From gnutls-devel at lists.gnutls.org Mon May 1 08:22:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 May 2023 06:22:20 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730#note_1373548425 > if (info == NULL) > return NULL; > > - if (info->username[0] != 0 I don't think this changes the behavior. Given `_gnutls_has_embedded_null` is identical to `memchr(..., '\0', ...)`, it doesn't matter where the NUL-byte actually appears, either at the beginning or in the middle. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730#note_1373548425 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 1 14:54:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 May 2023 12:54:30 +0000 Subject: [gnutls-devel] GnuTLS | Support external PSK importer (#1355) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1355#note_1373764559 This probably can be implemented in two levels of interfaces: callback-based and one-time assignment. The former is to done by adding a new `gnutls_psk_key_flags` enum value, say `GNUTLS_PSK_KEY_IMPORT` to indicate that PSK is imported, and extending `gnutls_psk_set_client_credentials_function` and `gnutls_psk_set_server_credentials_function` with a new callback function that takes `context` and `flag`, both as a return parameter. TLS 1.3 handshake state machine calls this new callback and if the returned `flag` indicates that it's an importable PSK, calculates the IPSK as defined in the RFC. This interface is, however, not so intuitive to use. Therefore, the latter interface is provided for handy, which provides the following functions: ```c int gnutls_psk_import_client_credentials(gnutls_psk_client_credentials_t res, const gnutls_datum_t *username, const gnutls_datum_t *key, const gnutls_datum_t *context); int gnutls_psk_import_server_credentials(gnutls_psk_server_credentials_t res, const gnutls_datum_t *username, const gnutls_datum_t *key, const gnutls_datum_t *context); ``` This interface is less flexible than the callback-based interface, as the CONTEXT is assigned statically. The current server API also has an interface to read PSKs from a file, but I would rather not touch it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1355#note_1373764559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 3 04:33:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 May 2023 02:33:37 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 Project:Branches: dueno/gnutls:wip/dueno/external-psk-importer to gnutls/gnutls:master Author: Daiki Ueno This adds a minimal, callback-based API to import external PSK, following RFC 9258. The client is supposed to set a callback to retrieve PSK with `gnutls_psk_set_client_credentials_function3`, with the following signature, which returns optional context and flags if requested, along with the key: ```c typedef int gnutls_psk_client_credentials_function3( gnutls_session_t, gnutls_datum_t *username, gnutls_datum_t *key, gnutls_datum_t *context, gnutls_psk_key_flags *flags); ``` On the other hand, the server sets a callback to look up PSK based on the serialized ImportedIdentity: ```c typedef int gnutls_psk_server_credentials_function3( gnutls_session_t, const gnutls_datum_t *username, gnutls_datum_t *key, gnutls_psk_key_flags *flags); ``` The server may check the serialized identity is actually known to the server, using a helper function `gnutls_psk_format_imported_identity` that serializes external identity. Fixes: #1355 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 3 22:07:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 May 2023 20:07:43 +0000 Subject: [gnutls-devel] Guile-GnuTLS | guile: Set record port write wait fd. (!10) In-Reply-To: References: Message-ID: Merge request !10 was approved by civodul Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/10 Project:Branches: cbaines/guile:record-port-write-wait-fd to gnutls/guile:master Author: Christopher Baines Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 3 22:15:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 May 2023 20:15:14 +0000 Subject: [gnutls-devel] Guile-GnuTLS | guile: Set record port write wait fd. (!10) In-Reply-To: References: Message-ID: Merge request !10 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/10 Project:Branches: cbaines/guile:record-port-write-wait-fd to gnutls/guile:master Author: Christopher Baines -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 3 22:16:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 May 2023 20:16:40 +0000 Subject: [gnutls-devel] Guile-GnuTLS | guile: Set record port write wait fd. (!10) In-Reply-To: References: Message-ID: civodul commented: https://gitlab.com/gnutls/guile/-/merge_requests/10#note_1377343211 Merged, thanks! This may well fix https://issues.guix.gnu.org/61642 actually. @jas, perhaps we should plan for a release? Would you like to take care of it? :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/10#note_1377343211 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 4 00:37:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 May 2023 22:37:43 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: Ander Juaristi and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 4 10:39:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 May 2023 08:39:52 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1377908365 @juaristi @ZoltanFridrich could you take a look when you have time? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1377908365 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 4 15:32:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 May 2023 13:32:39 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1378440676 Yes, I have seen the review request, I will take a look. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1378440676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 4 18:02:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 May 2023 16:02:50 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1378720732 I went through the code and I dont see any problems. But I think I will go through it tomorrow again and compare it with the RFC before I put a review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1378720732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 5 01:45:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 May 2023 23:45:17 +0000 Subject: [gnutls-devel] GnuTLS | Support multiple identities for TLS 1.3 PSK (#1385) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1385#note_1379142979 This also prevents provisioning imported PSKs (as in !1741) across multiple protocols and KDFs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1385#note_1379142979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 5 11:16:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 May 2023 09:16:02 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1379540898 Haven't found anything wrong. The changes look good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1379540898 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 5 11:16:08 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 May 2023 09:16:08 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: Merge request !1741 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 Project:Branches: dueno/gnutls:wip/dueno/external-psk-importer to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Ander Juaristi and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 5 11:16:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 May 2023 09:16:04 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: All discussions on merge request !1741 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 5 23:00:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 May 2023 21:00:05 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1380546133 Thanks for the review. To properly implement this, we might need rework of the current PSK support, allowing multiple PSK identities (not limited to using SHA-256 as the KDF hash algorithm, see #386 and #1385) to be advertised by the client, but let's address it in a separate MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741#note_1380546133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 5 23:00:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 May 2023 21:00:14 +0000 Subject: [gnutls-devel] GnuTLS | psk: Add basic support for RFC 9258 external PSK importer interface (!1741) In-Reply-To: References: Message-ID: Merge request !1741 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 Project:Branches: dueno/gnutls:wip/dueno/external-psk-importer to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Ander Juaristi and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri May 5 23:00:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 May 2023 21:00:17 +0000 Subject: [gnutls-devel] GnuTLS | Support external PSK importer (#1355) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1741 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1741) Issue #1355: https://gitlab.com/gnutls/gnutls/-/issues/1355 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 7 01:06:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 06 May 2023 23:06:56 +0000 Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket authentication algorithm (#1482) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.1 (Feb 10, 2023?Apr 15, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/39 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 7 04:14:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 May 2023 02:14:03 +0000 Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket authentication algorithm (#1482) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1482#note_1380868841 This turned out not so trivial, as it increases the entire key size from 64 to 80, which breaks the [assumption](https://gitlab.com/gnutls/gnutls/-/blob/0263dec937e02ab71fd9cb158fa69acf7c374481/lib/stek.c) of the key rotation logic. Perhaps we could switch the SHA3-512 usage to using SHAKE, generating 80-byte output, or repeatedly call the hash function. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482#note_1380868841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 7 14:09:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 May 2023 12:09:50 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Update CI (!11) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/11 Project:Branches: vivien_/guile:master to gnutls/guile:master Author: Vivien Kraus Would Rather Not Be On Gitlab_com There are a few problems with the CI. I propose to update gnulib, disable the indentation check on fedora 36 (indent is too recent there), and let a test fail on arch because a gnutls feature is missing. What do you think? Best regards, Vivien -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun May 7 14:11:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 May 2023 12:11:00 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Update CI (!11) In-Reply-To: References: Message-ID: Merge request !11 was closed by Vivien Kraus Would Rather Not Be On Gitlab_com Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/11 Project:Branches: vivien_/guile:master to gnutls/guile:master Author: Vivien Kraus Would Rather Not Be On Gitlab_com Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 03:22:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 01:22:00 +0000 Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket authentication algorithm (#1482) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1482#note_1381112662 @juaristi I wonder why we use the TOTP-like scheme (!695) for key rotation rather than just randomly generating a new key. Do you remember if there is any benefit using the scheme? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482#note_1381112662 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 15:46:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 13:46:11 +0000 Subject: [gnutls-devel] Guile-GnuTLS | New release: Guile-GnuTLS 3.7.12 - v3.7.12 Message-ID: A new Release v3.7.12 for Guile-GnuTLS was published. Visit the Releases page to read more about it: https://gitlab.com/gnutls/guile/-/releases Assets: - Download zip: https://gitlab.com/gnutls/guile/-/archive/v3.7.12/guile-v3.7.12.zip - Download tar.gz: https://gitlab.com/gnutls/guile/-/archive/v3.7.12/guile-v3.7.12.tar.gz - Download tar.bz2: https://gitlab.com/gnutls/guile/-/archive/v3.7.12/guile-v3.7.12.tar.bz2 - Download tar: https://gitlab.com/gnutls/guile/-/archive/v3.7.12/guile-v3.7.12.tar Release notes: https://gitlab.com/gnutls/guile/-/blob/v3.7.12/NEWS [guile-gnutls-3.7.12.tar.gz](/uploads/3fe12c208bdc6155c5116cf5eac7a2ad/guile-gnutls-3.7.12.tar.gz) [guile-gnutls-3.7.12.tar.gz.sig](/uploads/32c44f1fe8915371b3f6b03f7681c901/guile-gnutls-3.7.12.tar.gz.sig) -- View it on GitLab: https://gitlab.com/gnutls/guile/-/releases You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:02:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:02:35 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Update CI (!11) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/11#note_1381863105 Hi. Sorry I did not see this before fixing CI and making a release. Could you check that this is fixed on master, or is there anything more to do? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/11#note_1381863105 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:06:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:06:58 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Public key cryptography (!9) In-Reply-To: References: Message-ID: Reassigned merge request 9 https://gitlab.com/gnutls/guile/-/merge_requests/9 Assignee changed to civodul -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:07:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:07:27 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Public key cryptography (!9) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/9#note_1381869929 I didn't notice this until now either -- I have not tested it, but didn't find anything problematic after a quick read. I'm assigning it to Ludo' for final review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/9#note_1381869929 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:08:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:08:43 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Bind the random number generator (!8) In-Reply-To: References: Message-ID: Reassigned merge request 8 https://gitlab.com/gnutls/guile/-/merge_requests/8 Assignee changed to civodul -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:08:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:08:53 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Bind the random number generator (!8) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/8#note_1381872453 I didn't notice this until now either -- I have not tested it, but didn't find anything problematic after a quick read. I'm assigning it to Ludo' for final review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/8#note_1381872453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:10:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:10:02 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add the symmetric encryption algorithms (!7) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/7#note_1381874500 I didn't notice this until now either -- I have not tested it, but didn't find anything problematic after a quick read. I'm assigning it to Ludo' for final review. Btw, please add a license to the guile/examples/* files. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/7#note_1381874500 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:10:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:10:10 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add the symmetric encryption algorithms (!7) In-Reply-To: References: Message-ID: Reassigned merge request 7 https://gitlab.com/gnutls/guile/-/merge_requests/7 Assignee changed to civodul -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/7 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:19:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:19:49 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Update CI (!11) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/11#note_1381892856 I noticed that the repository was moving a few days ago, and I felt bad for not sharing my very bad hacks to get the CI running. When I decided to create a merge request, I noticed that you fixed it in the mean time, so I closed it immediately. The current master works fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/11#note_1381892856 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:20:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:20:04 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Update CI (!11) In-Reply-To: References: Message-ID: All discussions on merge request !11 were resolved by Vivien Kraus Would Rather Not Be On Gitlab_com https://gitlab.com/gnutls/guile/-/merge_requests/11 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 8 16:35:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 May 2023 14:35:58 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add a copyright notice for the guile examples. (!12) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/12 Project:Branches: vivien_/guile:add-copyright-notices-to-examples to gnutls/guile:master Author: Vivien Kraus Would Rather Not Be On Gitlab_com The hash and hmac examples were missing a copyright notice. @jas explained that the examples should have one, if I understand correctly: https://gitlab.com/gnutls/guile/-/merge_requests/7#note_1381874500 What?s the procedure exactly? Should I sign papers? Are the examples trivial enough so as not to warrant it? Is the license appropriate for examples? Best regards, Vivien -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/12 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 9 17:55:23 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 May 2023 15:55:23 +0000 Subject: [gnutls-devel] GnuTLS | Fix bug in the CASE2 macro that means the second function will never be called. (!1742) References: Message-ID: Jeremy Allison created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742 Project:Branches: jrasamba/gnutls:case2fix to gnutls/gnutls:master Author: Jeremy Allison Add a description of the new feature/bug fix. Reference any relevant bugs. But in existing CASE2 macro means the second function is never called as GNUTLS_SELF_TEST_FLAG_ALL is never set when CASE2 is invoked. Reviewed by Guenther Deschner gd at samba.org ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [X] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 10 05:41:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 May 2023 03:41:40 +0000 Subject: [gnutls-devel] GnuTLS | Fix bug in the CASE2 macro that means the second function will never be called. (!1742) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1384480381 The change looks good to me overall, though I wonder if the second part covers any FIPS requirement? If not, we could leave it as-is, given the path is exercised by `tests/slow/cipher-test.c`, which calls the self tests with `GNUTLS_SELF_TEST_FLAG_ALL`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1384480381 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 10 15:03:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 May 2023 13:03:34 +0000 Subject: [gnutls-devel] GnuTLS | Fix bug in the CASE2 macro that means the second function will never be called. (!1742) In-Reply-To: References: Message-ID: Jeremy Allison commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1385196395 I'm not sure if it's needed by FIPS. I was trying to track down why the test wasn't being exercised in the POST KAT test path, and realized it would never be called. It's up to you if you think this is needed for POST KAT tests or not. Gunther thought the change was needed though, and he wrote the original code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1385196395 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 10 21:36:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 May 2023 19:36:29 +0000 Subject: [gnutls-devel] GnuTLS | Fix bug in the CASE2 macro that means the second function will never be called. (!1742) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1385804094 According to FIPS 140-3 IG [10.A](https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf#page=60), the requirement seems to be to execute at least one KAT for each AES forward cipher mode. Given that exercising more test cases would cost startup time, I'm slightly leaning to skipping the second function in POST (but exercising it in the full test suite). In that case, I guess we should make it clear that CASE2 macro is organized in that way either documenting that or renaming it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1385804094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 11 02:58:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 May 2023 00:58:38 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743 Project:Branches: dueno/gnutls:wip/dueno/cfb8-post to gnutls/gnutls:master Author: Daiki Ueno It was not obvious that the second function supplied to CASE2 macro was only called when GNUTLS_SELF_TEST_FLAG_ALL is set. This splits the macro into two: the one to be required and the other to be optional. See !1742 for the context. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 11 02:59:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 May 2023 00:59:22 +0000 Subject: [gnutls-devel] GnuTLS | Fix bug in the CASE2 macro that means the second function will never be called. (!1742) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1386001505 !1743 is my attempt to make it clear. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1386001505 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 11 13:51:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 May 2023 11:51:51 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Cross-compilation of the Guile bindings (#11) In-Reply-To: References: Message-ID: Josselin Poiret commented: https://gitlab.com/gnutls/guile/-/issues/11#note_1386768149 Hi, we recently ran into this issue in Guix and we have a patch similar to the above to mitigate this. It would be great if it could be resolved upstream as well! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/11#note_1386768149 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 11 15:17:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 May 2023 13:17:00 +0000 Subject: [gnutls-devel] GnuTLS | nettle: remove files no longer used (!1744) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1744 Project:Branches: dueno/gnutls:wip/dueno/nettle-backport-cleanup to gnutls/gnutls:master Author: Daiki Ueno This removes left-over files after switching the minimal supported Nettle version to 3.6. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 11 15:31:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 May 2023 13:31:26 +0000 Subject: [gnutls-devel] GnuTLS | Enhancing Accounting Efficiency: (#1483) References: Message-ID: Shaikh Hunny created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1483 Sage Training for Efficient Accounting Introduction: In today's fast-paced business environment, managing financial data effectively is crucial for the success of any organization. As technology continues to advance, so does the need for proficient accounting software. One such powerful tool that has gained immense popularity is Sage. However, to fully harness the potential of this software, individuals need proper Sage training. In this blog post, we will explore the significance of Sage training in the accounting field and how it can enhance efficiency. Sage training empowers accountants and finance professionals with the necessary skills to navigate through the software's extensive features. By understanding the intricacies of Sage, users can streamline financial processes, automate tasks, and ensure accurate and timely reporting. This training provides a comprehensive understanding of the software's functionalities, such as creating and managing accounts, generating financial statements, and conducting audits. Mastering Advanced Features: Sage offers a wide range of advanced features that can greatly benefit accounting professionals. Through dedicated training, individuals can explore modules such as inventory management, project accounting, payroll processing, and more. Learning these advanced features enables users to handle complex financial operations with ease, resulting in improved decision-making and enhanced overall efficiency. Efficient Data Analysis: [free sage training](https://www.fctraining.org/sage-50-practice-free.php) also equips accountants with the skills to effectively analyze financial data. With the software's robust reporting capabilities, professionals can generate detailed financial reports, perform trend analysis, and gain valuable insights into business performance. This data-driven approach enables organizations to make informed decisions, identify areas of improvement, and plan for future growth. Staying Up-to-Date with Regulations: Accounting standards and regulations are subject to frequent changes. Sage training ensures that professionals are well-versed in the latest compliance requirements. By staying up-to-date with regulatory changes, accountants can maintain accurate financial records, reduce the risk of non-compliance, and avoid potential penalties. Conclusion: Sage training is an indispensable investment for accountants and finance professionals seeking to excel in their field. It offers a comprehensive understanding of the software's functionalities, enhances efficiency, and enables effective data analysis. By mastering Sage's advanced features, individuals can streamline financial processes, adapt to changing regulations, and make well-informed decisions. In an era where accurate and efficient accounting is essential for organizational success, Sage training provides the necessary skills to stay ahead of the curve. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1483 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 15 10:50:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 May 2023 08:50:34 +0000 Subject: [gnutls-devel] GnuTLS | Support ECH (#595) In-Reply-To: References: Message-ID: Ajit Singh commented: https://gitlab.com/gnutls/gnutls/-/issues/595#note_1390017163 As a contributor in the GSOC'23 program, I'll be working on this issue as my gsoc project. So, I'll be glad for having any kind of suggestions or discussions. :knife: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/595#note_1390017163 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 15 13:46:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 May 2023 11:46:14 +0000 Subject: [gnutls-devel] GnuTLS | Support ECH (#595) In-Reply-To: References: Message-ID: Hans-Christoph Steiner commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/595#note_1390322559 Ok, congrats. To start with, I can say that ECH is a large spec, but the most important parts are not so big. And those are what cover most of the usage. Specifically, you can ignore the SVCB DNS stuff entirely for now. You might even be able to get something working without implementing the HTTPS DNS service record, and have it generally useful. I think it'll be worthwhile to look at both the boringssl and the openssl implementations. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/595#note_1390322559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 15 15:44:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 May 2023 13:44:35 +0000 Subject: [gnutls-devel] GnuTLS | Support for AES-GCM-SIV (#1356) In-Reply-To: References: Message-ID: Miroslav Lichvar commented: https://gitlab.com/gnutls/gnutls/-/issues/1356#note_1390554448 AES-SIV-GCM is now available in Nettle 3.9. Thanks @dueno. Can it be added to the gnutls API? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1356#note_1390554448 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 15 19:50:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 May 2023 17:50:16 +0000 Subject: [gnutls-devel] GnuTLS | Support ECH (#595) In-Reply-To: References: Message-ID: Ajit Singh commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/595#note_1390938477 Thanks, I'll take your suggestions into consideration.:thumbsup: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/595#note_1390938477 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 17 16:09:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 May 2023 14:09:12 +0000 Subject: [gnutls-devel] GnuTLS | Error building with clang 14: the clang compiler does not support '-march=all' (#1377) In-Reply-To: References: Message-ID: Dimitri Papadopoulos Orfanos commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1394360444 Perhaps this line? [**configure.ac**](https://gitlab.com/gnutls/gnutls/-/blob/0263dec937e02ab71fd9cb158fa69acf7c374481/configure.ac#L205-L210)
Line 205 to 210 in 0263dec9 ```c # Check if the assembler supports -march=all if test "$hw_accel" = aarch64; then AARCH64_CCASFLAGS="-Wa,-march=all" AC_MSG_CHECKING([whether the compiler supports -Wa,-march=all]) : > conftest.s if "$CCAS" "$AARCH64_CCASFLAGS" -c conftest.s >/dev/null 2>&1; then ``` According to [? D114677 [AArch64] Avoid crashing on invalid -Wa,-march= values](https://reviews.llvm.org/D114677): > As reported in https://bugs.freebsd.org/260078, the gnutls Makefiles pass -Wa,-march=all to compile a number of assembly files. Clang does not support this -march value, but because of a mistake in handling the arguments, an unitialized Arg pointer is dereferenced, which can cause a segfault. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1377#note_1394360444 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 17 16:04:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 May 2023 14:04:11 +0000 Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket authentication algorithm (#1482) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1482#note_1394350288 There is a benefit for the individual tickets, as even if the attacker gets a key for a particular ticket, they can't use it to decrypt previous or future tickets. The problem is that this is not ephemeral in the same way that DHE or ECDHE is, there still is a long-term secret kept in GnuTLS memory that can be used to decrypt all tickets past and future. So yes, it's rather questionable why it's used in the first place. Using two keys (current active one, not older than 24h or so) and the previously used one would be much more secure overall, as then a heartbleed-like issue can't expose keys for tickets from few days ago: they don't exist any more. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482#note_1394350288 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu May 18 12:59:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 May 2023 10:59:17 +0000 Subject: [gnutls-devel] GnuTLS | Support for AES-GCM-SIV (#1356) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1356#note_1395842423 Yes, it is on my TODO list, but the challenge is that we need to provide a backport as long as GnuTLS keeps Nettle 3.6 as the base line. As the AES-GCM-SIV implementation relies on GHASH assembly code, it is not so trivial. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1356#note_1395842423 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 22 13:33:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 May 2023 11:33:16 +0000 Subject: [gnutls-devel] build-images | build-img.sh: fix registry login (!30) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/build-images/-/merge_requests/30 Branches: fix-registry-login to master Author: Alexander Sosedkin $CI_BUILD_TOKEN is deprecated, use $CI_REGISTRY_{USER,PASSWORD} instead -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 22 16:24:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 May 2023 14:24:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls examples don't handle short writes correctly (#1484) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1484 I see the following pattern in examples (copy-pasted from [doc/examples/ex-client-anon.c](https://gitlab.com/gnutls/gnutls/-/blob/master/doc/examples/ex-client-anon.c#L20)): ```c #define LOOP_CHECK(rval, cmd) \ do { \ rval = cmd; \ } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \ assert(rval >= 0) #define MAX_BUF 1024 #define MSG "GET / HTTP/1.0\r\n\r\n" ... LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); // no other loop, no nothing ``` If gnutls_record_send does a "short write", writing the buffer out only partially and returning less than `strlen(MSG)`, the request won't be sent in a complete form and the example would hang. The problematic short write handling holds true for other examples, say, echo server. I believe we should fix the examples to handle short writes correctly, ideally in a coordinated, uniform manner. Alternative options include: 1. Modify `gnutls_record_send` to handle short writes correctly. This sounds like it even preserves the API guarantees, but I'm not sure it won't change behaviour non-trivially when non-blocking sockets are used, say, by introducing a performance regression. 2. Implement additional, simplified version of `gnutls_record_send` that'd handle short writes transparently, possibly also `E_AGAIN`/`E_INTERRUPTED`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1484 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 22 16:26:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 May 2023 14:26:20 +0000 Subject: [gnutls-devel] GnuTLS | ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short writes (!1723) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723#note_1399953199 Raised that in a separate issue: https://gitlab.com/gnutls/gnutls/-/issues/1484 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723#note_1399953199 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 22 16:48:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 May 2023 14:48:50 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/crypto-selftests.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1400014246 > - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ > - return ret > +#define CASE(x, func, vectors) \ > + case x: \ > + CHECK(x, func, vectors) > > -#define NON_FIPS_CASE(x, func, vectors) \ > - case x: \ > - if (_gnutls_fips_mode_enabled() == 0) { \ > - ret = func(x, V(vectors), flags); \ > - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ > - return ret; \ > - } > +#define NON_FIPS_CASE(x, func, vectors) \ > + case x: \ > + if (_gnutls_fips_mode_enabled() == 0) \ No curly brackets around `CHECK`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1400014246 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 22 16:52:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 May 2023 14:52:19 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1400023149 The replacements seem a tad more clear to me, I don't see any reduction or growth in the checks that should be performed. One more comment has been left inline. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1400023149 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 22 17:32:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 May 2023 15:32:25 +0000 Subject: [gnutls-devel] build-images | build-img.sh: fix registry login (!30) In-Reply-To: References: Message-ID: Merge request !30 was merged Merge request URL: https://gitlab.com/gnutls/build-images/-/merge_requests/30 Branches: fix-registry-login to master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/-/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 23 06:39:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 May 2023 04:39:20 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/crypto-selftests.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1400914600 > - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ > - return ret > +#define CASE(x, func, vectors) \ > + case x: \ > + CHECK(x, func, vectors) > > -#define NON_FIPS_CASE(x, func, vectors) \ > - case x: \ > - if (_gnutls_fips_mode_enabled() == 0) { \ > - ret = func(x, V(vectors), flags); \ > - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ > - return ret; \ > - } > +#define NON_FIPS_CASE(x, func, vectors) \ > + case x: \ > + if (_gnutls_fips_mode_enabled() == 0) \ It's actually deliberate because otherwise a stray ";" will be inserted when writing `NON_FIPS_CASE(...);`, though the original code has this issue as well. Perhaps we could use the `do { ... } while (0)` idiom though it might be too much here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1400914600 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue May 23 12:22:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 May 2023 10:22:39 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/crypto-selftests.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1401471547 > - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ > - return ret > +#define CASE(x, func, vectors) \ > + case x: \ > + CHECK(x, func, vectors) > > -#define NON_FIPS_CASE(x, func, vectors) \ > - case x: \ > - if (_gnutls_fips_mode_enabled() == 0) { \ > - ret = func(x, V(vectors), flags); \ > - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ > - return ret; \ > - } > +#define NON_FIPS_CASE(x, func, vectors) \ > + case x: \ > + if (_gnutls_fips_mode_enabled() == 0) \ I'm not sure I understand your concern. For a self-contained macro designed to mimic a function call as closely as possible and thus aiming for one statement, stray `;` might cause problems, yes. But I'm not sure whether that matters for a macro that's meta enough to include pieces of control flow like "case" inside it. I find incorporating `do { ... } while (0)` into `CHECK` a good idea. For the current state of affairs, it is both difficult to analyze the across-macro immplications and difficult to spot that one needs to mind them in the first place. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1401471547 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 24 08:38:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 May 2023 06:38:32 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) In-Reply-To: References: Message-ID: Merge request !1743 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743 Project:Branches: dueno/gnutls:wip/dueno/cfb8-post to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed May 24 08:38:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 May 2023 06:38:37 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) In-Reply-To: References: Message-ID: All discussions on merge request !1743 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1743 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 29 08:58:45 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 May 2023 06:58:45 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1408661753 Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743#note_1408661753 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 29 08:58:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 May 2023 06:58:51 +0000 Subject: [gnutls-devel] GnuTLS | crypto-selftests: mark CFB8 block sizes tests optional (!1743) In-Reply-To: References: Message-ID: Merge request !1743 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743 Project:Branches: dueno/gnutls:wip/dueno/cfb8-post to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 29 09:04:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 May 2023 07:04:50 +0000 Subject: [gnutls-devel] GnuTLS | Fix bug in the CASE2 macro that means the second function will never be called. (!1742) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1408668449 Superseded by !1743. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742#note_1408668449 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 29 09:04:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 May 2023 07:04:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix bug in the CASE2 macro that means the second function will never be called. (!1742) In-Reply-To: References: Message-ID: Merge request !1742 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742 Project:Branches: jrasamba/gnutls:case2fix to gnutls/gnutls:master Author: Jeremy Allison Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1742 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 29 09:10:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 May 2023 07:10:42 +0000 Subject: [gnutls-devel] GnuTLS | nettle: remove files no longer used (!1744) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1744#note_1408675086 I'm merging this without approval, as it is trivial and the success of the CI means that the change is correct. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1744#note_1408675086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon May 29 09:10:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 May 2023 07:10:51 +0000 Subject: [gnutls-devel] GnuTLS | nettle: remove files no longer used (!1744) In-Reply-To: References: Message-ID: Merge request !1744 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1744 Project:Branches: dueno/gnutls:wip/dueno/nettle-backport-cleanup to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: