issues/894#note_1433550244 Any progress on the export so Wine could utilize it? :grimacing: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/894#note_1433550244 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 17:37:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 15:37:35 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: civodul commented: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434295287 Hi! Regarding copyright assignment: this code used to be part of GnuTLS, which used to have its copyright assigned to the FSF (you probably didn't have a copyright assignment on file for GnuTLS). In the meantime, two things happened: GnuTLS changed its policy to no longer require copyright assignment, and this package was split off GnuTLS. So long story short: you (or you employer) are the copyright holder for these changes. @jas please correct me if I'm wrong! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434295287 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 17:42:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 15:42:26 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: David Thompson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434300418 Ah okay, thanks for the clarification! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434300418 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 17:43:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 15:43:38 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add gnutls_x509_privkey_export binding. (db23ac18) In-Reply-To: References: Message-ID: civodul started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/commit/db23ac1829cd887be57e1409cddd76a612bbb4cc#note_1434301822 > + "Return a bytevector resulting from the export of @var{key} " > + "(an X.509 private key) according to @var{format}.") > +#define FUNC_NAME s_scm_gnutls_export_x509_private_key > +{ > + int err; > + SCM result; > + gnutls_x509_privkey_t c_key; > + gnutls_x509_crt_fmt_t c_format; > + uint8_t *c_data; > + size_t c_data_len; > + > + c_key = scm_to_gnutls_x509_private_key (key, 1, FUNC_NAME); > + c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME); > + c_data = scm_malloc (2048); > + c_data_len = sizeof(c_data); > + Perhaps there's some factorization that can be done between `crt_export` and `privey_export`, similar to `pkcs_export_parameters`? Also, perhaps we can allocate directly a bytevector instead of using `scm_malloc` + `memcpy` + `free`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/commit/db23ac1829cd887be57e1409cddd76a612bbb4cc#note_1434301822 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 17:46:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 15:46:02 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add enum for GNUTLS_OID_* values. (8bad9c1d) In-Reply-To: References: Message-ID: civodul started a new discussion on guile/modules/gnutls/build/enums.scm: https://gitlab.com/gnutls/guile/-/commit/8bad9c1d5b3119ef7fb90223e77530b583353971#note_1434305293 > #f > "GNUTLS_PRIVKEY_")) > > +(define %oid-enum > + ;; Not actually an enum on the C side. > + (make-enum-type 'oid "char *" > + '(x520-country-name x520-organization-name Maybe `"const char *"`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/commit/8bad9c1d5b3119ef7fb90223e77530b583353971#note_1434305293 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 17:51:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 15:51:28 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add gnutls_x509_privkey_export binding. (5fb0e70b) In-Reply-To: References: Message-ID: civodul started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/commit/5fb0e70b3bea2a9256c7c803c59c6423c8ad298e#note_1434312179 > + "Return a bytevector resulting from the export of @var{key} " > + "(an X.509 private key) according to @var{format}.") > +#define FUNC_NAME s_scm_gnutls_export_x509_private_key > +{ > + int err; > + SCM result; > + gnutls_x509_privkey_t c_key; > + gnutls_x509_crt_fmt_t c_format; > + uint8_t *c_data; > + size_t c_data_len; > + > + c_key = scm_to_gnutls_x509_private_key (key, 1, FUNC_NAME); > + c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME); > + c_data = scm_malloc (2048); > + c_data_len = sizeof (c_data); > + Perhaps there's some factorization that can be done between `crt_export` and `privey_export`, similar to `pkcs_export_parameters`? Also, perhaps we can allocate directly a bytevector instead of using `scm_malloc` + `memcpy` + `free`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/commit/5fb0e70b3bea2a9256c7c803c59c6423c8ad298e#note_1434312179 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 17:54:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 15:54:22 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: civodul commented: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434317751 @flockofbirbs Apart from the two nitpicks above, it looks great to me! It's nice to have a test that covers pretty much everything AFAICS. Could you update the branch? And then if it goes green we can click. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434317751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 18:01:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 16:01:00 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: David Thompson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434326351 Sure, thanks for the comments. Been awhile since I've written a significant amount of C code. I have found at least one more binding that I'd like to get in but I'll follow up with that later. :smile: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434326351 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 18:01:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 16:01:41 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add gnutls_x509_privkey_export binding. (5fb0e70b) In-Reply-To: References: Message-ID: David Thompson commented on a discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/commit/5fb0e70b3bea2a9256c7c803c59c6423c8ad298e#note_1434327215 > + "Return a bytevector resulting from the export of @var{key} " > + "(an X.509 private key) according to @var{format}.") > +#define FUNC_NAME s_scm_gnutls_export_x509_private_key > +{ > + int err; > + SCM result; > + gnutls_x509_privkey_t c_key; > + gnutls_x509_crt_fmt_t c_format; > + uint8_t *c_data; > + size_t c_data_len; > + > + c_key = scm_to_gnutls_x509_private_key (key, 1, FUNC_NAME); > + c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME); > + c_data = scm_malloc (2048); > + c_data_len = sizeof (c_data); > + I will check how it's done in `pkcs_export_parameters` and try to do the same. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/commit/5fb0e70b3bea2a9256c7c803c59c6423c8ad298e#note_1434327215 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 19:17:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 17:17:12 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/modules/gnutls/build/enums.scm: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434435316 > #f > "GNUTLS_NAME_")) > > +(define %privkey-enum I think the link did not work, see scm_private_key_sign_data -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434435316 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 20:14:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 18:14:22 +0000 Subject: [gnutls-devel] Guile-GnuTLS | CI: expect tests/srp-base64.scm to fail on alpine. (!14) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/14 Project:Branches: vivien_/guile:silence-alpine-failure to gnutls/guile:master Author: Vivien Kraus Would Rather Not Be On Gitlab_com Hello, I noticed that this test failed on alpine as of recently. My suggestion is to ignore that failure, what do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 20:41:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 18:41:25 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add enum for GNUTLS_OID_* values. (8bad9c1d) In-Reply-To: References: Message-ID: David Thompson commented on a discussion on guile/modules/gnutls/build/enums.scm: https://gitlab.com/gnutls/guile/-/commit/8bad9c1d5b3119ef7fb90223e77530b583353971#note_1434518847 > #f > "GNUTLS_PRIVKEY_")) > > +(define %oid-enum > + ;; Not actually an enum on the C side. > + (make-enum-type 'oid "char *" > + '(x520-country-name x520-organization-name Yeah that's a good idea. Done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/commit/8bad9c1d5b3119ef7fb90223e77530b583353971#note_1434518847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 20:44:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 18:44:51 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: David Thompson commented on a discussion on guile/modules/gnutls/build/enums.scm: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434523277 > #f > "GNUTLS_NAME_")) > > +(define %privkey-enum Using a list for flags is my usual method of dealing with bit flags when binding C functions. Also, it's a pattern that is already used in this project. See `scm_gnutls_make_session` for an upstream example. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434523277 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 20:48:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 18:48:10 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: David Thompson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434526623 I updated copyright information accordingly. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434526623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 21:53:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 19:53:58 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: David Thompson started a new discussion on guile/src/core.c: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434592839 > + } > + while (err == GNUTLS_E_SHORT_MEMORY_BUFFER); > + > + if (EXPECT_FALSE (err)) > + { > + scm_gc_free (output, output_total_len, func_name); > + scm_gnutls_error (err, FUNC_NAME); > + } > + > + if (output_len != output_total_len) > + /* Shrink the output buffer. */ > + output = scm_gc_realloc (output, output_total_len, > + output_len, func_name); > + > + return (scm_take_u8vector (output, output_len)); > +} @civodul I copied the way that `pkcs_export_parameters` does things, adapted to work with certs/keys, and rewrote the `scm_gnutls_export_x509_certificate` and `scm_gnutls_export_x509_private_key` to use it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434592839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jun 16 22:03:23 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 16 Jun 2023 20:03:23 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: David Thompson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434603048 I think I've taken care of your comments. I also discovered that I wasn't checking the key usage flags in my test so I added that, too. Build is green again aside from the Alpine tarball which seems unrelated to my changes: ``` throw to `gnutls-error' with args (# srp-base64-encode) [PID 2508] FAIL tests/srp-base64.scm (exit status: 1 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1434603048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 18 17:50:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Jun 2023 15:50:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls examples don't handle short writes correctly (#1484) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: https://gitlab.com/gnutls/gnutls/-/issues/1484#note_1435170603 That's from memory, and may not apply to current code. Although `gnutls_record_send()` documentation says "the number of bytes sent might be less than @data_size", this may have never been the case. The way `gnutls_record_send()` worked ensured that writes succeed fully or fail with an error code (temporarily - eagain or fatally). That was at least at some point intentionally to prevent the complexity of handling partial writes in applications. I have not verified whether this applies to current code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1484#note_1435170603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 18 22:49:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Jun 2023 20:49:51 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: Merge request !13 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/13 Project:Branches: flockofbirbs/guile-gnutls:x509-bindings to gnutls/guile:master Author: David Thompson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jun 18 22:51:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 18 Jun 2023 20:51:02 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: civodul commented: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1435226385 Merged, thanks @flockofbirbs! @jas: it seems we need `--disable-srp-authentication` on Alpine as well? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1435226385 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 19 10:42:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Jun 2023 08:42:11 +0000 Subject: [gnutls-devel] GnuTLS | m4/hooks.m4: Fixed typo (!1751) In-Reply-To: References: Message-ID: Merge request !1751 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1751 Project:Branches: peonix/gnutls:dev-fix to gnutls/gnutls:master Author: Ajit Singh -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 19 10:42:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Jun 2023 08:42:21 +0000 Subject: [gnutls-devel] GnuTLS | m4/hooks.m4: Fixed typo (!1751) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1751#note_1435605741 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1751#note_1435605741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 19 13:35:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Jun 2023 11:35:13 +0000 Subject: [gnutls-devel] GnuTLS | Expose HMAC-SHA3 from the crypto API (#1487) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1487 Currently, HMAC API (e.g., `gnutls_hmac_init`) does not work with SHA-3 algorithms. They could be useful for some applications and PKCS#12. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1487 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 19 14:12:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Jun 2023 12:12:28 +0000 Subject: [gnutls-devel] GnuTLS | Configuration of DHE Algorithms in GNUTLS through gnutls_priority_init API (#1488) References: Message-ID: Gayathri K created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1488 Hi, Could you please help in resolving the below issue. When trying to configure the priorities of GNUTLS using the API gnutls_priority_init, it works fine for all other values expect the DHE algorithms. For Example, when trying to configure the priority string as "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+**DHE-RSA**", Invalid request is thrown. Whereas it is working fine for other priority strings like "NORMAL:-CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:+AES-256-GCM". Could you please guide us if we are missing something in configuring DHE algorithms. GNUTLS Version used: 3.7.9 Thanks and regards Gayathri -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1488 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 19 19:18:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 19 Jun 2023 17:18:29 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Public key cryptography (!9) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/9#note_1436633100 I changed my use of keyword arguments so that I can use the privkey flags recently introduced. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/9#note_1436633100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 20 17:39:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 20 Jun 2023 15:39:42 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Bind the random number generator (!8) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/8#note_1438250263 I?m afraid that these MRs get ignored because they are lost in the waterfall of spam emails that Gitlab usually sends whenever something happens. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/8#note_1438250263 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 21 10:31:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Jun 2023 08:31:37 +0000 Subject: [gnutls-devel] GnuTLS | Porting HPKE (!1749) In-Reply-To: References: Message-ID: Norbert Pocs started a new discussion on lib/nettle/hpke/hpke-hkdf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749#note_1439436761 > + struct ecc_scalar *sk, struct ecc_point *pk) > +{ > + int r = 1, counter = 0; > + uint8_t *dkp_prk = NULL, *bytes = NULL; > + mpz_t z; > + > + mpz_init (z); > + > + dkp_prk = _nettle_labeled_extract_kem (NULL, "dkp_prk", ikm, ikm_len, > + dhkem); > + if (!dkp_prk) > + { > + r = 0; > + goto out; > + } > + while (ecc_scalar_set((struct ecc_scalar *)dhkem, z)) I wonder why is this line different than the implementation in the nettle PR. What is the story behind this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749#note_1439436761 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 21 11:33:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Jun 2023 09:33:48 +0000 Subject: [gnutls-devel] GnuTLS | Porting HPKE (!1749) In-Reply-To: References: Message-ID: Ajit Singh commented on a discussion on lib/nettle/hpke/hpke-hkdf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749#note_1439549677 > + struct ecc_scalar *sk, struct ecc_point *pk) > +{ > + int r = 1, counter = 0; > + uint8_t *dkp_prk = NULL, *bytes = NULL; > + mpz_t z; > + > + mpz_init (z); > + > + dkp_prk = _nettle_labeled_extract_kem (NULL, "dkp_prk", ikm, ikm_len, > + dhkem); > + if (!dkp_prk) > + { > + r = 0; > + goto out; > + } > + while (ecc_scalar_set((struct ecc_scalar *)dhkem, z)) since we do not have ecc-internal.h in system nettle lib(usr/include/nettle), this header file contains the required `struct ecc_curve` by `dhkem->ecc`. Therefore to bypass its usage, this loop condition rewritten using `ecc_scalar_set` https://git.lysator.liu.se/nettle/nettle/-/blob/master/ecc-scalar.c#L55 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749#note_1439549677 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 21 12:36:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 21 Jun 2023 10:36:17 +0000 Subject: [gnutls-devel] GnuTLS | Porting HPKE (!1749) In-Reply-To: References: Message-ID: Norbert Pocs commented on a discussion on lib/nettle/hpke/hpke-hkdf.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749#note_1439666374 > + struct ecc_scalar *sk, struct ecc_point *pk) > +{ > + int r = 1, counter = 0; > + uint8_t *dkp_prk = NULL, *bytes = NULL; > + mpz_t z; > + > + mpz_init (z); > + > + dkp_prk = _nettle_labeled_extract_kem (NULL, "dkp_prk", ikm, ikm_len, > + dhkem); > + if (!dkp_prk) > + { > + r = 0; > + goto out; > + } > + while (ecc_scalar_set((struct ecc_scalar *)dhkem, z)) nice job! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749#note_1439666374 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jun 24 00:05:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 23 Jun 2023 22:05:30 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Bind the random number generator (!8) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/8#note_1444238325 I?ve seen !13 being opened, reviewed and merged in a matter of days. What did I do wrong? Am I being ignored on purpose? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/8#note_1444238325 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 26 09:56:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Jun 2023 07:56:17 +0000 Subject: [gnutls-devel] GnuTLS | make check FAIL: testcompat-openssl-tls13-serv.sh (#1489) References: Message-ID: zsdfSfew34erwsdvfcxnjtyo 6 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1489 ## Description of problem: There is a problem with make check on the Alibaba Cloud ecs.t6-c1m1.large instance. ## Version of gnutls used: 3.8.x ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu20.04 ## How reproducible: configure: summary of build options: version: 3.8.0 shared 65:0:35 Host/Target system: x86_64-pc-linux-gnu Build system: x86_64-pc-linux-gnu Install prefix: /usr/local Compiler: gcc Valgrind: no CFlags: -g -O2 Library types: Shared=yes, Static=no Local libtasn1: no Local unistring: no Use nettle-mini: no Documentation: yes (manpages: yes) configure: External hardware support: /dev/crypto: no AF_ALG support: no Hardware accel: x86-64 Padlock accel: yes Random gen. variant: getrandom PKCS#11 support: yes TPM support: yes, TPM2 support: yes KTLS support: no configure: TPM library: /usr/lib/x86_64-linux-gnu//libtspi.so.1 configure: TPM2 library: tss2-esys tss2-mu tss2-tctildr configure: Optional features: (note that included applications might not compile properly if features are disabled) SSL3.0 support: no SSL2.0 client hello: yes Allow SHA1 sign: no DTLS-SRTP support: yes ALPN support: yes OCSP support: yes SRP support: no PSK support: yes DHE support: yes ECDHE support: yes GOST support: yes Anon auth support: yes Heartbeat support: no IDNA support: IDNA 2008 (libidn2) Non-SuiteB curves: yes FIPS140 mode: no Strict DER time: yes configure: Optional libraries: C++ library: yes DANE library: yes OpenSSL compat: no configure: System files: Trust store pkcs11: Trust store dir: Trust store file: /etc/ssl/certs/ca-certificates.crt Blocklist file: CRL file: Configuration file: /etc/gnutls/config DNSSEC root key file: /usr/share/dns/root.key Steps to Reproduce: * ./bootstrap * ./configure * make * make check ## Actual results: ...... FAIL: testcompat-openssl-tls13-serv.sh PASS: testdane.sh PASS: eagain.sh PASS: prime-check ============================================================================ Testsuite summary for GnuTLS 3.8.0 ============================================================================ # TOTAL: 28 # PASS: 15 # SKIP: 12 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 ============================================================================ See tests/suite/test-suite.log Please report to bugs at gnutls.org ============================================================================ make[4]: *** [Makefile:2626: test-suite.log] Error 1 make[4]: Leaving directory '/root/gnutls/gnutls/tests/suite' make[3]: *** [Makefile:2734: check-TESTS] Error 2 make[3]: Leaving directory '/root/gnutls/gnutls/tests/suite' make[2]: *** [Makefile:2807: check-am] Error 2 make[2]: Leaving directory '/root/gnutls/gnutls/tests/suite' make[1]: *** [Makefile:9454: check-recursive] Error 1 make[1]: Leaving directory '/root/gnutls/gnutls/tests' make: *** [Makefile:2319: check-recursive] Error 1 cat tests/suite/test-suite.log ============================================== GnuTLS 3.8.0: tests/suite/test-suite.log ============================================== # TOTAL: 28 # PASS: 15 # SKIP: 12 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 SKIP: testcompat-polarssl-serv ============================== Compatibility checks using polarssl PolarSSL is required for this test to run SKIP testcompat-polarssl-serv.sh (exit status: 77) SKIP: testcompat-polarssl-serv-compat ===================================== Compatibility checks using polarssl PolarSSL is required for this test to run SKIP testcompat-polarssl-serv-compat.sh (exit status: 77) SKIP: testcompat-polarssl-serv-no-etm ===================================== Compatibility checks using polarssl PolarSSL is required for this test to run SKIP testcompat-polarssl-serv-no-etm.sh (exit status: 77) SKIP: testcompat-openssl-cli ============================ Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-cli.sh (exit status: 77) SKIP: testcompat-openssl-cli-compat =================================== Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-cli-compat.sh (exit status: 77) SKIP: testcompat-openssl-cli-no-etm =================================== Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-cli-no-etm.sh (exit status: 77) SKIP: testcompat-openssl-serv ============================= Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-serv.sh (exit status: 77) SKIP: testcompat-openssl-serv-compat ==================================== Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-serv-compat.sh (exit status: 77) SKIP: testcompat-openssl-serv-no-etm ==================================== Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-serv-no-etm.sh (exit status: 77) SKIP: testcompat-openssl-serv-no-tickets ======================================== Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-serv-no-tickets.sh (exit status: 77) SKIP: testcompat-openssl-serv-no-safe-renegotiation =================================================== Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-serv-no-safe-renegotiation.sh (exit status: 77) SKIP: testcompat-openssl-serv-safe-renegotiation ================================================ Compatibility checks using OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) OpenSSL 1.0.0 is required for ECDH and DTLS tests SKIP testcompat-openssl-serv-safe-renegotiation.sh (exit status: 77) FAIL: testcompat-openssl-tls13-serv =================================== Compatibility checks using OpenSSL ################################################# # Client mode tests (gnutls cli-openssl server) # ################################################# ############################################### # Server mode tests (gnutls server-openssl cli# ############################################### Checking TLS 1.3 with AES-128-GCM... reserved port 28612 Checking TLS 1.3 with AES-256-GCM... reserved port 42925 Checking TLS 1.3 with CHACHA20-POLY1305... reserved port 19862 Checking TLS 1.3 with AES-128-CCM... reserved port 38919 Checking TLS 1.3 with AES-128-CCM-8... reserved port 26343 Checking TLS 1.3 with 0... reserved port 31345 802B1CE1507F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:308: Failure: Failed ./../scripts/common.sh: line 151: kill: (548249) - No such process unreserved port 31345 FAIL testcompat-openssl-tls13-serv.sh (exit status: 1) ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1489 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 26 12:42:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Jun 2023 10:42:59 +0000 Subject: [gnutls-devel] build-images | docker-debian-cross: freeze like the others (!31) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/build-images/-/merge_requests/31 Project:Branches: asosedkin/build-images:debian-cross-fix to gnutls/build-images:master Author: Alexander Sosedkin Otherwise CI's failing to something like https://github.com/containers/buildah/issues/4216 that I can't reproduce locally. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/31 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 26 18:51:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Jun 2023 16:51:33 +0000 Subject: [gnutls-devel] Guile-GnuTLS | More X.509 bindings (!13) In-Reply-To: References: Message-ID: David Thompson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1446135007 Sorry for the delay, I've been in the woods at dweb camp all week, but thank you for merging! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/13#note_1446135007 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 26 18:54:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Jun 2023 16:54:42 +0000 Subject: [gnutls-devel] build-images | docker-debian-cross: freeze like the others (!31) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/build-images/-/merge_requests/31#note_1446137930 It probably does make sense to actively make the switch by using codenames instead of automatically switching. However "bullseye" is Debian oldstable, the ci needs to be fixed to work with current stable (bookworm). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/31#note_1446137930 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jun 26 19:22:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 26 Jun 2023 17:22:10 +0000 Subject: [gnutls-devel] build-images | docker-debian-cross: freeze like the others (!31) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/build-images/-/merge_requests/31#note_1446165394 I know. I've tried switching to bookworm for at least half an hour, gave up and linked to the closest bug report I've found. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/31#note_1446165394 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 27 10:50:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jun 2023 08:50:21 +0000 Subject: [gnutls-devel] libtasn1 | Timeout in _asn1_find_up (#45) References: Message-ID: ty z created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/45 ## Description of problem: A problem about libtasn1 has been found. For details, see the following website: https://gitlab.com/gnutls/gnutls/-/issues/1327 Please guide the analysis of this problem. ## Version of libtasn1 used: ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) ## How reproducible: Steps to Reproduce: * one * two * three ## Actual results: ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/45 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jun 27 13:48:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 27 Jun 2023 11:48:47 +0000 Subject: [gnutls-devel] GnuTLS | Porting HPKE (!1749) In-Reply-To: References: Message-ID: All discussions on merge request !1749 were resolved by Ajit Singh https://gitlab.com/gnutls/gnutls/-/merge_requests/1749 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jun 28 11:36:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 28 Jun 2023 09:36:55 +0000 Subject: [gnutls-devel] GnuTLS | Run FIPS self-tests on-demand (#1490) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1490 FIPS 140-3 allows us to run self-tests at the first time the algorithms are used. We could speed up the library startup by deferring the self-tests execution. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1490 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jun 29 13:27:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 29 Jun 2023 11:27:36 +0000 Subject: [gnutls-devel] GnuTLS | tls1-prf: mark use of non-EMS PRF non-approved in FIPS (!1752) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1752 Project:Branches: dueno/gnutls:wip/dueno/ems-followup to gnutls/gnutls:master Author: Daiki Ueno It turned out that enforcing EMS in TLS 1.2 causes interoperability issues, even though it is required by FIPS 140-3. Instead of hard-blocking non-EMS KDF, this reports the usage of such KDF through the service indicator, that is done by marking the use of non-EMS label, i.e., "master secret", as non-approved. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1752 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: