From gnutls-devel at lists.gnutls.org Mon Jul 1 07:31:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Jul 2024 05:31:16 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using dlwrap for loading compression libraries (!1847) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 07:31:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Jul 2024 05:31:20 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using dlwrap for loading compression libraries (!1847) In-Reply-To: References: Message-ID: Reassigned merge request 1847 https://gitlab.com/gnutls/gnutls/-/merge_requests/1847 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 1 15:09:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Jul 2024 13:09:58 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using dlwrap for loading compression libraries (!1847) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847#note_1976589778 Nice MR. I think I understand the patch and I haven't found any mistakes. Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847#note_1976589778 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 08:56:59 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 06:56:59 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using dlwrap for loading compression libraries (!1847) In-Reply-To: References: Message-ID: Merge request !1847 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847 Project:Branches: dueno/gnutls:wip/dueno/compress-dlwrap to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 08:59:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 06:59:21 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using dlwrap for loading compression libraries (!1847) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847#note_1977993540 >From looking at the CI it looks like the compress-cert tests are still being skipped. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847#note_1977993540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 13:57:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 11:57:26 +0000 Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket authentication algorithm (#1482) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 15:58:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 13:58:53 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.6 release (!11) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/abi-dump/-/merge_requests/11 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 15:58:51 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 13:58:51 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.6 release (!11) In-Reply-To: References: Message-ID: Reassigned merge request 11 https://gitlab.com/gnutls/abi-dump/-/merge_requests/11 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 15:59:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 13:59:25 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.6 release (!11) In-Reply-To: References: Message-ID: Merge request !11 was merged Merge request URL: https://gitlab.com/gnutls/abi-dump/-/merge_requests/11 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 16:05:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 14:05:08 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.6 (!1848) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Signed-off-by: Zoltan Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 16:05:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 14:05:11 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.6 (!1848) In-Reply-To: References: Message-ID: Reassigned merge request 1848 https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 16:05:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 14:05:11 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.6 (!1848) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 2 17:49:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Jul 2024 15:49:57 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.6 (!1848) In-Reply-To: References: Message-ID: Merge request !1848 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 3 10:51:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Jul 2024 08:51:09 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.6 (!1848) In-Reply-To: References: Message-ID: Merge request !1848 was set to auto-merge by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 3 10:55:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Jul 2024 08:55:40 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.6 (!1848) In-Reply-To: References: Message-ID: Merge request !1848 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 3 14:05:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Jul 2024 12:05:16 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.6 release (!14) In-Reply-To: References: Message-ID: Reassigned merge request 14 https://gitlab.com/gnutls/web-pages/-/merge_requests/14 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 3 14:05:56 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Jul 2024 12:05:56 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.6 release (!14) In-Reply-To: References: Message-ID: Merge request !14 was set to auto-merge by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/web-pages/-/merge_requests/14 Project:Branches: ZoltanFridrich/gnutls-web-pages:master to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 3 14:05:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Jul 2024 12:05:18 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.6 release (!14) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/14 Project:Branches: ZoltanFridrich/gnutls-web-pages:master to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 3 14:34:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Jul 2024 12:34:06 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.6 release (!14) In-Reply-To: References: Message-ID: Merge request !14 was set to auto-merge by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/web-pages/-/merge_requests/14 Project:Branches: ZoltanFridrich/gnutls-web-pages:master to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 3 16:25:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Jul 2024 14:25:41 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.6 release (!14) In-Reply-To: References: Message-ID: Merge request !14 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/14 Project:Branches: ZoltanFridrich/gnutls-web-pages:master to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 09:01:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Jul 2024 07:01:39 +0000 Subject: [gnutls-devel] cligen | Allow to override build date with SOURCE_DATE_EPOCH (!5) References: Message-ID: Bernhard M_ Wiedemann created a merge request: https://gitlab.com/gnutls/cligen/-/merge_requests/5 Project:Branches: bmwiedemann/cligen:date to gnutls/cligen:main Author: Bernhard M_ Wiedemann Allow to override build date with `SOURCE_DATE_EPOCH` to make builds reproducible. See https://reproducible-builds.org/ for why this is good and https://reproducible-builds.org/specs/source-date-epoch/ for the definition of this variable. Also use UTC/`gmtime` to be independent of timezone. Without this patch, build results had such a diff: ```diff --- zcat RPMS.1/usr/share/man/man1/gnutls-cli.1.gz +++ zcat RPMS.2/usr/share/man/man1/gnutls-cli.1.gz [...] -.TH gnutls-cli 1 "18 Feb 2023" "3.7.9" "User Commands" +.TH gnutls-cli 1 "26 Mar 2024" "3.7.9" "User Commands" ``` This patch was done while working on reproducible builds for openSUSE, sponsored by the NLnet NGI0 fund. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 18:47:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Jul 2024 16:47:09 +0000 Subject: [gnutls-devel] GnuTLS | PBMAC1 tests suggestion: mac extension/truncation (#1559) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1559 It has been suggested by @tomato42 to extend the set of PBMAC1 test vectors with two malformed files that should be rejected, based on a valid test vector with one of each following modifications applied: for an otherwise valid and self-consistent PBMAC1 structure, the resulting MAC value (PFX.macData.mac.digest, see RFC 7292 4. and RFC 2315 9.4) is a. extended from the correctly computed value b. truncated from the correctly computed value -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 4 19:03:22 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Jul 2024 17:03:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hash_output tests suggestion: test the digest=NULL invocation scenario (#1560) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1560 https://gitlab.com/gnutls/gnutls/-/merge_requests/1841's eced4c0c has introduced an extension of the public API: invoking gnutls_hash_output with digest=NULL in order to reset the hash context. This has been documented, but it would also be nice to have direct test coverage for this bit of functionality to avoid regressions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1560 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 5 01:14:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Jul 2024 23:14:50 +0000 Subject: [gnutls-devel] GnuTLS | Provide a configure option to compile out DSA (#1561) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1561 Assignee: Zolt?n Fridrich DSA is becoming less relevant these days as it retains only for verification purposes in [FIPS 186-5](https://www.nist.gov/news-events/news/2023/02/nist-revises-digital-signature-standard-dss-and-publishes-guideline). We should have a configure option to disable it at build time for smaller footprint and attack surfaces. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1561 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 5 01:15:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Jul 2024 23:15:27 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hash_output tests suggestion: test the digest=NULL invocation scenario (#1560) In-Reply-To: References: Message-ID: Reassigned Issue 1560 https://gitlab.com/gnutls/gnutls/-/issues/1560 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1560 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 7 10:35:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Jul 2024 08:35:31 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using dlwrap for loading compression libraries (!1847) In-Reply-To: References: Message-ID: Merge request !1847 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847 Project:Branches: dueno/gnutls:wip/dueno/compress-dlwrap to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 7 10:47:42 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Jul 2024 08:47:42 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using dlwrap for loading compression libraries (!1847) In-Reply-To: References: Message-ID: Merge request !1847 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847 Project:Branches: dueno/gnutls:wip/dueno/compress-dlwrap to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 7 11:13:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 07 Jul 2024 09:13:26 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli - incomplete DANE support (#557) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/issues/557#note_1986670629 Picking this up again. I think something's broken here, it might have happened since I submitted this. I just cannot get Certificate usage=2 (DANE-TA Trust anchor assertion) to work at all on 3.8.5: Running `gnutls-cli -V --no-ca-verification --dane --starttls-proto=smtp lists.gentoo.org` ends with: ``` *** DANE verification error: The requested data are not available. *** Fatal error: Error in the certificate. ``` Afaict the setup is correct: ``` - Got a certificate list of 3 certificates. - Certificate[0] info: [...] Issuer: CN=R11,O=Let's Encrypt,C=US [...] Subject: CN=lists.gentoo.org [...] - Certificate[1] info: [...] Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US Validity: [...] Subject: CN=R11,O=Let's Encrypt,C=US [...] Public Key ID: sha1:4b7c1c92dee1c036cb2cc3cbfab7b529a8447c3d sha256:6ddac18698f7f1f7e1c69b9bce420d974ac6f94ca8b2c761701623f99c767dc7 [...] - Certificate[2] info: [...] Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US [...] Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US ``` And ``` ametzler at argenau:~$ host -t tlsa _25._tcp.lists.gentoo.org _25._tcp.lists.gentoo.org is an alias for postfix-tlsa.pigeon.gentoo.org. postfix-tlsa.pigeon.gentoo.org is an alias for generic-letsencrypt.tlsa.gentoo.org. [multiple records for generic-letsencrypt.tlsa.gentoo.org] generic-letsencrypt.tlsa.gentoo.org has TLSA record 2 1 1 6DDAC18698F7F1F7E1C69B9BCE420D974AC6F94CA8B2C761701623F9 9C767DC7 ``` i.e. the sha256 hash matches the one of certificate[1]. Whats up with **The requested data are not available.**? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/557#note_1986670629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 03:50:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Jul 2024 01:50:41 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !1842 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 03:55:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Jul 2024 01:55:48 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1986864313 I think this is in the reviewable state, though the support is intentionally "hidden" from the production use: - liboqs support is off by default - When liboqs is enabled, it is dynamically loaded through dlopen - When liboqs is enabled, any usage of lower-level cryptography in liboqs is replaced with GnuTLS based implementation - The algorithm identifiers are prefixed with "_EXP_", e.g., GNUTLS_PK_EXP_KYBER768 and GNUTLS_GROUP_EXP_X25519_KYBER768, and assigned a vendor specific codepoint outside the normal range, e.g., 0 .. GNUTLS_{PK,GROUP}_MAX -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1986864313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 03:56:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Jul 2024 01:56:18 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 8 03:56:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Jul 2024 01:56:20 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Reassigned merge request 1842 https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 12:37:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Jul 2024 10:37:21 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) References: Message-ID: adrien created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849 Project:Branches: adrien-n/gnutls:includes-in-configuration to gnutls/gnutls:master Author: adrien This extends the configuration with "include" directives: ``` [includes] file-required = /etc/foo file-optional = /etc/bar ``` I'm marking this as a draft because I think this requires discussion first. Solves #1300 AFAIU. I see this is as basically introducing a new API and there are all the same questions: - is it needed? - is it enough? - is it not too much? - is the approach good? - is the structure appropriate? - are the names appropriate? ## Needed I think there is a need, especially for distributions. ## Enough I initially wanted to support directories of files to include but I'm not sure there is actually a use for that. The gnutls configuration is not that big. Moreover, it is unclear that would be immediately needed. ## Not too much File includes is the minimum but are two keys required? I think included files have to exist: it should be an error otherwise. As for the optional includes, I have to admit I'm using that as a ersatz for directories; this makes it possible for distros to offer a file for user customization. ## Approach I first wanted to mirror the current configuration location at build-time. That was much more involved however. There would also have been two locations for configuration and no rule as to which one would take precedence. Re-using the same location but making it a directory maybe would also have been confusing. ## Structure I'm not entirely happy about how the configuration file becomes structured but it's explicit for users and easy to implement. ## Names Not completely happy about that either. I'm open to changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 14:20:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Jul 2024 12:20:03 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_1989917116 So, for distributions, we actually don't want to modify the main configuration file at all: as that is detected by tools like `rpm` or `dpkg` and they'll complain about it. What would be more useful is the ability to point a directory (like `/etc/gnutls.conf.d/`) and make gnutls load all the config files from it. Then applications (packages) can just drop their configuration into that directory and have the system automatically load it, all without modifying the main config file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_1989917116 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 9 17:49:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Jul 2024 15:49:57 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) In-Reply-To: References: Message-ID: adrien commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_1990397829 @tomato42 My goal is also to avoid having change the main file: with the above, distros would "include" the tool-managed file from the main config file but not package it. I think the implementation for a whole directory could be pretty similar to this one; listing a directory in memory or in the configuration file are two ways to do the same thing. There is an issue with the global section however as it could appear in an included file and it's supposed to be parsed first. We could use ini_parse_stream to feed all files at once. There would be some inefficiencies in opening and closing files silently twice in the callback but that sounds very minor for an uncommon operation which will involve a few files only. So far, my main concern with introducing a directory is its location. I don't feel like creating something out of the blue and adding new build-time and runtime variables. What about the following? - Use the directory at GNUTLS_SYSTEM_PRIORITY_FILE + ".d"; on Debian and Ubuntu, that would be /etc/gnutls/config.d which I find pretty good. - From a parsing point-of-view, read files in one go through ini_parse_stream as outlined above; these files could contain the same lines as the current configuration but spread over several files - List files in alphabetical order. - Don't add specific variable/directive to include other files. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_1990397829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 11:30:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Jul 2024 09:30:20 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_1992526297 I think directory name should be left up to distributions: if a compilation variable is in use, then use that, if not, don't use anything (unless some env variable is set?) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_1992526297 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 12:29:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Jul 2024 10:29:25 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich DSA is enabled by default Closes #1561 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 12:29:22 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Jul 2024 10:29:22 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Reassigned merge request 1850 https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 10 13:29:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Jul 2024 11:29:47 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_1992801545 Just a side note, we could use file [globs](https://pubs.opengroup.org/onlinepubs/009695399/functions/glob.html) to support both a single file or files under a directory in a unified manner, e.g., `file-required = /etc/foo` vs `file-required = /etc/foo/*.conf`. The Gnulib [glob](https://www.gnu.org/software/gnulib/MODULES.html#module=glob) module can be used for that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_1992801545 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 14:10:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Jul 2024 12:10:55 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1994959783 Looks good, except for the one thing I have found. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1994959783 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 11 14:10:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Jul 2024 12:10:55 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on lib/liboqs/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1994959752 > +# Copyright (C) 2004-2012 Free Software Foundation, Inc. > +# > +# Author: Nikos Mavroyanopoulos typo in the name -- Zolt?n Fridrich started a new discussion on lib/liboqs/sha3.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1994959769 > + int ret; > + > + ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHA3_256); The function name says sha3_512 but its inited with GNUTLS_DIG_SHA3_256. Is this correct? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 13:15:42 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Jul 2024 11:15:42 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/liboqs/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1996733134 > +## Process this file with automake to produce Makefile.in > +# Copyright (C) 2004-2012 Free Software Foundation, Inc. > +# > +# Author: Nikos Mavroyanopoulos Actually, this file was just copied from `lib/nettle/Makefile.am`, so I wonder if this spelling is also correct; need to confirm with @nmav. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1996733134 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 13:19:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Jul 2024 11:19:09 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/liboqs/sha3.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1996741231 > + > +/* SHA3-512 */ > + > +static void SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen) > +{ > + gnutls_hash_fast(GNUTLS_DIG_SHA3_512, input, inplen, output); > +} > + > +/* SHA3-512 incremental */ > + > +static void SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) > +{ > + gnutls_hash_hd_t hd; > + int ret; > + > + ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHA3_256); Good catch, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1996741231 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 13:20:13 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Jul 2024 11:20:13 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1996743524 Note that this requires https://github.com/open-quantum-safe/liboqs/pull/1832 for proper integration (i.e., waiting for liboqs 0.10.2 release). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1996743524 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 13:27:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Jul 2024 11:27:11 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/client_dsa_key.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_1996755999 > #include "config.h" > #endif > > -#include > #include > + > +#if !ENABLE_DSA I fail to see `AC_DEFINE` for `ENABLE_DSA`, which is required for this to work (also if it is defined conditionally, this should use `#ifdef` instead of `#if` to avoid `-Wundef` warning). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_1996755999 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 12 17:04:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Jul 2024 15:04:06 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/liboqs/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1997103670 > +## Process this file with automake to produce Makefile.in > +# Copyright (C) 2004-2012 Free Software Foundation, Inc. > +# > +# Author: Nikos Mavroyanopoulos That must be a very old contribution of mine, it's been some time since I've used this spelling. Anyway I shouldn't be the author of that file as I have not written it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_1997103670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 16 11:11:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 16 Jul 2024 09:11:58 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: All discussions on merge request !1842 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 13:56:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Jul 2024 11:56:58 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: All discussions on merge request !1850 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 13:56:59 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Jul 2024 11:56:59 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on tests/client_dsa_key.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2003372650 > #include "config.h" > #endif > > -#include > #include > + > +#if !ENABLE_DSA should be fixed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2003372650 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 14:05:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Jul 2024 12:05:41 +0000 Subject: [gnutls-devel] GnuTLS | Path forward for --strict-x509: runtime switch? (#1564) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1564 !1550 has introduced, and !1583 has extended `--strict-x509`, but, without being enabled by default, the compliance improvements offered by the switch lie dormant. On the other hand, enabling the option comes at an interoperability cost, so packagers are discouraged to enabled it, as when users encounter a non-compliant certificate and come to them, their workarounding options are currently limited to recompiling gnutls only. Introducing some form of a runtime switch might help them make the leap. A runtime switch can come in several varieties. In the most common scenario, where a client cannot connect to a server and has no control over the non-compliant certificate it's using, the ideal override would be per-host, and the second best override would be per-invocation, followed by whole-system. Per-app switching, when a specific app wants an override through the API, feels like the least likely to be handy. With that in mind, here's my subjective rating of what the switch could be: 1. environment variable. Pros: per-invocation. Cons: SUID binaries might ignore it. (not sure how significant is that) 2. priority string keyword. Pros: some apps allow configuring it per-invocation or per-app. Cons: not easy to enable system-wide with allowlisting config alone (not sure how significant is that) 3. configuration file directive. Pros: can be per-invocation if pointed at a config with an envvar. Cons: folks rocking no config (e.g. Debian) will have to figure out creating one Another question is, when can the default for the compile switch be flipped. Next second version bump after a runtime switch is there? Overall, what's the plan to proceed with this one? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1564 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 15:56:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Jul 2024 13:56:39 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) In-Reply-To: References: Message-ID: adrien commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_2003634530 I've started implementing a different design, namely introducing a `system-priority-directory`/`GNUTLS_SYSTEM_PRIORITY_DIRECTORY` option. One of the main drawback is that a dozen files have to be modified and APIs added. I'd like to reach an agreement on design. I propose that the file and directory contents are parsed as if they were a single file. Files in the directory are found using `scandir()` and sorted using `strverscmp()` (which is not locale-sensitive). Only files ending with `.conf` are selected (this avoids issues with stray or backup files). Does that sounds good? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_2003634530 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 23:51:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Jul 2024 21:51:01 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2004361211 This is restricted to signing (not key generation) because we falsely assumed `GNUTLS_PK_DSA` == `GNUTLS_PK_DH`, though it turned out not: `GNUTLS_PK_DSA` (= 2), while `GNUTLS_PK_DH` (= 3). Could you take another look why dh-compute2 had a test failure before? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2004361211 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 17 23:50:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Jul 2024 21:50:58 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/crypto-selftests-pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2004361143 > FALLTHROUGH; > case GNUTLS_PK_DSA: > +#ifdef ENABLE_DSA_SIGN Why not include `case GNUTLS_PK_DSA:` in this `#ifdef` block, like the `ENABLE_GOST` case? -- Daiki Ueno started a new discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2004361178 > LIBS=$save_LIBS > > +AC_ARG_ENABLE(dsa-sign, I would move this near the other `AC_ARG_ENABLE` handling (e.g., after line 735), instead of the middle of the Nettle function checks. -- Daiki Ueno started a new discussion on lib/algorithms/sign.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2004361190 > .aid = TLS_SIGN_AID_UNKNOWN }, > - > +#ifdef ENABLE_DSA_SIGN We usually keep known algorithms in the algorithm database, but filter them at the usage; for example, GOST signing algorithms are still there, though it's filtered out in `_wrap_nettle_pk_exists` or so. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 04:02:13 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Jul 2024 02:02:13 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_2004694033 A couple of questions if we go with that design: - Is `system-priority-directory`/`GNUTLS_SYSTEM_PRIORITY_DIRECTORY` mutually exclusive with `system-priority-file`/`GNUTLS_SYSTEM_PRIORITY_FILE`? - What is the actual behavior of merging multiple configurations? - What happens if there is a configuration option with a same key: would it be overridden, the previous value wins, or even the behavior itself is controllable? Before jumping in on the design and implementation, I would suggest that we should clarify the use-cases. For example: - The default configuration file (provided by the distro) doesn't enable KTLS, but I want to enable it in my own configuration file by adding `global.ktls = true` ? This is totally fine - The default configuration file still allows SHA-1 for signatures, while it's not recommended. I want to disable it in my own configuration file by adding `insecure-hash = SHA1` ? This is fine, but wouldn't work if the default configuration file uses the allowlisting mode (`global.override-mode = allowlist`) - The default configuration file does not allow SHA-1 for signatures, but I want to enable it back in my own configuration file by adding `secure-hash = SHA1` ? This needs more consideration, and would only work if the default configuration file uses the allowlisting mode Do you have any specific scenario you want to support with this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_2004694033 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 10:12:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Jul 2024 08:12:54 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) In-Reply-To: References: Message-ID: adrien commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_2005282207 I think file and directory should both be usable at the same time. That being said, in my quick experiment on yesterday, I made it so that the directory one is disabled by default in configure.ac but that's also something I'm very hesitant about and entirely open to change (default would be /etc/gnutls/config.d and it's unlikely that there's already something else there). Multiple configurations would be treated exactly the same way as if they were concatenated together with `cat`. I think the current implementation with a single file does not treat repeated keys in a specific manner and this wouldn't change. The implementation would simply read all files one after the other, using the same context. I've found that `inih` makes this approach very easy and natural. I'd like to make the testsuite reflect that: prove single-file and split-files configuration are read the same. This approach has the benefit of not changing the semantics: configuration lines are simply spread over several files. It is possible to introduce inconsistencies and using several files makes this slightly easier because the user may only look at a single file but I believe the scope in gnutls is small enough (a few lines at most) that this won't matter in practice. My main scenario for this is to allow users to customize their distribution's configuration. That user can do that either manually or by running a tool but in both cases, the affected files do not overlap the ones from the distribution's packages. This is also applies if the main file configuration is empty but a tool manages some files in the configuration directory. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_2005282207 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 14:58:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Jul 2024 12:58:20 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2005945719 I think I accidentally compiled out a part of DSA code that was also used by DH. That was why dh-compute2 failed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2005945719 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 16:09:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Jul 2024 14:09:38 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: All discussions on merge request !1850 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 18:00:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Jul 2024 16:00:39 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Merge request !1850 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 18 18:00:35 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Jul 2024 16:00:35 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2006332565 Thanks; this looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850#note_2006332565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 08:19:10 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Jul 2024 06:19:10 +0000 Subject: [gnutls-devel] GnuTLS | Add configuration option to disable/enable DSA (!1850) In-Reply-To: References: Message-ID: Merge request !1850 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 08:19:12 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Jul 2024 06:19:12 +0000 Subject: [gnutls-devel] GnuTLS | Provide a configure option to compile out DSA (#1561) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich with merge request !1850 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1850) Issue #1561: https://gitlab.com/gnutls/gnutls/-/issues/1561 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1561 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 10:44:43 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Jul 2024 08:44:43 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Merge request !1842 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Hubert Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 19 10:44:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Jul 2024 08:44:57 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_2007415770 Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_2007415770 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 21 01:28:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Jul 2024 23:28:50 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_2008940131 Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_2008940131 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 03:35:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 01:35:54 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 Project:Branches: dueno/gnutls:wip/dueno/cipher-deinit to gnutls/gnutls:master Author: Daiki Ueno This adds a call to gnutls_hash_output with DIGEST argument as NULL to exercise the context reset behavior added in commit eced4c0c2b3d3ee6a35dab99616a25910b623f79. Also includes other minor fixes. Fixes: #1560 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 03:37:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 01:37:54 +0000 Subject: [gnutls-devel] GnuTLS | PBMAC1 tests suggestion: mac extension/truncation (#1559) In-Reply-To: References: Message-ID: Reassigned Issue 1559 https://gitlab.com/gnutls/gnutls/-/issues/1559 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 07:19:44 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 05:19:44 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) and Alexander Sosedkin were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 07:20:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 05:20:09 +0000 Subject: [gnutls-devel] GnuTLS | PBMAC1 tests suggestion: mac extension/truncation (#1559) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 07:19:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 05:19:50 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 07:20:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 05:20:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hash_output tests suggestion: test the digest=NULL invocation scenario (#1560) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1560 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 07:21:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 05:21:08 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 07:22:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 05:22:20 +0000 Subject: [gnutls-devel] GnuTLS | static linking: multiple definition of `mpn_cnd_add_n' (#1552) In-Reply-To: References: Message-ID: Reassigned Issue 1552 https://gitlab.com/gnutls/gnutls/-/issues/1552 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1552 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 07:22:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 05:22:23 +0000 Subject: [gnutls-devel] GnuTLS | static linking: multiple definition of `mpn_cnd_add_n' (#1552) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1552 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 07:23:10 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 05:23:10 +0000 Subject: [gnutls-devel] GnuTLS | Provide a configure option to compile out DSA (#1561) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1561 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 08:31:12 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 06:31:12 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_2009583489 I'm not sure why, but I can't merge this at this moment: "Commit message does not follow the pattern '^(Signed-off-by|Merge branch)'. Try again.", while all commits have "Signed-off-by:". -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_2009583489 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 08:41:36 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 06:41:36 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: All discussions on merge request !1842 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 08:41:36 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 06:41:36 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_2009595366 This is apparently related to https://gitlab.com/gitlab-org/gitlab/-/issues/473477; I'm temporarily setting the regex empty to merge this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842#note_2009595366 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 08:42:04 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 06:42:04 +0000 Subject: [gnutls-devel] GnuTLS | key_share: support X25519Kyber768Draft00 (!1842) In-Reply-To: References: Message-ID: Merge request !1842 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Hubert Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:11:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 08:11:39 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on tests/cert-tests/data/pbmac1_256_256.extended-mac.p12: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2009714007 How were those generated, what were they based on? I expected something like pbmac1_256_256.good.p12 with changes to just the MAC value, but these look noticeably different from pbmac1_256_256.good.p12. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2009714007 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 10:17:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 08:17:11 +0000 Subject: [gnutls-devel] GnuTLS | Draft: lib/priority: add a [includes] section and file-optional/file-required keys (!1849) In-Reply-To: References: Message-ID: adrien commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_2009723070 I thought about having system-priority-paths which would be a colon-separated list of paths which could be either files or directories with a runtime test to decide whether to handle each component as a file or as a directory of files. Default value would be system-priority-file. *BUT* what to do with the existing system-priority-file in that case? Dropping it would be an API break but keeping it would be ambiguous. For now it looks like having two options (one for file and one for directory) clearer/safer even if less elegant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1849#note_2009723070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 14:17:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 12:17:07 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/cert-tests/data/pbmac1_256_256.extended-mac.p12: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2010170247 Maybe that's because I used pbmac1-simple.p12 as the basis. For extending, I used this patch: ```diff diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index b3287dfb72..ce14a4eee6 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -881,7 +881,7 @@ static int generate_mac_pbmac1(gnutls_mac_algorithm_t mac, const struct pbkdf2_params *params, const gnutls_datum_t *data, asn1_node pkcs12) { - uint8_t mac_output_data[MAX_HASH_SIZE]; + uint8_t mac_output_data[MAX_HASH_SIZE * 2]; gnutls_datum_t mac_output; int result; @@ -892,7 +892,8 @@ static int generate_mac_pbmac1(gnutls_mac_algorithm_t mac, } mac_output.data = mac_output_data; - mac_output.size = params->key_size; + memcpy(mac_output_data + params->key_size, mac_output_data, params->key_size); + mac_output.size = params->key_size * 2; result = _gnutls_x509_write_value(pkcs12, "macData.mac.digest", &mac_output); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2010170247 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 18:56:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 16:56:55 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on tests/cert-tests/data/pbmac1_256_256.extended-mac.p12: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2010657717 Somehow they're significantly different from and longer than both pbmac1-simple.p12 and pbmac1_256_256.good.p12, complicating differential testing... May I suggest different test vectors instead? Attaching them to #1559. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2010657717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 22 19:05:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 17:05:48 +0000 Subject: [gnutls-devel] GnuTLS | PBMAC1 tests suggestion: mac extension/truncation (#1559) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1559#note_2010666634 How about [these test vectors](https://gitlab.com/-/snippets/3730991)? CC @tomato42 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1559#note_2010666634 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 01:35:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 23:35:01 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: All discussions on merge request !1851 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 01:35:02 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Jul 2024 23:35:02 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/cert-tests/data/pbmac1_256_256.extended-mac.p12: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2010994465 Thank you! Replaced with the new vectors. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2010994465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 02:53:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 00:53:50 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: manually load liboqs.so at startup (!1852) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno * tests: pqc-hybrid-kx: use key and certificate in distribution The Ed25519 key and certificate in doc/credentials/x509/ are currently not included in the distribution. Use the ECDSA ones in the test to make the test work. Signed-off-by: Daiki Ueno * liboqs: manually load liboqs.so at startup This is to load liboqs.so through gnutls_oqs_ensure_library at startup. Without that, the dlopen logic still works thanks to the default loader that will be enabled if OQS_LIBRARY_SONAME, though it is not possible to unload it with gnutls_oqs_unload_library. Signed-off-by: Daiki Ueno ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 08:56:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 06:56:48 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: manually load liboqs.so at startup (!1852) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 08:56:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 06:56:41 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: manually load liboqs.so at startup (!1852) In-Reply-To: References: Message-ID: Reassigned merge request 1852 https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 08:56:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 06:56:58 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: manually load liboqs.so at startup (!1852) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 09:02:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 07:02:31 +0000 Subject: [gnutls-devel] GnuTLS | Redefinition of rsa_oaep_* symbols when compiled with Nettle 3.10 (#1565) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 09:02:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 07:02:21 +0000 Subject: [gnutls-devel] GnuTLS | Redefinition of rsa_oaep_* symbols when compiled with Nettle 3.10 (#1565) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1565 When building in Fedora rawhide, where Nettle 3.10 is available, I see the following warnings: ```console In file included from ../../../lib/nettle/backport/rsa-oaep-encrypt.c:40: ../../../lib/nettle/int/rsa-oaep.h:44:9: warning: "rsa_oaep_sha256_encrypt" redefined 44 | #define rsa_oaep_sha256_encrypt gnutls_nettle_backport_rsa_oaep_sha256_encrypt | ^~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../../lib/nettle/backport/rsa-oaep-encrypt.c:39: /usr/include/nettle/rsa.h:91:9: note: this is the location of the previous definition 91 | #define rsa_oaep_sha256_encrypt nettle_rsa_oaep_sha256_encrypt | ^~~~~~~~~~~~~~~~~~~~~~~ ../../../lib/nettle/int/rsa-oaep.h:45:9: warning: "rsa_oaep_sha256_decrypt" redefined 45 | #define rsa_oaep_sha256_decrypt gnutls_nettle_backport_rsa_oaep_sha256_decrypt | ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/nettle/rsa.h:92:9: note: this is the location of the previous definition 92 | #define rsa_oaep_sha256_decrypt nettle_rsa_oaep_sha256_decrypt | ^~~~~~~~~~~~~~~~~~~~~~~ ../../../lib/nettle/int/rsa-oaep.h:46:9: warning: "rsa_oaep_sha384_encrypt" redefined 46 | #define rsa_oaep_sha384_encrypt gnutls_nettle_backport_rsa_oaep_sha384_encrypt | ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/nettle/rsa.h:93:9: note: this is the location of the previous definition 93 | #define rsa_oaep_sha384_encrypt nettle_rsa_oaep_sha384_encrypt | ^~~~~~~~~~~~~~~~~~~~~~~ ../../../lib/nettle/int/rsa-oaep.h:47:9: warning: "rsa_oaep_sha384_decrypt" redefined 47 | #define rsa_oaep_sha384_decrypt gnutls_nettle_backport_rsa_oaep_sha384_decrypt | ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/nettle/rsa.h:94:9: note: this is the location of the previous definition 94 | #define rsa_oaep_sha384_decrypt nettle_rsa_oaep_sha384_decrypt | ^~~~~~~~~~~~~~~~~~~~~~~ ../../../lib/nettle/int/rsa-oaep.h:48:9: warning: "rsa_oaep_sha512_encrypt" redefined 48 | #define rsa_oaep_sha512_encrypt gnutls_nettle_backport_rsa_oaep_sha512_encrypt | ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/nettle/rsa.h:95:9: note: this is the location of the previous definition 95 | #define rsa_oaep_sha512_encrypt nettle_rsa_oaep_sha512_encrypt | ^~~~~~~~~~~~~~~~~~~~~~~ ../../../lib/nettle/int/rsa-oaep.h:49:9: warning: "rsa_oaep_sha512_decrypt" redefined 49 | #define rsa_oaep_sha512_decrypt gnutls_nettle_backport_rsa_oaep_sha512_decrypt | ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/nettle/rsa.h:96:9: note: this is the location of the previous definition 96 | #define rsa_oaep_sha512_decrypt nettle_rsa_oaep_sha512_decrypt | ^~~~~~~~~~~~~~~~~~~~~~~ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 09:07:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 07:07:03 +0000 Subject: [gnutls-devel] GnuTLS | Redefinition of rsa_oaep_* symbols when compiled with Nettle 3.10 (#1565) In-Reply-To: References: Message-ID: Reassigned Issue 1565 https://gitlab.com/gnutls/gnutls/-/issues/1565 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 11:23:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 09:23:03 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: manually load liboqs.so at startup (!1852) In-Reply-To: References: Message-ID: Merge request !1852 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 11:23:15 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 09:23:15 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: manually load liboqs.so at startup (!1852) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852#note_2011568804 Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852#note_2011568804 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 11:47:17 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 09:47:17 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: manually load liboqs.so at startup (!1852) In-Reply-To: References: Message-ID: Merge request !1852 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 11:47:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 09:47:25 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: manually load liboqs.so at startup (!1852) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852#note_2011612287 Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1852#note_2011612287 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 13:51:52 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 11:51:52 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: check if liboqs is usable at run-time (!1853) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup2 to gnutls/gnutls:master Author: Daiki Ueno Previously GnuTLS assumed liboqs is available at run time, when it was detected at build time. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 14:48:22 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 12:48:22 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 14:48:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 12:48:26 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Reassigned merge request 1853 https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 23 23:57:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 21:57:16 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 01:45:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 23:45:16 +0000 Subject: [gnutls-devel] cligen | Allow to override build date with SOURCE_DATE_EPOCH (!5) In-Reply-To: References: Message-ID: Merge request !5 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/cligen/-/merge_requests/5 Project:Branches: bmwiedemann/cligen:date to gnutls/cligen:main Author: Bernhard M_ Wiedemann Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 01:45:34 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 23:45:34 +0000 Subject: [gnutls-devel] cligen | Allow to override build date with SOURCE_DATE_EPOCH (!5) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/cligen/-/merge_requests/5#note_2012805060 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/5#note_2012805060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 01:48:15 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 23:48:15 +0000 Subject: [gnutls-devel] cligen | Don't emit `error` function call (#1) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/cligen/-/issues/1 The `error` function from `` is only standardized in GNU. Replace them with more portable alternative in the generated code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/issues/1 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 01:56:43 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Jul 2024 23:56:43 +0000 Subject: [gnutls-devel] cligen | Allow to override build date with SOURCE_DATE_EPOCH (!5) In-Reply-To: References: Message-ID: Merge request !5 was merged Merge request URL: https://gitlab.com/gnutls/cligen/-/merge_requests/5 Project:Branches: bmwiedemann/cligen:date to gnutls/cligen:main Author: Bernhard M_ Wiedemann -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/5 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 04:07:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 02:07:16 +0000 Subject: [gnutls-devel] cligen | codegen: do not emit error function call (!6) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/cligen/-/merge_requests/6 Branches: wip/no-error to main Author: Daiki Ueno The error function from is a GNU specific and should be avoided in portable code. Signed-off-by: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 07:37:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 05:37:27 +0000 Subject: [gnutls-devel] cligen | Don't emit `error` function call (#1) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !6 (https://gitlab.com/gnutls/cligen/-/merge_requests/6) Issue #1: https://gitlab.com/gnutls/cligen/-/issues/1 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/issues/1 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 07:44:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 05:44:05 +0000 Subject: [gnutls-devel] GnuTLS | PCT are conditioned on ENABLE_FIPS140, not _gnutls_fips_mode_enabled() (#1453) In-Reply-To: References: Message-ID: Reassigned Issue 1453 https://gitlab.com/gnutls/gnutls/-/issues/1453 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 07:43:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 05:43:57 +0000 Subject: [gnutls-devel] GnuTLS | PCT are conditioned on ENABLE_FIPS140, not _gnutls_fips_mode_enabled() (#1453) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 09:27:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 07:27:53 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853#note_2013258994 No obvious mistakes spotted. I'm not sure `*_is_usable()` isn't overdoing the abstraction, when only one of them is used and the caller end packs the result into another global variable again, but I'm not arguing that should work, just thinking it could be an atomic macro or something. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853#note_2013258994 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 09:27:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 07:27:57 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Merge request !1853 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup2 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 09:34:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 07:34:09 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Merge request !1853 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup2 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 09:34:51 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 07:34:51 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853#note_2013269032 No obvious mistakes found. Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853#note_2013269032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 09:34:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 07:34:57 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Merge request !1851 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 Project:Branches: dueno/gnutls:wip/dueno/cipher-deinit to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Hubert Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 09:52:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 07:52:21 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853#note_2013296883 Right, I was thinking something generally useful, but in this case we probably could just remove the call and set the variable if `*_ensure_library` succeeds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853#note_2013296883 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 11:09:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 09:09:25 +0000 Subject: [gnutls-devel] GnuTLS | static linking: multiple definition of `mpn_cnd_add_n' (#1552) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !1851 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1851) Issue #1552: https://gitlab.com/gnutls/gnutls/-/issues/1552 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1552 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 11:09:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 09:09:25 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_hash_output tests suggestion: test the digest=NULL invocation scenario (#1560) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !1851 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1851) Issue #1560: https://gitlab.com/gnutls/gnutls/-/issues/1560 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1560 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 11:09:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 09:09:25 +0000 Subject: [gnutls-devel] GnuTLS | Redefinition of rsa_oaep_* symbols when compiled with Nettle 3.10 (#1565) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !1851 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1851) Issue #1565: https://gitlab.com/gnutls/gnutls/-/issues/1565 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 11:09:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 09:09:16 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2013460344 Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851#note_2013460344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 11:09:24 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 09:09:24 +0000 Subject: [gnutls-devel] GnuTLS | tests: hash-large: exercise gnutls_hash_output(..., NULL) (!1851) In-Reply-To: References: Message-ID: Merge request !1851 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 Project:Branches: dueno/gnutls:wip/dueno/cipher-deinit to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Hubert Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 11:09:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 09:09:25 +0000 Subject: [gnutls-devel] GnuTLS | PBMAC1 tests suggestion: mac extension/truncation (#1559) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !1851 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1851) Issue #1559: https://gitlab.com/gnutls/gnutls/-/issues/1559 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 24 11:10:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 24 Jul 2024 09:10:25 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: defer loading of liboqs at run-time (!1853) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.7 (Jul 5, 2024?Sep 5, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/45 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 25 10:10:44 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 25 Jul 2024 08:10:44 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli - incomplete DANE support (#557) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/557#note_2015464532 I admit I do not fully understand the issue, but in the current implementation, "Certificate usage=2 (DANE-TA Trust anchor assertion)" is mapped to `DANE_CERT_USAGE_LOCAL_CA`, which is only checked without `--no-ca-verification` (i.e., `!(vflags & DANE_VFLAG_ONLY_CHECK_EE_USAGE)` [here](https://gitlab.com/gnutls/gnutls/-/blob/ef5a574e3acc358e2a6f7c4efaeb21bef15f9349/libdane/dane.c#L771)), and since all the certs have usage=2, loop ends without verification and returns `DANE_E_REQUESTED_DATA_NOT_AVAILABLE`. Do you think it should be also evaluated in EE only verification? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/557#note_2015464532 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 03:34:04 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 26 Jul 2024 01:34:04 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: switch to using dlwrap for loading TSS2 libraries (!1854) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854 Project:Branches: dueno/gnutls:wip/dueno/tpm2-dlwrap to gnutls/gnutls:master Author: Daiki Ueno Similar to !1847, this switches the logic of loading TSS2 libraries to using dlwrap generated code. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 05:00:10 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 26 Jul 2024 03:00:10 +0000 Subject: [gnutls-devel] GnuTLS | Prepare for 3.8.7 release (!1855) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855 Project:Branches: dueno/gnutls:wip/dueno/update-cligen to gnutls/gnutls:master Author: Daiki Ueno As a preparation for 3.8.7 release, this updates submodules and NEWS. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 26 15:41:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 26 Jul 2024 13:41:11 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: switch to using dlwrap for loading TSS2 libraries (!1854) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 27 02:32:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 27 Jul 2024 00:32:55 +0000 Subject: [gnutls-devel] GnuTLS | Prepare for 3.8.7 release (!1855) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 01:52:12 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 28 Jul 2024 23:52:12 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: check whether Kyber768 is compiled in (!1856) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno In the default build configuration of liboqs 0.10.1, Kyber768 is disabled. This adds a guard against it and skip tests if not available. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 07:27:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Jul 2024 05:27:23 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: check whether Kyber768 is compiled in (!1856) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 29 07:27:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Jul 2024 05:27:40 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: check whether Kyber768 is compiled in (!1856) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 10:17:30 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 08:17:30 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: check whether Kyber768 is compiled in (!1856) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856#note_2021795941 No mistakes found. LGTM. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856#note_2021795941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 10:17:34 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 08:17:34 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: check whether Kyber768 is compiled in (!1856) In-Reply-To: References: Message-ID: Merge request !1856 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 10:34:22 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 08:34:22 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: switch to using dlwrap for loading TSS2 libraries (!1854) In-Reply-To: References: Message-ID: Merge request !1854 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854 Project:Branches: dueno/gnutls:wip/dueno/tpm2-dlwrap to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 10:34:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 08:34:41 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: switch to using dlwrap for loading TSS2 libraries (!1854) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854#note_2021831375 Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854#note_2021831375 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 10:46:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 08:46:11 +0000 Subject: [gnutls-devel] GnuTLS | Prepare for 3.8.7 release (!1855) In-Reply-To: References: Message-ID: Merge request !1855 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855 Project:Branches: dueno/gnutls:wip/dueno/update-cligen to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 10:46:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 08:46:48 +0000 Subject: [gnutls-devel] GnuTLS | Prepare for 3.8.7 release (!1855) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855#note_2021855632 Nice decomposition of commits. LGTM. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855#note_2021855632 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 11:15:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 09:15:08 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: check whether Kyber768 is compiled in (!1856) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856#note_2021917654 Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856#note_2021917654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 11:15:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 09:15:14 +0000 Subject: [gnutls-devel] GnuTLS | liboqs: check whether Kyber768 is compiled in (!1856) In-Reply-To: References: Message-ID: Merge request !1856 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856 Project:Branches: dueno/gnutls:wip/dueno/hybrid-kx-liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1856 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 11:15:56 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 09:15:56 +0000 Subject: [gnutls-devel] GnuTLS | Prepare for 3.8.7 release (!1855) In-Reply-To: References: Message-ID: Merge request !1855 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855 Project:Branches: dueno/gnutls:wip/dueno/update-cligen to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 11:15:44 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 09:15:44 +0000 Subject: [gnutls-devel] GnuTLS | Prepare for 3.8.7 release (!1855) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855#note_2021918724 Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1855#note_2021918724 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 13:20:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 11:20:14 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: switch to using dlwrap for loading TSS2 libraries (!1854) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854#note_2022187871 Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854#note_2022187871 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 30 13:20:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Jul 2024 11:20:23 +0000 Subject: [gnutls-devel] GnuTLS | tpm2: switch to using dlwrap for loading TSS2 libraries (!1854) In-Reply-To: References: Message-ID: Merge request !1854 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854 Project:Branches: dueno/gnutls:wip/dueno/tpm2-dlwrap to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1854 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 02:47:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 31 Jul 2024 00:47:05 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_group_list: take into account of public key algorithms (!1857) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1857 Project:Branches: dueno/gnutls:wip/dueno/group-supported to gnutls/gnutls:master Author: Daiki Ueno Previously the function only checked if the ECC curves are supported. Now that hybrid key exchange with KEM is supported, it should also check public key systems. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1857 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 31 02:47:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 31 Jul 2024 00:47:11 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_group_list: take into account of public key algorithms (!1857) In-Reply-To: References: Message-ID: Alexander Sosedkin and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1857 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: