From gnutls-devel at lists.gnutls.org Thu Nov 2 08:55:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Nov 2023 07:55:13 +0000 Subject: [gnutls-devel] GnuTLS | Allow use of EdDSA and deterministic ECDSA (#1513) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1513 FIPS 186-5 has been published a while ago and it allows EdDSA (Ed25519 and Ed448) and deterministic ECDSA. We should makes sure that those algorithms are usable as an approved service under FIPS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 2 13:40:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Nov 2023 12:40:20 +0000 Subject: [gnutls-devel] libtasn1 | Add new test cases that represent usage of libtasn1 (!89) In-Reply-To: References: Message-ID: Ahmed Zaki commented on a discussion: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1631644688 Hi @jas, let me know if there is anything that is not clear or if you prefer to remove the `swtpm` test. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/89#note_1631644688 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 5 18:53:44 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Nov 2023 17:53:44 +0000 Subject: [gnutls-devel] GnuTLS | lib: Use correct transport getting error number (!1790) References: Message-ID: Frediano Ziglio created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790 Project:Branches: freddy77/gnutls:fix_errno to gnutls/gnutls:master Author: Frediano Ziglio * lib: Use correct transport getting error number For write we need to use transport_send_ptr, not transport_recv_ptr. I didn't have time to test it at the moment but code looks wrong. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 6 07:53:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Nov 2023 06:53:56 +0000 Subject: [gnutls-devel] GnuTLS | lib: Use correct transport getting error number (!1790) In-Reply-To: References: Message-ID: Merge request !1790 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790 Project:Branches: freddy77/gnutls:fix_errno to gnutls/gnutls:master Author: Frediano Ziglio Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 6 07:53:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Nov 2023 06:53:54 +0000 Subject: [gnutls-devel] GnuTLS | lib: Use correct transport getting error number (!1790) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790#note_1634972914 Thank you; looks sensible to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790#note_1634972914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 6 11:55:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Nov 2023 10:55:57 +0000 Subject: [gnutls-devel] GnuTLS | handshake.c: Fixed a missing goto statement (!1791) References: Message-ID: Ajit Singh created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791 Project:Branches: peonix/gnutls:fix123 to gnutls/gnutls:master Author: Ajit Singh * handshake.c: Fixed a missing goto statement Signed-off-by: Ajit Singh ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 6 14:48:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Nov 2023 13:48:50 +0000 Subject: [gnutls-devel] GnuTLS | handshake.c: Fixed a missing goto statement (!1791) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791#note_1635578704 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791#note_1635578704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 6 14:48:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Nov 2023 13:48:55 +0000 Subject: [gnutls-devel] GnuTLS | handshake.c: Fixed a missing goto statement (!1791) In-Reply-To: References: Message-ID: Merge request !1791 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791 Project:Branches: peonix/gnutls:fix123 to gnutls/gnutls:master Author: Ajit Singh Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 6 14:49:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Nov 2023 13:49:24 +0000 Subject: [gnutls-devel] GnuTLS | lib: Use correct transport getting error number (!1790) In-Reply-To: References: Message-ID: Merge request !1790 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790 Project:Branches: freddy77/gnutls:fix_errno to gnutls/gnutls:master Author: Frediano Ziglio -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 6 14:49:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Nov 2023 13:49:38 +0000 Subject: [gnutls-devel] GnuTLS | handshake.c: Fixed a missing goto statement (!1791) In-Reply-To: References: Message-ID: Merge request !1791 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791 Project:Branches: peonix/gnutls:fix123 to gnutls/gnutls:master Author: Ajit Singh -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 7 04:14:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Nov 2023 03:14:17 +0000 Subject: [gnutls-devel] GnuTLS | lib: Use correct transport getting error number (!1790) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.2 (Aug 5, 2023?Oct 30, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/40 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 7 04:14:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Nov 2023 03:14:28 +0000 Subject: [gnutls-devel] GnuTLS | handshake.c: Fixed a missing goto statement (!1791) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.2 (Aug 5, 2023?Oct 30, 2023) ( https://gitlab.com/gnutls/gnutls/-/milestones/40 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1791 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 9 05:39:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Nov 2023 04:39:19 +0000 Subject: [gnutls-devel] GnuTLS | cli: fix --ca-auto-retrieve crash when no caIssuer is present in AIA (!1792) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792 Project:Branches: dueno/gnutls:wip/dueno/cli-aia-fixes to gnutls/gnutls:master Author: Daiki Ueno Previously, when caIssuer URI is not present in the certificate's AIA extension, the callback successfully returned 0, but didn't initialize the output arguments, resulting in a segmentation fault in the caller. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 10 08:00:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Nov 2023 07:00:00 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check the Linux kernel version at run time (!1793) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 Project:Branches: dueno/gnutls:wip/dueno/ktls-utsname to gnutls/gnutls:master Author: Daiki Ueno When a GnuTLS application runs in a container guest and the host kernel is older than expected, it fails at initializing KTLS. This adds a check at run time, using uname. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 10 12:35:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Nov 2023 11:35:03 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793#note_1642845893 LGTM, do we want to make the same for FreeBSD? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793#note_1642845893 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 10 12:35:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Nov 2023 11:35:07 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: Franti?ek Kren?elok was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 10 12:35:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Nov 2023 11:35:36 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: Merge request !1793 was approved by Franti?ek Kren?elok Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 Project:Branches: dueno/gnutls:wip/dueno/ktls-utsname to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Franti?ek Kren?elok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 12 22:49:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Nov 2023 21:49:55 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793#note_1645011154 I'm actually not sure; @zyongye do you know of any run time information we can use on FreeBSD? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793#note_1645011154 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 14 21:26:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Nov 2023 20:26:10 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli, gnutls-serv: "Channel binding error: The request is invalid" when TLS 1.3 is negotiated (#1350) In-Reply-To: References: Message-ID: Neustradamus commented: https://gitlab.com/gnutls/gnutls/-/issues/1350#note_1648816694 To follow. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1350#note_1648816694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 14 21:26:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Nov 2023 20:26:16 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli, gnutls-serv: print supported channel binding (!1578) In-Reply-To: References: Message-ID: Neustradamus commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1578#note_1648816790 To follow. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1578#note_1648816790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 14 21:49:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Nov 2023 20:49:20 +0000 Subject: [gnutls-devel] GnuTLS | ktls: check Linux kernel version at run time (!1793) In-Reply-To: References: Message-ID: Yongye Zhu commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793#note_1648849253 Yes. The interface is similar. I will follow up to create a patch like this! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1793#note_1648849253 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 09:24:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 08:24:47 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.2 (!1787) In-Reply-To: References: Message-ID: Merge request !1787 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1787 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 14:48:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 13:48:09 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.2 release (!8) In-Reply-To: References: Message-ID: Reassigned merge request 8 https://gitlab.com/gnutls/web-pages/-/merge_requests/8 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 14:48:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 13:48:11 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.2 release (!8) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 14:58:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 13:58:09 +0000 Subject: [gnutls-devel] web-pages | Link GNUTLS-SA-2022-07-07 to CVE-2022-2509 (!9) In-Reply-To: References: Message-ID: Merge request !9 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/9 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel2 to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 14:58:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 13:58:12 +0000 Subject: [gnutls-devel] web-pages | GNUTLS-SA-2022-07-07 should link to CVE-2022-2509 (#5) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !9 (https://gitlab.com/gnutls/web-pages/-/merge_requests/9) Issue #5: https://gitlab.com/gnutls/web-pages/-/issues/5 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 14:57:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 13:57:18 +0000 Subject: [gnutls-devel] web-pages | Link GNUTLS-SA-2022-07-07 to CVE-2022-2509 (!9) In-Reply-To: References: Message-ID: Reassigned merge request 9 https://gitlab.com/gnutls/web-pages/-/merge_requests/9 Assignee changed to Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 14:48:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 13:48:12 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.2 release (!8) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/8 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 14:57:21 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 13:57:21 +0000 Subject: [gnutls-devel] web-pages | Link GNUTLS-SA-2022-07-07 to CVE-2022-2509 (!9) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/9 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel2 to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/9 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 15:06:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 14:06:18 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.2 release (!8) In-Reply-To: References: Message-ID: Merge request !8 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/8 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 15 15:06:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Nov 2023 14:06:52 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.2 release (!8) In-Reply-To: References: Message-ID: Merge request !8 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/8 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 16 09:50:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Nov 2023 08:50:15 +0000 Subject: [gnutls-devel] GnuTLS | Allow use of EdDSA and deterministic ECDSA in FIPS mode (#1513) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1513#note_1651226799 /packit propose-downstream -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1513#note_1651226799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 16 10:08:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Nov 2023 09:08:16 +0000 Subject: [gnutls-devel] GnuTLS | memleak in wrap_nettle_mpi_init (#1328) In-Reply-To: References: Message-ID: xuraoqing commented: https://gitlab.com/gnutls/gnutls/-/issues/1328#note_1651254565 It seems that the issue is caused by the fuzz test code itself. When a connection is set up between the client and server, security_parameters.pversion is changed to TLS1.2, and then restored to TLS1.3 in _gnutls_parse_hello_extensions in line 709 of handshake.c. In this case, the data received by fuzzing is 0303, which cannot be parsed by the interface. The protocol is not restored to TLS1.3. The program uses the processing logic of TLS1.2. After data such as session->key.proto.tls12.dh.params is allocated, gnutls_handshake returns a failure value. Run the gnutls_handshake command again. After the gnutls_handshake command is executed again, the protocol is changed to TLS1.3. When the gnutls_deinit command is executed to release memory, the TLS1.3 protocol is checked and the tls12.dh.params data is not released. As a result, memory leakage occurs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1328#note_1651254565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 16 14:55:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Nov 2023 13:55:15 +0000 Subject: [gnutls-devel] GnuTLS | Testsuite does not handle TLS 1.0 and 1.1 being disabled through config file (#1514) References: Message-ID: adrien created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1514 With gnutls 3.8.1, a few tests fail when the gnutls configuration file contains overrides like "disabled-version = tls1.0". - tests/cert-tests/dsa.sh: IIRC gnutls-serv can start but then fail for every connection when no other TLS version is available - tests/cipher-listings.sh: SSL3.0-TLS1.1 (didn't try the other branch in the code), TLS1.0 and TLS1.1 tests expect TLS 1.0 and 1.1 to be present on the "Protocols:" line These issues arise with a non-standard configuration file. Is testing with a non-standard configuration meant to be supported? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1514 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 17 03:14:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Nov 2023 02:14:27 +0000 Subject: [gnutls-devel] GnuTLS | Testsuite does not handle TLS 1.0 and 1.1 being disabled through config file (#1514) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1514#note_1653035912 How do you run those tests? > Is testing with a non-standard configuration meant to be supported? I would say no; the tests should be self-contained and shouldn't even look at the system configuration. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1514#note_1653035912 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 17 04:31:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Nov 2023 03:31:47 +0000 Subject: [gnutls-devel] web-pages | GnuTLS 3.8.2 signed with expired key (#6) References: Message-ID: Sam James created an issue: https://gitlab.com/gnutls/web-pages/-/issues/6 ``` * Verifying gnutls-3.8.2.tar.xz ... ERROR OpenPGP verification failed for <_io.BufferedReader name='/var/tmp/portage/net-libs/gnutls-3.8.2/distdir/gnutls-3.8.2.tar.xz'> (sig in /var/tmp/portage/net-libs/gnutls-3.8.2/distdir/gnutls-3.8.2.tar.xz.sig): OpenPGP signature rejected because of expired key: gpg: Signature made Wed 15 Nov 2023 10:26:19 UTC gpg: using EDDSA key 5D46CB0F763405A7053556F47A75A648B3F9220C gpg: Good signature from "Zoltan Fridrich " [ultimate] gpg: Signature made Wed 15 Nov 2023 11:34:59 UTC gpg: using RSA key 462225C3B46F34879FC8496CD605848ED7E69871 gpg: Good signature from "Daiki Ueno " [expired] gpg: aka "Daiki Ueno " [expired] gpg: Note: This key has expired! Primary key fingerprint: 4622 25C3 B46F 3487 9FC8 496C D605 848E D7E6 9871 ``` This is with the latest copy of https://gnutls.org/gnutls-release-keyring.gpg. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 17 04:31:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Nov 2023 03:31:57 +0000 Subject: [gnutls-devel] web-pages | GnuTLS 3.8.2 signed with expired key (#6) In-Reply-To: References: Message-ID: Sam James commented: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1653137867 cc @dueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1653137867 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 17 17:37:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Nov 2023 16:37:32 +0000 Subject: [gnutls-devel] GnuTLS | Testsuite does not handle TLS 1.0 and 1.1 being disabled through config file (#1514) In-Reply-To: References: Message-ID: adrien commented: https://gitlab.com/gnutls/gnutls/-/issues/1514#note_1654442897 Hmm, right, I didn't do my homework properly and didn't check but this issue is not present if you rely on "make check" since the env vars are properly set. Sorry for the noise. I should also have given more context. This is in the Debian/Ubuntu package: unfortunately, since the test environment is defined in a Makefile.am file, it's not accessible without running configure which makes it difficult to integrate. However I think I see a way since tests/Makefile.am is almost compatible with make. Anyway, I think this is getting too far from the upstream code and approach and it seems unlikely you change the testsuite so it can be called outside of a configured and built tree since that would be quite a lot of work. I'll close this. Sorry again for the noise. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1514#note_1654442897 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 17 17:37:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Nov 2023 16:37:31 +0000 Subject: [gnutls-devel] GnuTLS | Testsuite does not handle TLS 1.0 and 1.1 being disabled through config file (#1514) In-Reply-To: References: Message-ID: Issue was closed by adrien Issue #1514: https://gitlab.com/gnutls/gnutls/-/issues/1514 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1514 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 17 20:57:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Nov 2023 19:57:04 +0000 Subject: [gnutls-devel] web-pages | GnuTLS 3.8.2 signed with expired key (#6) In-Reply-To: References: Message-ID: Daniel Kahn Gillmor commented: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1654957449 Here is a potential replacement, containing the merged, minimized OpenPGP certificates of Tim, Daiki, Zoltan, and Alexander: [gnutls-release-keyring.gpg](/uploads/8b1ce5fae4faa4c8328083c45cd853ad/gnutls-release-keyring.gpg) I note that Tim's certificate (1CB27DBC98614B2D5841646D08302DB6A2670428) appears to be actually expired. I also recommend renaming the file to be named `gnutls-release-keyring.pgp` (and include an HTTP 301 redirect from the `?.gpg` file to its new `?.pgp` name, since it is in OpenPGP format, and GnuPG is not the only OpenPGP implementation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1654957449 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 26 02:29:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Nov 2023 01:29:32 +0000 Subject: [gnutls-devel] web-pages | GnuTLS 3.8.2 signed with expired key (#6) In-Reply-To: References: Message-ID: Sam James commented: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1666593074 cc @ZoltanFridrich @asosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/issues/6#note_1666593074 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 27 13:21:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Nov 2023 12:21:07 +0000 Subject: [gnutls-devel] GnuTLS | specify osstatus_error takes in an OSStatus as its first argument (!1794) References: Message-ID: Mark Harfouche created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794 Project:Branches: markharfouche/gnutls:markharfouche-master-patch-88279 to gnutls/gnutls:master Author: Mark Harfouche With LLVM16 the following error is generated: ``` system/certs.c:292:12: warning: a function definition without a prototype is deprecated in all versions of C and is not supported in C2x [-Wdeprecated-non-prototype] static int osstatus_error(status) ``` * specify osstatus_error takes in an OSStatus as its first argument ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 27 13:29:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Nov 2023 12:29:41 +0000 Subject: [gnutls-devel] GnuTLS | specify osstatus_error takes in an OSStatus as its first argument (!1794) In-Reply-To: References: Message-ID: Mark Harfouche commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794#note_1667814383 I used the gitlab interface to make this one line change :/ not quite understanding the failure -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794#note_1667814383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 27 22:46:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Nov 2023 21:46:06 +0000 Subject: [gnutls-devel] GnuTLS | specify osstatus_error takes in an OSStatus as its first argument (!1794) In-Reply-To: References: Message-ID: Merge request !1794 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794 Project:Branches: markharfouche/gnutls:markharfouche-master-patch-88279 to gnutls/gnutls:master Author: Mark Harfouche Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 27 22:50:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Nov 2023 21:50:14 +0000 Subject: [gnutls-devel] GnuTLS | specify osstatus_error takes in an OSStatus as its first argument (!1794) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794#note_1668709627 Thank you for the merge request; as for the CI failure, the commit message needs to include a "Signed-off-by:" line matching your email address used for authoring it. Usually you could do that with: `git commit --amend --signoff`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794#note_1668709627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 28 13:13:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Nov 2023 12:13:11 +0000 Subject: [gnutls-devel] GnuTLS | specify osstatus_error takes in an OSStatus as its first argument (!1794) In-Reply-To: References: Message-ID: Merge request !1794 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794 Project:Branches: markharfouche/gnutls:markharfouche-master-patch-88279 to gnutls/gnutls:master Author: Mark Harfouche Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 28 14:38:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Nov 2023 13:38:01 +0000 Subject: [gnutls-devel] GnuTLS | specify osstatus_error takes in an OSStatus as its first argument (!1794) In-Reply-To: References: Message-ID: Merge request !1794 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794 Project:Branches: markharfouche/gnutls:markharfouche-master-patch-88279 to gnutls/gnutls:master Author: Mark Harfouche -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 29 10:04:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Nov 2023 09:04:33 +0000 Subject: [gnutls-devel] GnuTLS | Regression in certtool handling Ed25519 keys from PKCS#11 in 3.8.2 (#1515) References: Message-ID: Jakub Jelen created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1515 ## Description of problem: This works fine with 3.8.1, but stopped working with macos updating the gnutls package. Reproducible also in Fedora rawhide Logs: https://github.com/latchset/pkcs11-provider/actions/runs/7029081189/job/19126109458?pr=309 ## Version of gnutls used: 3.8.2 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora/Brew ## How reproducible: deterministic, with Fedora rawhide in podman container Steps to Reproduce: ``` podman run -ti fedora:rawhide # in container dnf install -y softhsm opensc p11-kit-devel p11-kit-server gnutls-utils PINVALUE="12345678" TOKDIR="tokens" mkdir ${TOKDIR} cat >"$TMPPDIR/softhsm.conf" <> ${TMPPDIR}/cert.cfg <| p11: Initializing module: /usr/lib64/pkcs11/libsofthsm2.so Generating a self signed certificate... |<2>| p11: Login result = ok (0) |<3>| ASSERT: ../../../lib/x509/key_decode.c[_gnutls_x509_read_ecc_params]:257 |<2>| Cannot determine PKCS #11 key algorithm |<3>| ASSERT: ../../lib/privkey.c[_gnutls_privkey_import_pkcs11_url]:607 error importing key at pkcs11:object=edCert;type=private: The specified algorithm or protocol is unknown. ``` ## Expected results: The Ed25519 key is imported and self-signed certificate is created -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 29 11:40:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Nov 2023 10:40:24 +0000 Subject: [gnutls-devel] GnuTLS | Regression in certtool handling Ed25519 keys from PKCS#11 in 3.8.2 (#1515) In-Reply-To: References: Message-ID: Jakub Jelen commented: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1671339452 @dueno pointed out this will likely be a regression from !1779. I see that the asn1 parsing in `_gnutls_x509_read_ecc_params` expects the EC_PARAMS to be a `namedCurve` (OID), which is not the case for the Ed25519 keys, which present `curveName` as a `printableString`, so I think we need to use different ASN1 structure to parse PKCS#11 parameters for EdDSA. There is already `pkcs-11-ec-Parameters` (used in other places where eddsa parameters are parsed), which should do, but I am not completely sure what all side effects will come out of this if we will change this in this particular place. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1671339452 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 30 08:32:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Nov 2023 07:32:36 +0000 Subject: [gnutls-devel] GnuTLS | Regression in certtool handling Ed25519 keys from PKCS#11 in 3.8.2 (#1515) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1672872744 OK, so I guess we should use `gnutls_pubkey_parse_ecc_eddsa_params` instead of `_gnutls_x509_read_ecc_params` in `key_type_to_pk` in lib/pkcs11_privkey.c. Would you like to work on it, as it seems you have added that function :-) ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1672872744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 30 13:58:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Nov 2023 12:58:05 +0000 Subject: [gnutls-devel] GnuTLS | Regression in certtool handling Ed25519 keys from PKCS#11 in 3.8.2 (#1515) In-Reply-To: References: Message-ID: Jakub Jelen commented: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1673502515 I have a preliminary patch in https://gitlab.com/jjelen/gnutls/-/commits/eddsa-fix Sounds like this was not caught by the tests because the tests use only the keys that are generated by gnutls that have the OIDs. Not sure what would be the best way to test this with the curve names (probably generate the keys on softhsm using different tool? -- we use `pkcs11-tool`). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1673502515 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 30 14:00:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Nov 2023 13:00:59 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: Unbreak importing EdDSA keys with curve name in parameters (!1795) References: Message-ID: Jakub Jelen created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 Project:Branches: jjelen/gnutls:eddsa-fix to gnutls/gnutls:master Author: Jakub Jelen * pkcs11: Unbreak importing EdDSA keys with curve name in parameters outstanding question is testing (which would require the eddsa keys to be generated by different tool, for example pkcs11-tool. I an probably plug something together later. Fixes: #1515 Signed-off-by: Jakub Jelen ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: