From gnutls-devel at lists.gnutls.org  Fri Mar  1 08:44:31 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Mar 2024 07:44:31 +0000
Subject: [gnutls-devel] GnuTLS | Certtool error when generating a
 selfsigned x25519 certificate (#1524)
In-Reply-To: <note_1796126203@gitlab.com>
References: <reply-709721e320e3f57b2568a6d4793dda38@gitlab.com>
 <issue_141018298@gitlab.com> <note_1795794528@gitlab.com>
 <note_1796126203@gitlab.com>
Message-ID: <mailman.13540.1709279115.26742.gnutls-devel@lists.gnutls.org>




Iisakki Jaakkola commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1524#note_1796528096

I didn't know about this either. Here's what I get: (the potentially interesting stuff is at the last lines)

```bash
$ export GNUTLS_DEBUG_LEVEL=9                                                                                              
$ certtool --version                                                                                                      
gnutls[2]: Enabled GnuTLS 3.8.3 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel SHA was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: loaded system config /etc/gnutls/config mtime 1705414038
certtool 3.8.3
Copyright (C) 2000-2023 Free Software Foundation, and others
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>

Please send bug reports to:  <bugs at gnutls.org>            
$ certtool --generate-privkey --key-type=x25519 --outfile test-certificate.key
gnutls[2]: Enabled GnuTLS 3.8.3 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel SHA was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: loaded system config /etc/gnutls/config mtime 1705414038
Generating a 256 bit ECDH (X25519) private key...
|<3>| ASSERT: privkey.c[gnutls_x509_privkey_get_seed]:2019
|<3>| ASSERT: privkey.c[gnutls_x509_privkey_get_seed]:2019
|<3>| ASSERT: pkcs7-crypt.c[_gnutls_pkcs_flags_to_schema]:215
|<2>| Selecting default encryption PBES2_AES_256 (flags: 33).
$ certtool --generate-self-signed --load-privkey test-certificate.key --outfile test-certificate.pem                      
gnutls[2]: Enabled GnuTLS 3.8.3 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel SHA was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: loaded system config /etc/gnutls/config mtime 1705414038
Generating a self signed certificate...
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:97
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:163
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.

...skipping the questions here...

Is the above information ok? (y/N): y


Signing certificate...
|<3>| ASSERT: pubkey.c[gnutls_pubkey_get_preferred_hash_algorithm]:355
crt_get_preferred_hash_algorithm: GnuTLS internal error.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1524#note_1796528096
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240301/89dd25ba/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Mar  1 09:32:00 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Mar 2024 08:32:00 +0000
Subject: [gnutls-devel] GnuTLS | Certtool error when generating a
 selfsigned x25519 certificate (#1524)
In-Reply-To: <note_1796128168@gitlab.com>
References: <reply-0e4b3866bfc302e6d145e21c6b882b81@gitlab.com>
 <issue_141018298@gitlab.com> <note_1796128168@gitlab.com>
Message-ID: <mailman.13543.1709281938.26742.gnutls-devel@lists.gnutls.org>




Iisakki Jaakkola commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1524#note_1796582154

Even this would be quite confusing. As apparently this particular generation should succeed (as it apparently does for @SilentSobs), then is it the case that I should install something extra or is my GNUtls just compiled without support for this or..?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1524#note_1796582154
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240301/0e02e033/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar  1 10:37:23 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Mar 2024 09:37:23 +0000
Subject: [gnutls-devel] GnuTLS | Certtool error when generating a
 selfsigned x25519 certificate (#1524)
In-Reply-To: <note_1796528096@gitlab.com>
References: <reply-0c23f65f64c88ebb1766bdbf62fc5b00@gitlab.com>
 <issue_141018298@gitlab.com> <note_1795794528@gitlab.com>
 <note_1796126203@gitlab.com> <note_1796528096@gitlab.com>
Message-ID: <mailman.13544.1709285854.26742.gnutls-devel@lists.gnutls.org>




Sahil Siddiq commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1524#note_1796682164

> the potentially interesting stuff is at the last lines

Right, as mentioned in the previous message, that's where the preferred digest algorithm is determined based on the key type. A switch-case statement is used for this purpose.

```c
	switch (key->params.algo) {
	case GNUTLS_PK_DSA: [...]
	case GNUTLS_PK_ECDSA: [...]
	case GNUTLS_PK_EDDSA_ED25519: [...]
	case GNUTLS_PK_EDDSA_ED448: [...]
	case GNUTLS_PK_GOST_01:
	case GNUTLS_PK_GOST_12_256:
	case GNUTLS_PK_GOST_12_512: [...]
	case GNUTLS_PK_RSA_PSS: [...]
	case GNUTLS_PK_RSA: [...]
	default:
		gnutls_assert();
		ret = GNUTLS_E_INTERNAL_ERROR;
	}
```
There is no case statement for `ECDH_X25519` and `ECDH_X448`. I am not sure if this is a config issue.

@SilentSobs Could you please let me know what log lines are printed out when you run the two `certtool` commands?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1524#note_1796682164
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240301/f385468b/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar  1 15:06:58 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Mar 2024 14:06:58 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-547e66b2227ada44757a4a0a9d625377@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13545.1709302031.26742.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797176160

Overall looks good. I haven't found any problem except for one memory leak.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797176160
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240301/bcd4b77b/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar  1 15:07:03 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Mar 2024 14:07:03 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-f6635a2cb8073c443f7001b89ef4c146@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13546.1709302068.26742.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1805 was reviewed by Zolt?n Fridrich

--
  
Zolt?n Fridrich started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797176103

> +				   plaintext->data, ciphertext->data);
> +		if (ret < 0) {
> +			gnutls_assert();

should the ciphertext->data be freed on error?

--
  
Zolt?n Fridrich started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797176126

> +	ret = rsa_encrypt(key, rnd_ctx, rnd_func, length, message, p);
> +
> +	if (_gnutls_mpi_bprint_size(p, ciphertext, key->size) < 0) {

Question: Is this guaranteed to fail when rsa_encrypt fails? Or will this always succeed when rsa_encrypt succeeds?

--
  
Zolt?n Fridrich started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797176136

> +
> +		if (ret == 0 || HAVE_LIB_ERROR()) {
> +			ret = gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);

Probably should clean up plaintext->data here as well.




-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240301/9cc99796/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Mar  1 15:07:02 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Mar 2024 14:07:02 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-f88716f38d8f74345b2cb6a91cf1fcc1@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13549.1709302076.26742.gnutls-devel@lists.gnutls.org>



Merge request !1805 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240301/123de0cb/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 09:40:24 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 08:40:24 +0000
Subject: [gnutls-devel] GnuTLS | Typo in definition of `_gnutls_no_log`
 when `C99_MACROS` is undefined. (#1530)
In-Reply-To: <issue_142703926@gitlab.com>
References: <reply-4fe78cb8346ffff764b9cc2a7f72044e@gitlab.com>
 <issue_142703926@gitlab.com>
Message-ID: <mailman.13562.1709368869.26742.gnutls-devel@lists.gnutls.org>




Ramesh Adhikari commented: https://gitlab.com/gnutls/gnutls/-/issues/1530#note_1797971941

Should I Fix This?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1530#note_1797971941
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/3480ab84/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 09:46:57 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 08:46:57 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <note_1797176103@gitlab.com>
References: <reply-c12d53dffd5f37d1f1be1eb7567e1ab1@gitlab.com>
 <merge_request_280758695@gitlab.com> <note_1797176103@gitlab.com>
Message-ID: <mailman.13563.1709369235.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797972732

> -		ret = rsa_encrypt(&pub, NULL, random_func, plaintext->size,
> -				  plaintext->data, p);
> -		if (ret == 0 || HAVE_LIB_ERROR()) {
> -			ret = gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
> +
> +		ciphertext->data = gnutls_malloc(pub.size);
> +		if (!ciphertext->data) {
> +			ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
>  			goto cleanup;
>  		}
> +		ciphertext->size = pub.size;
> +
> +		ret = _rsa_encrypt(&pub, NULL, random_func, plaintext->size,
> +				   plaintext->data, ciphertext->data);
> +		if (ret < 0) {
> +			gnutls_assert();

Thanks for pointing that out; I've rewritten that part using a temporary buffer which is always freed at the `cleanup` label.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797972732
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/7a3f7a74/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 09:47:24 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 08:47:24 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <note_1797176126@gitlab.com>
References: <reply-8aedfd44c804af0d9edfc8b18400db14@gitlab.com>
 <merge_request_280758695@gitlab.com> <note_1797176126@gitlab.com>
Message-ID: <mailman.13566.1709369263.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797972800

>  
> +/* This wraps nettle_rsa_encrypt so it returns ciphertext as a byte
> + * array instead of a mpz_t value.  Returns 1 on success; 0 otherwise.
> + */
> +static inline int _rsa_encrypt(const struct rsa_public_key *key, void *rnd_ctx,
> +			       nettle_random_func *rnd_func, size_t length,
> +			       const uint8_t *message, uint8_t *ciphertext)
> +{
> +	mpz_t p;
> +	int ret;
> +
> +	mpz_init(p);
> +
> +	ret = rsa_encrypt(key, rnd_ctx, rnd_func, length, message, p);
> +
> +	if (_gnutls_mpi_bprint_size(p, ciphertext, key->size) < 0) {

Another great point, I've added an early return there.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797972800
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/b887346e/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 09:47:34 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 08:47:34 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-f9b77a574c80041056639c2d2c70a8bc@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13567.1709369296.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1805 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1805

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/53db13e3/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 09:47:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 08:47:33 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <note_1797176136@gitlab.com>
References: <reply-019947220a6ea1607801e9fd52b46277@gitlab.com>
 <merge_request_280758695@gitlab.com> <note_1797176136@gitlab.com>
Message-ID: <mailman.13570.1709369305.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797972817

> +		plaintext->data = gnutls_malloc(length);
> +		if (plaintext->data == NULL) {
> +			ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
> +			goto cleanup;
> +		}
> +
> +		if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST)
> +			random_func = rnd_nonce_func_fallback;
> +		else
> +			random_func = rnd_nonce_func;
> +		ret = _rsa_decrypt_tr(&pub, &priv, NULL, random_func, &length,
> +				      plaintext->data, ciphertext->data);
> +		plaintext->size = length;
> +
> +		if (ret == 0 || HAVE_LIB_ERROR()) {
> +			ret = gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);

Fixed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1797972817
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/400e52e4/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 11:51:22 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 10:51:22 +0000
Subject: [gnutls-devel] GnuTLS | Typo in definition of `_gnutls_no_log`
 when `C99_MACROS` is undefined. (#1530)
In-Reply-To: <note_1797971941@gitlab.com>
References: <reply-8340568665f3ab8f4d1e48b0058566f8@gitlab.com>
 <issue_142703926@gitlab.com> <note_1797971941@gitlab.com>
Message-ID: <mailman.13571.1709376726.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1530#note_1797993077

@SilentSobs that would be appreciated!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1530#note_1797993077
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/017921ef/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 12:31:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 11:31:14 +0000
Subject: [gnutls-devel] GnuTLS | Fix macro naming in errors.h #1530 (!1814)
References: <reply-4b7a869a1bc105a7ee42bd58f772664e@gitlab.com>
Message-ID: <mailman.13574.1709379089.26742.gnutls-devel@lists.gnutls.org>



Ramesh Adhikari created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1814

Project:Branches: SilentSobs/gnutls:macro-correction to gnutls/gnutls:master
Author:   Ramesh Adhikari




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Fix macro naming in errors.h

## Checklist
 * [* ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

Signed-off-by: Ramesh Adhikari adhikari.resume at gmail.com

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1814
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/7eff6f9e/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 13:09:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 12:09:05 +0000
Subject: [gnutls-devel] GnuTLS | #1530 Fix macro naming in errors.h
 Signed-off-by: Ramesh <adhikari.resume@gmail.com> (!1815)
References: <reply-966afb8d68f82a02df2680fefda3d52f@gitlab.com>
Message-ID: <mailman.13575.1709381364.26742.gnutls-devel@lists.gnutls.org>



Ramesh Adhikari created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1815

Project:Branches: SilentSobs/gnutls:macro-fix to gnutls/gnutls:master
Author:   Ramesh Adhikari




<!-- Fix macro naming in errors.h -->

* This commit addresses an issue related to incorrect macro naming in the errors.h file.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests
 * [x] Test suite updated with negative tests
 * [x] Documentation updated / NEWS entry present (for non-trivial changes)
 * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [x] Any issues marked for closing are addressed
 * [x] There is a test suite reasonably covering new functionality or modifications
 * [x] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [x] This feature/change has adequate documentation added
 * [x] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1815
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/098cc8de/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 13:09:29 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 12:09:29 +0000
Subject: [gnutls-devel] GnuTLS | Fix macro naming in errors.h #1530
 (!1814)
In-Reply-To: <merge_request_285991844@gitlab.com>
References: <reply-b5c8bb36948e9dd3941e457b4e2d04be@gitlab.com>
 <merge_request_285991844@gitlab.com>
Message-ID: <mailman.13576.1709381384.26742.gnutls-devel@lists.gnutls.org>



Merge request !1814 was closed by Ramesh Adhikari
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1814
Project:Branches: SilentSobs/gnutls:macro-correction to gnutls/gnutls:master
Author: Ramesh Adhikari
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1814
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/043401a8/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 22:33:46 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 21:33:46 +0000
Subject: [gnutls-devel] libtasn1 | Add coverity pipeline job. (!97)
References: <reply-79ce5a76d868e173e501b324755bbc28@gitlab.com>
Message-ID: <mailman.13580.1709415242.26742.gnutls-devel@lists.gnutls.org>



Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/97

Project:Branches: jas/libtasn1:jas/coverity to gnutls/libtasn1:master
Author:   Simon Josefsson






-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/97
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/d188e846/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 22:49:25 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 21:49:25 +0000
Subject: [gnutls-devel] libtasn1 | Add coverity pipeline job. (!97)
In-Reply-To: <merge_request_286019726@gitlab.com>
References: <reply-41a15841a7188684ca8631ec365aaaf6@gitlab.com>
 <merge_request_286019726@gitlab.com>
Message-ID: <mailman.13581.1709416211.26742.gnutls-devel@lists.gnutls.org>



Merge request !97 was merged
Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/97
Project:Branches: jas/libtasn1:jas/coverity to gnutls/libtasn1:master
Author: Simon Josefsson

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/97
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/c84d2649/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 22:55:03 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 21:55:03 +0000
Subject: [gnutls-devel] GnuTLS | #1530 Fix macro naming in errors.h
 Signed-off-by: Ramesh <adhikari.resume@gmail.com> (!1815)
In-Reply-To: <merge_request_285993001@gitlab.com>
References: <reply-0ea078b9eea72464ee46cccb1c70bb5a@gitlab.com>
 <merge_request_285993001@gitlab.com>
Message-ID: <mailman.13582.1709416544.26742.gnutls-devel@lists.gnutls.org>



Merge request !1815 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1815
Project:Branches: SilentSobs/gnutls:macro-fix to gnutls/gnutls:master
Author: Ramesh Adhikari
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1815
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/d10d6354/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 23:06:24 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 22:06:24 +0000
Subject: [gnutls-devel] GnuTLS | #1530 Fix macro naming in errors.h
 Signed-off-by: Ramesh <adhikari.resume@gmail.com> (!1815)
In-Reply-To: <merge_request_285993001@gitlab.com>
References: <reply-6025b2c47a4ef3b30d414d945cb84207@gitlab.com>
 <merge_request_285993001@gitlab.com>
Message-ID: <mailman.13585.1709417213.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1815#note_1798163337

Thanks; the change looks good to me, though the commit message could be better [formatted](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) (no need to include `Signed-off-by:` in the first line, perhaps good to credit the original reporter like "Reported by ...").

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1815#note_1798163337
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/d0b1f9d2/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 23:11:02 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 22:11:02 +0000
Subject: [gnutls-devel] libtasn1 | Fix coverity job. (!98)
References: <reply-8ad02f1dbcbf3b701fbf1a4d567f3a9d@gitlab.com>
Message-ID: <mailman.13586.1709417476.26742.gnutls-devel@lists.gnutls.org>



Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/98

Branches: coverity to master
Author:   Simon Josefsson






-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/98
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/5831abd7/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 23:13:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 22:13:01 +0000
Subject: [gnutls-devel] libtasn1 | Fix coverity job. (!98)
In-Reply-To: <merge_request_286020349@gitlab.com>
References: <reply-92b85de2f1fac466789152a42df1b57f@gitlab.com>
 <merge_request_286020349@gitlab.com>
Message-ID: <mailman.13587.1709417627.26742.gnutls-devel@lists.gnutls.org>



Merge request !98 was merged
Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/98
Branches: coverity to master
Author: Simon Josefsson

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/98
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/1ae00219/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 23:39:31 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 22:39:31 +0000
Subject: [gnutls-devel] libtasn1 | Fix coverity pipeline job,
 add workflow rules, and license. (!99)
References: <reply-fe677e0301bc9fd5d08860aa02640471@gitlab.com>
Message-ID: <mailman.13588.1709419216.26742.gnutls-devel@lists.gnutls.org>



Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/99

Branches: coverity to master
Author:   Simon Josefsson






-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/99
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/47212717/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  2 23:40:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Mar 2024 22:40:07 +0000
Subject: [gnutls-devel] libtasn1 | Fix coverity pipeline job,
 add workflow rules, and license. (!99)
In-Reply-To: <merge_request_286020784@gitlab.com>
References: <reply-31c5d080966db0da243ce20520dfb882@gitlab.com>
 <merge_request_286020784@gitlab.com>
Message-ID: <mailman.13589.1709419252.26742.gnutls-devel@lists.gnutls.org>



Merge request !99 was merged
Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/99
Branches: coverity to master
Author: Simon Josefsson

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/99
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240302/4f76abff/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar  3 16:33:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 03 Mar 2024 15:33:37 +0000
Subject: [gnutls-devel] GnuTLS | Fix build failure related to TLS 1.3
 compatibility (!1816)
References: <reply-e03b31ab134d7a39781f00f1c97a4107@gitlab.com>
Message-ID: <mailman.13594.1709480063.26742.gnutls-devel@lists.gnutls.org>



Ramesh Adhikari created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1816

Project:Branches: SilentSobs/gnutls:test_source_fix to gnutls/gnutls:master
Author:   Ramesh Adhikari




Resolve a build failure issue by making necessary refactorings and adjustments to ensure compatibility with TLS 1.3.Replace the assignment "${srcdir=.}" with "srcdir=${srcdir:-.}" to ensure that a default value is used for srcdir if it is not already defined. This enhances the robustness of the script.


While building a source code i was getting an error 

![2](/uploads/bbf1e59a2c4498d669e81654eadfb271/2.png)
![Screenshot_2024-03-03_15-51-11](/uploads/df97bf73eeb9c83bee31bc39c4af2e24/Screenshot_2024-03-03_15-51-11.png)



* build fix




* build fix Signed-off-by: Ramesh <adhikari.resume at gmail.com>

Signed-off-by: Ramesh <adhikari.resume at gmail.com>

## Checklist
 * [*] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [*] Code modified for feature
 * [*] Test suite updated with functionality tests
 * [] Test suite updated with negative tests
 * [] Documentation updated / NEWS entry present (for non-trivial changes)
 * [] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [] Any issues marked for closing are addressed
 * [*] There is a test suite reasonably covering new functionality or modifications
 * [*] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [*] This feature/change has adequate documentation added
 * [*] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1816
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240303/d9ea49b2/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sun Mar  3 17:15:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 03 Mar 2024 16:15:07 +0000
Subject: [gnutls-devel] GnuTLS | Fix build failure related to TLS 1.3
 compatibility (!1816)
In-Reply-To: <merge_request_286134254@gitlab.com>
References: <reply-e5bc7cdb7b342fabcf1bff83fc0d83e4@gitlab.com>
 <merge_request_286134254@gitlab.com>
Message-ID: <mailman.13597.1709482523.26742.gnutls-devel@lists.gnutls.org>



Merge request !1816 was closed by Ramesh Adhikari
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1816
Project:Branches: SilentSobs/gnutls:test_source_fix to gnutls/gnutls:master
Author: Ramesh Adhikari
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1816
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240303/a702886b/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar  3 21:26:53 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 03 Mar 2024 20:26:53 +0000
Subject: [gnutls-devel] GnuTLS | tests: rewrite 'hello_retry_request' as
 single process (!1817)
References: <reply-33746d6919538f954ae9d77a26e590a4@gitlab.com>
Message-ID: <mailman.13601.1709497658.26742.gnutls-devel@lists.gnutls.org>



Sahil Siddiq created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817

Project:Branches: valdaarhun/gnutls:test_single_process to gnutls/gnutls:master
Author:   Sahil Siddiq




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

tests: rewrite 'hello_retry_request' as single process

Part of issue #1472.


Signed-off-by: Sahil Siddiq <icegambit91 at gmail.com>

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [x] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240303/856058e0/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 00:48:32 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 03 Mar 2024 23:48:32 +0000
Subject: [gnutls-devel] GnuTLS | tests: rewrite 'hello_retry_request' as
 single process (!1817)
In-Reply-To: <merge_request_286147038@gitlab.com>
References: <reply-dd4ea1c4121010a0d4552fbbb191c4f9@gitlab.com>
 <merge_request_286147038@gitlab.com>
Message-ID: <mailman.13602.1709509728.26742.gnutls-devel@lists.gnutls.org>



Merge request !1817 was set to auto-merge by Daiki Ueno
Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817
Project:Branches: valdaarhun/gnutls:test_single_process to gnutls/gnutls:master
Author: Sahil Siddiq
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240303/2893660c/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 00:48:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 03 Mar 2024 23:48:07 +0000
Subject: [gnutls-devel] GnuTLS | tests: rewrite 'hello_retry_request' as
 single process (!1817)
In-Reply-To: <merge_request_286147038@gitlab.com>
References: <reply-d73e1b217dea54873ce51d5d97f53fa6@gitlab.com>
 <merge_request_286147038@gitlab.com>
Message-ID: <mailman.13605.1709509733.26742.gnutls-devel@lists.gnutls.org>



Merge request !1817 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817
Project:Branches: valdaarhun/gnutls:test_single_process to gnutls/gnutls:master
Author: Sahil Siddiq
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240303/ee5c7ef2/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 00:48:22 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 03 Mar 2024 23:48:22 +0000
Subject: [gnutls-devel] GnuTLS | tests: rewrite 'hello_retry_request' as
 single process (!1817)
In-Reply-To: <merge_request_286147038@gitlab.com>
References: <reply-d71f89683e4c7153086a8cce9938b21d@gitlab.com>
 <merge_request_286147038@gitlab.com>
Message-ID: <mailman.13606.1709509747.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817#note_1798616505

Nice work, thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817#note_1798616505
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240303/439ca3bf/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 01:02:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 00:02:33 +0000
Subject: [gnutls-devel] GnuTLS | tests: rewrite 'hello_retry_request' as
 single process (!1817)
In-Reply-To: <merge_request_286147038@gitlab.com>
References: <reply-dbaa4eea49a5c364ff339ded1716c4d8@gitlab.com>
 <merge_request_286147038@gitlab.com>
Message-ID: <mailman.13607.1709510571.26742.gnutls-devel@lists.gnutls.org>



Merge request !1817 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817
Project:Branches: valdaarhun/gnutls:test_single_process to gnutls/gnutls:master
Author: Sahil Siddiq

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1817
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/a034f796/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 02:48:08 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 01:48:08 +0000
Subject: [gnutls-devel] GnuTLS | #1530 Fix macro naming in errors.h
 Signed-off-by: Ramesh <adhikari.resume@gmail.com> (!1815)
In-Reply-To: <merge_request_285993001@gitlab.com>
References: <reply-c6cdfd54fb1f46c74c6981cbfa61180f@gitlab.com>
 <merge_request_285993001@gitlab.com>
Message-ID: <mailman.13610.1709516905.26742.gnutls-devel@lists.gnutls.org>



Merge request !1815 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1815
Project:Branches: SilentSobs/gnutls:macro-fix to gnutls/gnutls:master
Author: Ramesh Adhikari

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1815
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/c110d6d9/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 02:50:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 01:50:54 +0000
Subject: [gnutls-devel] GnuTLS | Typo in definition of `_gnutls_no_log`
 when `C99_MACROS` is undefined. (#1530)
In-Reply-To: <issue_142703926@gitlab.com>
References: <reply-ad2fab8a61468340095bb915cf0a091e@gitlab.com>
 <issue_142703926@gitlab.com>
Message-ID: <mailman.13611.1709517071.26742.gnutls-devel@lists.gnutls.org>



Issue was closed by Daiki Ueno 
Issue #1530: https://gitlab.com/gnutls/gnutls/-/issues/1530

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1530
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/3fbd41af/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 02:50:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 01:50:54 +0000
Subject: [gnutls-devel] GnuTLS | Typo in definition of `_gnutls_no_log`
 when `C99_MACROS` is undefined. (#1530)
In-Reply-To: <issue_142703926@gitlab.com>
References: <reply-e2414f0a4d86fe9077767e195060366d@gitlab.com>
 <issue_142703926@gitlab.com>
Message-ID: <mailman.13612.1709517098.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1530#note_1798665733

Thanks for the report; this has been fixed through !1815.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1530#note_1798665733
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/b0d4a279/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 02:53:28 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 01:53:28 +0000
Subject: [gnutls-devel] GnuTLS | Add API to check whether session tickets
 are enabled (#1531)
References: <reply-57918a05685ff67c0efdf879b2a7b089@gitlab.com>
Message-ID: <mailman.13613.1709517220.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1531



As pointed by Oto ???va in a [post](https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004842.html), there is currently no way to check whether session tickets are enabled by the configuration. It would be nice there is an API for that.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1531
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/0dbc788c/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 09:04:09 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 08:04:09 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-02da0758d8d7e1dc8aa850be4cd8e068@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13615.1709539461.26742.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1798927195

Checked the changes. Looks good imo.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1798927195
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/757d6ce6/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 13:44:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 12:44:54 +0000
Subject: [gnutls-devel] GnuTLS | Fix mingw build on fedora (!1818)
References: <reply-99d819e053a0b176215668e34430dce2@gitlab.com>
Message-ID: <mailman.13616.1709556336.26742.gnutls-devel@lists.gnutls.org>



Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818

Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author:   Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno


Seems like sometimes the definition of `stuct timeval` might be inconsistent. Use `TIMEVAL` typedef instead.

Signed-off-by: Zoltan Fridrich <zfridric at redhat.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/0386efbb/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 13:44:52 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 12:44:52 +0000
Subject: [gnutls-devel] GnuTLS | Fix mingw build on fedora (!1818)
In-Reply-To: <merge_request_286283700@gitlab.com>
References: <reply-75033b4fdf8eee3d13b81357093c8306@gitlab.com>
 <merge_request_286283700@gitlab.com>
Message-ID: <mailman.13619.1709556338.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/2d9682f7/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 13:45:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 12:45:01 +0000
Subject: [gnutls-devel] GnuTLS | Fix mingw build on fedora (!1818)
In-Reply-To: <merge_request_286283700@gitlab.com>
References: <reply-8c5f66c2d762618d7e7a13484d5a3f09@gitlab.com>
 <merge_request_286283700@gitlab.com>
Message-ID: <mailman.13620.1709556345.26742.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1818

https://gitlab.com/gnutls/gnutls/-/merge_requests/1818

Zolt?n Fridrich was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/9d83b9f9/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 13:50:49 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 12:50:49 +0000
Subject: [gnutls-devel] GnuTLS | Fix mingw build on fedora (!1818)
In-Reply-To: <merge_request_286283700@gitlab.com>
References: <reply-725c8871f89a3975b89fde81c44173f3@gitlab.com>
 <merge_request_286283700@gitlab.com>
Message-ID: <mailman.13621.1709556664.26742.gnutls-devel@lists.gnutls.org>



Merge request !1818 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/73b7228f/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar  4 13:51:53 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Mar 2024 12:51:53 +0000
Subject: [gnutls-devel] GnuTLS | Fix mingw build on fedora (!1818)
In-Reply-To: <merge_request_286283700@gitlab.com>
References: <reply-2778bb1043efb707b3f632e2bf825c29@gitlab.com>
 <merge_request_286283700@gitlab.com>
Message-ID: <mailman.13624.1709556758.26742.gnutls-devel@lists.gnutls.org>



Merge request !1818 was set to auto-merge by Zolt?n Fridrich
Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240304/d2a05924/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar  5 09:30:43 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Mar 2024 08:30:43 +0000
Subject: [gnutls-devel] GnuTLS | Fix mingw build on fedora (!1818)
In-Reply-To: <merge_request_286283700@gitlab.com>
References: <reply-114f7f1224e8e238d5ab1f17de0d897a@gitlab.com>
 <merge_request_286283700@gitlab.com>
Message-ID: <mailman.13636.1709627489.26742.gnutls-devel@lists.gnutls.org>



Merge request !1818 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1818
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240305/fe51618f/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar  5 13:13:51 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Mar 2024 12:13:51 +0000
Subject: [gnutls-devel] GnuTLS |
 gnutls_x509_trust_list_add_system_trust() is extremely slow (#1528)
In-Reply-To: <note_1778173477@gitlab.com>
References: <reply-98ab16e413da4df9f121b4343eb815ff@gitlab.com>
 <issue_142245797@gitlab.com> <note_1778108934@gitlab.com>
 <note_1778173477@gitlab.com>
Message-ID: <mailman.13640.1709640875.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1528#note_1801377672

Indeed, we probably should have some refcounting there.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1528#note_1801377672
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240305/3eef6182/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar  5 14:49:38 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Mar 2024 13:49:38 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <note_1784450009@gitlab.com>
References: <reply-5000ac830e5a73a9204cfa0dbe7a0521@gitlab.com>
 <merge_request_276919883@gitlab.com> <note_1760366078@gitlab.com>
 <note_1770643905@gitlab.com> <note_1770748197@gitlab.com>
 <note_1782705048@gitlab.com> <note_1784450009@gitlab.com>
Message-ID: <mailman.13643.1709646593.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1801612808

Thank you for working on that; yeah, 10 minutes more is probably not worth it. My only concern was that if we change the spec, we would need to propagate the changes to .gitlab-ci.yml. If it's not too much burden I wouldn't oppose to just have a separate CI stage that mimics Fedora build.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1801612808
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240305/2debd7f1/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar  5 17:00:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Mar 2024 16:00:01 +0000
Subject: [gnutls-devel] GnuTLS | vsftpd: GnuTLS error -15 in
 gnutls_record_recv. An unexpected TLS packet was received (#1532)
References: <reply-fa30e9ca583bbe565cbdf7e16cff69c6@gitlab.com>
Message-ID: <mailman.13644.1709654419.26742.gnutls-devel@lists.gnutls.org>



Fabrice Kakcha Ntichi created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1532



Hello guys,

I am creating this issue because I am trying to launch the vsftpd server with a non-root user. To do that, I set the config run_as_launching_user to YES (run_as_launching_user=YES).

But, when I enter the user / password for the user, I got the error (GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received.):
10:02:17  Status:         Connection established, waiting for welcome message...
10:02:17  Status:         Initializing TLS...
10:02:17  Status:         Verifying certificate...
10:02:17  Status:         TLS connection established.
10:02:17  Command:  USER alpine
10:02:17  Response:   331 Please specify the password.
10:02:17  Command:  PASS *************
10:02:17  Error:           GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received.
10:02:17  Error:           Could not read from socket: ECONNABORTED - Connection aborted
10:02:17  Error:           Could not connect to server

-------------------------------------------------
I am using the OS Alpine version 3.19.1

My vsftp config file is:

----------------------------
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
# Allow anonymous user to connect to server in RO mode
# FIXME: ? d?commenter
anonymous_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_world_readable_only=YES
anon_root=/ftp/alpine
# FIXME: ? remettre ? allow_anon_ssl=NO
allow_anon_ssl=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# FIXME: connect_from_port_20=YES
connect_from_port_20=NO
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/dev/stdout
xferlog_file=/opt/app/var/log/xferlog
# vsftpd_log_file=/proc/1/fd/1
vsftpd_log_file=/opt/app/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
# Windows explorer uses ascii mode
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome Alpine ftp server
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=NO
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
listen_ipv6=NO

# FIXME:
## Enable passive mode
pasv_enable=YES
pasv_addr_resolve=NO

## Disable seccomp filter sanboxing
seccomp_sandbox=NO
# Run in background
# normalement YES, mais quand :
#vsftpd_1     | pidfd_open syscall is not supported, falling back to polling
#vsftpd_1     | failed to watch for direct child exit (pidfd_open error): Function not implemented
#vsftpd_1     | process has died, quitting
#digital-lab_vsftpd_1 exited with code 0
# NON fait que ?? fonctionne...
background=NO

# (source : https://www.installerunserveur.com/configuration-vsftpd)
# Options for SSL
# encrypted connections.

# FIXME: ? d?commenter lorsqu'on aura mis en place le SSL
ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
# Certains clients FTP n?cessitent cette ligne
# require_ssl_reuse=NO

ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES

# FIXME: a d?commenter
# ssl_ciphers=HIGH

#strict_ssl_read_eof=NO

#rsa_cert_file=/run/secrets/certfile
# FIXME: ? supprimer
rsa_cert_file=/ftp/alpine/tls.crt
rsa_private_key_file=/ftp/alpine/tls.key
# if you want vsftpd to run as the user which launched vsftpd. Error `vsftpd: must be started as root (see run_as_launching_user option)`
run_as_launching_user=YES

pasv_min_port=40000
pasv_max_port=40001
# The port vsftpd will listen on. Privileged ports: https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html
listen_port=2784
# FIXME: A supprimer
ftp_username=alpine
# directory which vsftpd will try to change into after a local(i.e. non-anonymous) login
local_root=/ftp/alpine
ftp_data_port=40010

debug_ssl=YES
# Show session status infos
setproctitle_enable=YES
# Virtual users will have the same priv as local users
# virtual_use_local_privs=YES
# pam_service_name=vsftpd_virtual
log_ftp_protocol=YES
seccomp_sandbox=NO
-------------

I don?t know why I am getting the GnuTLS error, how can I fix that please ?
Any help will be much appreciated.

Thanks in advance.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1532
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240305/dbbb94cd/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Mar  7 10:03:49 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 07 Mar 2024 09:03:49 +0000
Subject: [gnutls-devel] libtasn1 | Potential Buffer Overrun in
 _asn1_tag_der() (#49)
In-Reply-To: <issue_142675697@gitlab.com>
References: <reply-64453cc79588839cd18eecaf444ee117@gitlab.com>
 <issue_142675697@gitlab.com>
Message-ID: <mailman.13658.1709802244.26742.gnutls-devel@lists.gnutls.org>




Gary Lin commented: https://gitlab.com/gnutls/libtasn1/-/issues/49#note_1804949855

The other coverity issues are actually false positive. I posted my analysis in grub-devel:
https://lists.gnu.org/archive/html/grub-devel/2024-03/msg00016.html

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/49#note_1804949855
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240307/0d2c360c/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Mar  7 15:27:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 07 Mar 2024 14:27:07 +0000
Subject: [gnutls-devel] libtasn1 | Potential Buffer Overrun in
 asn1_der_decoding2() (#50)
In-Reply-To: <issue_142780215@gitlab.com>
References: <reply-6ccac5a9254737c8eae6ff9e7297e05d@gitlab.com>
 <issue_142780215@gitlab.com>
Message-ID: <mailman.13661.1709821676.26742.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/issues/50#note_1805772076

DER data is not NUL terminated, it has its own internal length encoding but generally that data cannot be trusted so you always have to pass around a DER-blob together with its known allocated memory size in C.

I didn't analyze the error further, more thinking is welcome.

Btw, I have added a CI/CD pipeline job to run coverity checks and it triggered a bunch of warnings that we should go through.  Probably they are quite similar to the errors you got.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/50#note_1805772076
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240307/db1b9530/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Mar  7 15:30:46 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 07 Mar 2024 14:30:46 +0000
Subject: [gnutls-devel] libtasn1 | Potential Buffer Overrun in
 _asn1_tag_der() (#49)
In-Reply-To: <issue_142675697@gitlab.com>
References: <reply-f1c195500ffb1c7e821b568335f6669d@gitlab.com>
 <issue_142675697@gitlab.com>
Message-ID: <mailman.13662.1709821888.26742.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/issues/49#note_1805777687

Given that this function only handle 0-3 byte lengths, I think it can be implemented in a more readable style without the double loops, and that we should do that.  I haven't been able to convince myself if there ever is any situation where the tag value comes from attacker-controlled data.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/49#note_1805777687
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240307/10966a63/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar  8 23:00:50 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Mar 2024 22:00:50 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-4178b47379219a84c472c2041a96b23e@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13693.1709935293.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1808001553

Thanks for the review @ZoltanFridrich. I only added one more test to cover the changes in `lib/x509/mpi.c` as @tomato42 suggested; will merge it soon.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805#note_1808001553
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240308/c8793c6f/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar  8 23:01:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Mar 2024 22:01:37 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-408eb62f9e83a10459a60f5fbd7f8f24@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13694.1709935344.26742.gnutls-devel@lists.gnutls.org>



Merge request !1805 was set to auto-merge by Daiki Ueno
Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240308/d362353b/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  9 02:14:47 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 09 Mar 2024 01:14:47 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-c626147d9e78c721482de900327c61da@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13698.1709946931.26742.gnutls-devel@lists.gnutls.org>



Merge request !1805 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240309/56dfd169/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar  9 23:01:10 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 09 Mar 2024 22:01:10 +0000
Subject: [gnutls-devel] GnuTLS | x509: fix reading of MGF-1 OID (!1819)
References: <reply-b05205dd606bc692848c1e94a8af134b@gitlab.com>
Message-ID: <mailman.13701.1710021687.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819

Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep-followup to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* x509: fix reading of MGF-1 OID

asn1_read_value may return error code in a positive integer thus the
previous code could lead to an access to uninitialized value.  This is
a regression in the RSA-OAEP support.  Spotted by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67300

Signed-off-by: Daiki Ueno <ueno at gnu.org>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240309/63466b3c/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 10 02:33:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 10 Mar 2024 01:33:01 +0000
Subject: [gnutls-devel] GnuTLS | x509: fix reading of MGF-1 OID (!1819)
In-Reply-To: <merge_request_287640701@gitlab.com>
References: <reply-5ba912aaa195c6bff87e57c2ea09d5ab@gitlab.com>
 <merge_request_287640701@gitlab.com>
Message-ID: <mailman.13702.1710034428.26742.gnutls-devel@lists.gnutls.org>



Zolt?n Fridrich was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240310/1200f3f4/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 11 09:58:35 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Mar 2024 08:58:35 +0000
Subject: [gnutls-devel] GnuTLS | x509: fix reading of MGF-1 OID (!1819)
In-Reply-To: <merge_request_287640701@gitlab.com>
References: <reply-9d325c2feb1dd131804ee14dfa496f6c@gitlab.com>
 <merge_request_287640701@gitlab.com>
Message-ID: <mailman.13704.1710147530.26742.gnutls-devel@lists.gnutls.org>



Merge request !1819 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819
Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep-followup to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewer: Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240311/9535b2ca/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 11 09:59:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Mar 2024 08:59:14 +0000
Subject: [gnutls-devel] GnuTLS | x509: fix reading of MGF-1 OID (!1819)
In-Reply-To: <merge_request_287640701@gitlab.com>
References: <reply-39cc4ff81b955c55d1c76292c751ec1f@gitlab.com>
 <merge_request_287640701@gitlab.com>
Message-ID: <mailman.13707.1710147598.26742.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819#note_1808976249

Fix looks good.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819#note_1808976249
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240311/2d831df2/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 11 11:58:53 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Mar 2024 10:58:53 +0000
Subject: [gnutls-devel] GnuTLS | x509: fix reading of MGF-1 OID (!1819)
In-Reply-To: <merge_request_287640701@gitlab.com>
References: <reply-5c53aed8695846e1ff60376459c101f5@gitlab.com>
 <merge_request_287640701@gitlab.com>
Message-ID: <mailman.13708.1710154748.26742.gnutls-devel@lists.gnutls.org>



Merge request !1819 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819
Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep-followup to gnutls/gnutls:master
Author: Daiki Ueno
Reviewer: Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240311/29ff0e46/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 11 11:59:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Mar 2024 10:59:05 +0000
Subject: [gnutls-devel] GnuTLS | x509: fix reading of MGF-1 OID (!1819)
In-Reply-To: <merge_request_287640701@gitlab.com>
References: <reply-641b1371ade1dd29bf9b43c6847a6caa@gitlab.com>
 <merge_request_287640701@gitlab.com>
Message-ID: <mailman.13709.1710154786.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819#note_1809228598

Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1819#note_1809228598
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240311/c04d2d16/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 13 16:29:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 13 Mar 2024 15:29:37 +0000
Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug should emit DHE params
 to stdout/stderr, but not to debug-dh.out unless explicitly requested (#13)
In-Reply-To: <issue_281981@gitlab.com>
References: <reply-bb1076d9ecd89f0c0aae185c6519884d@gitlab.com>
 <issue_281981@gitlab.com>
Message-ID: <mailman.13753.1710343923.26742.gnutls-devel@lists.gnutls.org>




Ramesh Adhikari commented: https://gitlab.com/gnutls/gnutls/-/issues/13#note_1813426057

I am trying to solve this issue. I am encountering some issues the Changes Not Reflecting in gnutls-cli-debug-args

 I've been working on updating the functionality of gnutls-cli-debug-args as part of the issue . However, I've encountered an issue where the changes I've made are not being reflected in the application, even after running make and make clean.

Here are the steps I've taken so far:
Updated the gnutls-cli-debug-args functionality as per the project requirements.
Verified that the code changes are correctly implemented in the source files.
Ran make a to ensure that the changes are compiled and integrated into the project.

I think this files are not included in Makefile.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/13#note_1813426057
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240313/afa84259/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Mar 14 01:03:36 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Mar 2024 00:03:36 +0000
Subject: [gnutls-devel] GnuTLS | NEWS: Mention RSA-OAEP support [ci skip]
 (!1820)
References: <reply-1bcdf0d87d4acf22e3e463de2ac75318@gitlab.com>
Message-ID: <mailman.13757.1710374663.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1820

Project:Branches: dueno/gnutls:wip/dueno/news-update to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* NEWS: Mention RSA-OAEP support [ci skip]

Signed-off-by: Daiki Ueno <ueno at gnu.org>

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [x] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1820
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240314/8711bc0c/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Mar 14 06:15:47 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Mar 2024 05:15:47 +0000
Subject: [gnutls-devel] GnuTLS | NEWS: Mention RSA-OAEP support [ci
 skip] (!1820)
In-Reply-To: <merge_request_288461845@gitlab.com>
References: <reply-8a322df2a666a9a403b797a83cc32e1c@gitlab.com>
 <merge_request_288461845@gitlab.com>
Message-ID: <mailman.13761.1710393362.26742.gnutls-devel@lists.gnutls.org>



Merge request !1820 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1820
Project:Branches: dueno/gnutls:wip/dueno/news-update to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1820
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240314/6725a0f8/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Mar 14 06:15:41 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Mar 2024 05:15:41 +0000
Subject: [gnutls-devel] GnuTLS | NEWS: Mention RSA-OAEP support [ci
 skip] (!1820)
In-Reply-To: <merge_request_288461845@gitlab.com>
References: <reply-1ecba8dcbdab61d24bc967b2c434850f@gitlab.com>
 <merge_request_288461845@gitlab.com>
Message-ID: <mailman.13762.1710393385.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1820#note_1814158680

Merging this without approval, as it's a documentation-only change.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1820#note_1814158680
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240314/7776cc4c/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 15 07:48:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 06:48:14 +0000
Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug should emit DHE params
 to stdout/stderr, but not to debug-dh.out unless explicitly requested (#13)
In-Reply-To: <issue_281981@gitlab.com>
References: <reply-14696f50781bfdd38e69f827c991b4b0@gitlab.com>
 <issue_281981@gitlab.com>
Message-ID: <mailman.13803.1710485336.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/13#note_1816222085

Thank you for working on this @SilentSobs! To add a new command line option to gnutls-cli-debug, one would need to modify `src/gnutls-cli-debug-options.json`, which is in turn processed by Python [scripts](https://gitlab.com/gnutls/cligen) to generate `src/gnutls-cli-debug-options.c` and `src/gnutls-cli-debug-options.h` at `make`, unless there is a timestamp file (`src/gnutls-cli-debug-options.stamp`) newer than the JSON file.

Maybe you could try again after removing `src/gnutls-cli-debug-options.stamp` either manually or by running `make maintainer-clean`? If it doesn't work, could you share the code change here in `git diff` format?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/13#note_1816222085
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/c9d40520/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 15 08:07:12 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 07:07:12 +0000
Subject: [gnutls-devel] GnuTLS | Draft: TLS interoperability: test
 actual compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-a71d4e72fafb7f2d847601c0801ec919@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13804.1710486476.26742.gnutls-devel@lists.gnutls.org>



Stanislav ?idek marked merge request !1802 as draft

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/a99460ed/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 15 10:04:39 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 09:04:39 +0000
Subject: [gnutls-devel] GnuTLS | vsftpd: GnuTLS error -15 in
 gnutls_record_recv. An unexpected TLS packet was received (#1532)
In-Reply-To: <issue_142969673@gitlab.com>
References: <reply-6750d676766a90d9fd845fe6f3ea991e@gitlab.com>
 <issue_142969673@gitlab.com>
Message-ID: <mailman.13806.1710493521.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1532#note_1816461019

Hello, sorry for the late reply. As the -15 error can happen in many ways, I would need to replicate the testing environment. What client do you use? If possible, it would be helpful if you could capture the network traffic with Wireshark.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1532#note_1816461019
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/32f07075/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 15 13:59:58 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 12:59:58 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-b55f6606e3c4b06d4a6ef20f773869dc@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13811.1710507610.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/ce704375/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 15 13:59:59 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 12:59:59 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-06a216abe64da8f7a08c6d26fd26e8d6@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13812.1710507614.26742.gnutls-devel@lists.gnutls.org>



Stanislav ?idek marked merge request !1802 as ready

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/cd27bdf8/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 15 13:59:59 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 12:59:59 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-d26c2e3f47dd017d5b449be9f1760c99@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13813.1710507622.26742.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1802

https://gitlab.com/gnutls/gnutls/-/merge_requests/1802

Stanislav ?idek was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/5890487a/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 15 14:00:42 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 13:00:42 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <note_1801612808@gitlab.com>
References: <reply-1a624cde9b756779d55f5f30b12d5fc9@gitlab.com>
 <merge_request_276919883@gitlab.com> <note_1760366078@gitlab.com>
 <note_1770643905@gitlab.com> <note_1770748197@gitlab.com>
 <note_1782705048@gitlab.com> <note_1784450009@gitlab.com>
 <note_1801612808@gitlab.com>
Message-ID: <mailman.13814.1710507658.26742.gnutls-devel@lists.gnutls.org>




Stanislav ?idek commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1816939655

@dueno Did changes as agreed, could you review, please?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1816939655
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/2a81666f/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 00:55:00 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 23:55:00 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-37c2f2e427c3b19db2d23b3c38321bf2@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13818.1710546917.26742.gnutls-devel@lists.gnutls.org>



Merge request !1802 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
Project:Branches: ep69/gnutls:interop-version to gnutls/gnutls:master
Author: Stanislav ?idek
Assignee: Stanislav ?idek
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/59f929aa/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 00:55:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 23:55:01 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-be0b3ce96c198bc326a554149d91c43b@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13821.1710546948.26742.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1802 was reviewed by Daiki Ueno

--
  
Daiki Ueno started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1817654982

> +    - fedora/bootstrap
> +  script:
> +    - dnf install -y libunistring-devel libtasn1-devel libidn-devel

Can we pull those in [build-images](https://gitlab.com/gnutls/build-images)?




-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/5428be3f/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 00:55:00 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Mar 2024 23:55:00 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-3e148896225c8f13ed65796a69dcbf73@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13822.1710546953.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1817654985

Looks good to me!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1817654985
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240315/24882098/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 09:54:48 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Mar 2024 08:54:48 +0000
Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug should emit DHE params
 to stdout/stderr, but not to debug-dh.out unless explicitly requested (#13)
In-Reply-To: <issue_281981@gitlab.com>
References: <reply-d06dd4e9e3356bfdf394c87f5dd0b68d@gitlab.com>
 <issue_281981@gitlab.com>
Message-ID: <mailman.13823.1710579303.26742.gnutls-devel@lists.gnutls.org>




Ramesh Adhikari commented: https://gitlab.com/gnutls/gnutls/-/issues/13#note_1817761438

In our program, we're utilizing command-line arguments to enable users to specify a directory path where output files will be saved. Given this approach, we need to decide whether to advise users to include the file extension when specifying the filename in the directory path argument. Alternatively, we could standardize the filename to be the same for all outputs, such as "debug-dh.out", where users only need to provide the directory path.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/13#note_1817761438
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240316/853c6df7/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 13:51:43 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Mar 2024 12:51:43 +0000
Subject: [gnutls-devel] GnuTLS | Fix a few typos found by codespell (!1821)
References: <reply-4f52c587b670968ca299aca8602d2ab3@gitlab.com>
Message-ID: <mailman.13836.1710593515.26742.gnutls-devel@lists.gnutls.org>



Dimitri Papadopoulos Orfanos created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1821

Project:Branches: DimitriPapadopoulos/gnutls:codespell to gnutls/gnutls:master
Author:   Dimitri Papadopoulos Orfanos




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Fix a few typos found by codespell

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos at users.noreply.gitlab.com>

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [x] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1821
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240316/ebb73837/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 16:39:19 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Mar 2024 15:39:19 +0000
Subject: [gnutls-devel] GnuTLS | Fixed DHE params output in gnutls-cli-debug
 (!1822)
References: <reply-175cda8414b269946e8eacf7afa2326e@gitlab.com>
Message-ID: <mailman.13839.1710603574.26742.gnutls-devel@lists.gnutls.org>



Ramesh Adhikari created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822

Project:Branches: SilentSobs/gnutls:dhe-params-stdout to gnutls/gnutls:master
Author:   Ramesh Adhikari




This commit addresses an issue where gnutls-cli-debug was emitting Diffie-Hellman Ephemeral (DHE) parameters to a statically-named file (debug-dh.out) when run with the --verbose option. This behavior posed a potential security risk, as it could inadvertently create files in directories where arbitrary file creation could have unintended side effects.

To mitigate this issue, the behavior has been modified such that DHE parameters are now directed to stdout/stderr by default. Additionally, users have the option to specify a file path using the --dhparams-out=str argument to save the parameters to a file if desired.

This change improves security by ensuring that DHE parameters are handled safely, while still providing users with the flexibility to save them to a file if needed.

* Fixed DHE params output in gnutls-cli-debug

Signed-off-by: Ramesh Adhikari <adhikari.resume at gmail.com>

## Checklist
 * [*] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [*] Code modified for feature
 * [*] Test suite updated with functionality tests
 * [*] Test suite updated with negative tests
 * [] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [*] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240316/37a3a933/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 16:56:38 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Mar 2024 15:56:38 +0000
Subject: [gnutls-devel] GnuTLS | Fixed DHE params output in
 gnutls-cli-debug (!1822)
In-Reply-To: <merge_request_289023457@gitlab.com>
References: <reply-df5ffd4fac81751d7eda2b52f09de38b@gitlab.com>
 <merge_request_289023457@gitlab.com>
Message-ID: <mailman.13840.1710604640.26742.gnutls-devel@lists.gnutls.org>




Ramesh Adhikari commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822#note_1817860375

At my end, it is working fine. I'm unable to understand why the pipeline is failing. Furthermore, more changes are needed, and I just want to confirm whether I am proceeding correctly or not.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822#note_1817860375
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240316/0881e707/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 23:53:30 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Mar 2024 22:53:30 +0000
Subject: [gnutls-devel] GnuTLS | Fix a few typos found by codespell
 (!1821)
In-Reply-To: <merge_request_289017680@gitlab.com>
References: <reply-a31d4b85fb5d0139e86ee1f2d75f9b99@gitlab.com>
 <merge_request_289017680@gitlab.com>
Message-ID: <mailman.13841.1710629622.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1821#note_1817991946

Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1821#note_1817991946
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240316/d7c2c6fd/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 23:53:12 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Mar 2024 22:53:12 +0000
Subject: [gnutls-devel] GnuTLS | Fix a few typos found by codespell
 (!1821)
In-Reply-To: <merge_request_289017680@gitlab.com>
References: <reply-c9a5554d068863f16d9d1208321a1dfd@gitlab.com>
 <merge_request_289017680@gitlab.com>
Message-ID: <mailman.13842.1710629635.26742.gnutls-devel@lists.gnutls.org>



Merge request !1821 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1821
Project:Branches: DimitriPapadopoulos/gnutls:codespell to gnutls/gnutls:master
Author: Dimitri Papadopoulos Orfanos
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1821
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240316/c04567eb/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 23:53:21 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Mar 2024 22:53:21 +0000
Subject: [gnutls-devel] GnuTLS | Fix a few typos found by codespell
 (!1821)
In-Reply-To: <merge_request_289017680@gitlab.com>
References: <reply-c8b81d9c6d44343769ec87c71519af24@gitlab.com>
 <merge_request_289017680@gitlab.com>
Message-ID: <mailman.13845.1710629645.26742.gnutls-devel@lists.gnutls.org>



Merge request !1821 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1821
Project:Branches: DimitriPapadopoulos/gnutls:codespell to gnutls/gnutls:master
Author: Dimitri Papadopoulos Orfanos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1821
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240316/d2bd595f/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 16 23:57:42 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Mar 2024 22:57:42 +0000
Subject: [gnutls-devel] GnuTLS | Fixed DHE params output in
 gnutls-cli-debug (!1822)
In-Reply-To: <note_1817860375@gitlab.com>
References: <reply-a8c0a7fce059f7abc750db68616e5eb4@gitlab.com>
 <merge_request_289023457@gitlab.com> <note_1817860375@gitlab.com>
Message-ID: <mailman.13846.1710629904.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822#note_1817992416

The pipeline is failing because of indentation [error](https://gitlab.com/SilentSobs/gnutls/-/jobs/6409303751), which you could fix it by running `devel/indent-gnutls`. However, that requires Clang 16 and if you see the failures still, try running the script in a container, something like:
```console
podman run -ti -v gnutls:/tmp/gnutls:Z -w /tmp/gnutls registry.gitlab.com/gnutls/build-images:buildenv-alpine-base devel/indent-gnutls
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822#note_1817992416
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240316/868918e9/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 17 12:47:44 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Mar 2024 11:47:44 +0000
Subject: [gnutls-devel] GnuTLS | Fixed DHE params output in
 gnutls-cli-debug (!1822)
In-Reply-To: <merge_request_289023457@gitlab.com>
References: <reply-0a3ca11c58ee5c7bb4f0039850924280@gitlab.com>
 <merge_request_289023457@gitlab.com>
Message-ID: <mailman.13849.1710676108.26742.gnutls-devel@lists.gnutls.org>




Ramesh Adhikari commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822#note_1818125762

Apologies for the numerous commits; I'm new to this process of rebasing and editing commits, and encountered several errors along the way. The work is still ongoing, and I just need to confirm whether I'm proceeding correctly or not.

1)**Let's consider a scenario where the user didn't provide the --dhparams-out option. In this case, the output will be displayed on the terminal immediately:**

![image](/uploads/ea2a4df66a51da80a1910c6e2545acba/image.png)

2)**If the user provides a path to save the file:**
```
sudo gnutls-cli-debug example.com --verbose --dhparams-out po/a.out
```
The output won't be shown on the standard output (stdout); instead, it will be saved in the specified file

![image](/uploads/81d45691fbbe67869bcd1075c467a8c4/image.png)
The content will be saved in the file as follows:
![image](/uploads/197f56573d03375309296306959297f5/image.png)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822#note_1818125762
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240317/5c408cf1/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 17 14:58:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Mar 2024 13:58:37 +0000
Subject: [gnutls-devel] GnuTLS | Fixed DHE params output in
 gnutls-cli-debug (!1822)
In-Reply-To: <merge_request_289023457@gitlab.com>
References: <reply-5367362c1150a18bc01a0987eeb8002b@gitlab.com>
 <merge_request_289023457@gitlab.com>
Message-ID: <mailman.13850.1710683959.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1822 were resolved by Ramesh Adhikari

https://gitlab.com/gnutls/gnutls/-/merge_requests/1822

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240317/f97f5c7d/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 10:55:41 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 09:55:41 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <note_1817654982@gitlab.com>
References: <reply-1530fb48025ce2a13ceafb8027ec97d5@gitlab.com>
 <merge_request_276919883@gitlab.com> <note_1817654982@gitlab.com>
Message-ID: <mailman.13854.1710755752.26742.gnutls-devel@lists.gnutls.org>




Stanislav ?idek commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1818765714

>    needs:
>      - fedora-minimal/build
>  
> +# using same configure arguments as in Fedora RPM build
> +fedora/build:
> +  extends:
> +    - .build
> +    - .fedora
> +  needs:
> +    - fedora/bootstrap
> +  script:
> +    - dnf install -y libunistring-devel libtasn1-devel libidn-devel

@dueno I was thinking of creating another MR with Fedora 39, it would be good fit to make this kind of optimization there. Is it ok with you?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1818765714
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/65dffd23/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 13:43:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 12:43:14 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-b32d3d5b1200c6ad923017f91511c213@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13905.1710765844.26742.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1823

https://gitlab.com/gnutls/gnutls/-/merge_requests/1823

Zolt?n Fridrich was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/1c87548b/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 13:43:16 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 12:43:16 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
References: <reply-958812daf23fac1dc92e01ee5add5759@gitlab.com>
Message-ID: <mailman.13906.1710765850.26742.gnutls-devel@lists.gnutls.org>



Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823

Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author:   Zolt?n Fridrich
Assignee: Zolt?n Fridrich



## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/24279c2a/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 13:44:24 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 12:44:24 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-0e2d92a0f5ea516fbd5a341d8c52d3ae@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13907.1710765909.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/8b0a5f8a/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 14:04:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 13:04:54 +0000
Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.4 release (!9)
References: <reply-82a055db541dc588540365513a23fb66@gitlab.com>
Message-ID: <mailman.13908.1710767140.26742.gnutls-devel@lists.gnutls.org>



Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/abi-dump/-/merge_requests/9

Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main
Author:   Zolt?n Fridrich
Assignee: Zolt?n Fridrich



Signed-off-by: Zoltan Fridrich <zfridric at redhat.com>

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/9
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/a43967b8/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 14:05:00 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 13:05:00 +0000
Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.4 release (!9)
In-Reply-To: <merge_request_289213891@gitlab.com>
References: <reply-c611dd4ba3ed5a647633be664f7f7d65@gitlab.com>
 <merge_request_289213891@gitlab.com>
Message-ID: <mailman.13909.1710767144.26742.gnutls-devel@lists.gnutls.org>



Merge request !9 was merged
Merge request URL: https://gitlab.com/gnutls/abi-dump/-/merge_requests/9
Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/9
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/51926eff/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 14:04:49 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 13:04:49 +0000
Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.4 release (!9)
In-Reply-To: <merge_request_289213891@gitlab.com>
References: <reply-9bee1bb42224c06429cd42695cc7cdfd@gitlab.com>
 <merge_request_289213891@gitlab.com>
Message-ID: <mailman.13912.1710767147.26742.gnutls-devel@lists.gnutls.org>



Reassigned merge request 9

https://gitlab.com/gnutls/abi-dump/-/merge_requests/9

Zolt?n Fridrich was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/9
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/009b2ec9/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 17:55:28 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 16:55:28 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-57c0cec3afb2d0cfd4bcdea7fbe96188@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13915.1710780943.26742.gnutls-devel@lists.gnutls.org>



Merge request !1823 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/5a47683d/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 17:55:36 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 16:55:36 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-128e1742f8f3812e5c25500770ba234d@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13916.1710780947.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1819607328

Looks good to me, thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1819607328
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/6d0e8a41/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 17:59:15 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 16:59:15 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-bf6c4797c44c9a47e848a8fd98d3934f@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13919.1710781169.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1819612323

>     to import restricted private keys if they are stored in PKCS#8
>     format.
>  
> +** libgnutls: Fix side-channel in the constant-time RSA-PSK.
> +   Reported by George Pantelakis, Alexander Sosedkin (#1526).
> +   [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
> +
> +** libgnutls: Fixed a bug where certtool crashed when verifying a certificate
> +   chain with more than 16 certificates. Reported by yixiangzhike (#1527)

Might also make sense to credit #1525.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1819612323
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/b45df5d7/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 22:37:11 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 21:37:11 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <note_1818765714@gitlab.com>
References: <reply-d9fb97d4649ed198bcefc756114a87c1@gitlab.com>
 <merge_request_276919883@gitlab.com> <note_1817654982@gitlab.com>
 <note_1818765714@gitlab.com>
Message-ID: <mailman.13920.1710797880.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1819904654

>    needs:
>      - fedora-minimal/build
>  
> +# using same configure arguments as in Fedora RPM build
> +fedora/build:
> +  extends:
> +    - .build
> +    - .fedora
> +  needs:
> +    - fedora/bootstrap
> +  script:
> +    - dnf install -y libunistring-devel libtasn1-devel libidn-devel

That's fine with me. As for migrating to Fedora 39, there is !1796 ongoing, though there are quite a few issues including broken MinGW64 testing.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802#note_1819904654
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/a47e27da/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 23:16:53 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 22:16:53 +0000
Subject: [gnutls-devel] GnuTLS | Make compression libraries dynamically
 loadable (#1424)
In-Reply-To: <issue_118232107@gitlab.com>
References: <reply-6a145b0b39b0f2d541d6dfbe1f588637@gitlab.com>
 <issue_118232107@gitlab.com>
Message-ID: <mailman.13925.1710800255.26742.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.4 (Jan 17, 2024?Mar 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/42 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1424
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/c9724ae0/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 23:19:49 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 22:19:49 +0000
Subject: [gnutls-devel] GnuTLS | Support RSA-OAEP (!1805)
In-Reply-To: <merge_request_280758695@gitlab.com>
References: <reply-ce0b70bea62f9ea50b7115048cdb015c@gitlab.com>
 <merge_request_280758695@gitlab.com>
Message-ID: <mailman.13926.1710800432.26742.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.4 (Jan 17, 2024?Mar 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/42 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1805
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/4d85ef11/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 18 23:20:09 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Mar 2024 22:20:09 +0000
Subject: [gnutls-devel] GnuTLS | build: allow GMP to be statically
 linked (!1635)
In-Reply-To: <merge_request_172404695@gitlab.com>
References: <reply-c5afdad05e41ecacaeebd3517f7e761b@gitlab.com>
 <merge_request_172404695@gitlab.com>
Message-ID: <mailman.13927.1710800453.26742.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.4 (Jan 17, 2024?Mar 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/42 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1635
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240318/34ddeaab/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 04:11:51 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 03:11:51 +0000
Subject: [gnutls-devel] GnuTLS | Fixed DHE params output in
 gnutls-cli-debug (!1822)
In-Reply-To: <note_1817992416@gitlab.com>
References: <reply-3189c770968a92a70158645337d7fdcf@gitlab.com>
 <merge_request_289023457@gitlab.com> <note_1817860375@gitlab.com>
 <note_1817992416@gitlab.com>
Message-ID: <mailman.13929.1710817931.26742.gnutls-devel@lists.gnutls.org>




Ramesh Adhikari commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822#note_1820102658

Done

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822#note_1820102658
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/a3e353e4/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 09:00:15 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 08:00:15 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <note_1820340271@gitlab.com>
References: <reply-ca0dd9ea3a64226123f8a67ebf91d35a@gitlab.com>
 <merge_request_289208525@gitlab.com> <note_1819612323@gitlab.com>
 <note_1820340271@gitlab.com>
Message-ID: <mailman.13930.1710835232.26742.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented on a discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1820340863

>     to import restricted private keys if they are stored in PKCS#8
>     format.
>  
> +** libgnutls: Fix side-channel in the constant-time RSA-PSK.
> +   Reported by George Pantelakis, Alexander Sosedkin (#1526).
> +   [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
> +
> +** libgnutls: Fixed a bug where certtool crashed when verifying a certificate
> +   chain with more than 16 certificates. Reported by yixiangzhike (#1527)

sure!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1820340863
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/517ac8a6/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 09:00:15 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 08:00:15 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-317429f690edfa30020e701fa27ab131@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13933.1710835261.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1823 were resolved by Zolt?n Fridrich

https://gitlab.com/gnutls/gnutls/-/merge_requests/1823

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/80e13caa/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 09:12:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 08:12:37 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-1865ff0a3c3cc1c1e79777f9d203ca07@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13934.1710835999.26742.gnutls-devel@lists.gnutls.org>



Merge request !1823 was set to auto-merge by Zolt?n Fridrich
Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/1116174e/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 10:00:15 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 09:00:15 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-a7b73b8d36309d941d3000c1ff2fce2c@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13935.1710838836.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1802 were resolved by Stanislav ?idek

https://gitlab.com/gnutls/gnutls/-/merge_requests/1802

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/de6cf3b0/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 10:00:57 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 09:00:57 +0000
Subject: [gnutls-devel] GnuTLS | TLS interoperability: test actual
 compiled master (!1802)
In-Reply-To: <merge_request_276919883@gitlab.com>
References: <reply-b2a8b30a28fde5e7f18f5c7cdc78fb9b@gitlab.com>
 <merge_request_276919883@gitlab.com>
Message-ID: <mailman.13938.1710838907.26742.gnutls-devel@lists.gnutls.org>



Merge request !1802 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
Project:Branches: ep69/gnutls:interop-version to gnutls/gnutls:master
Author: Stanislav ?idek
Assignee: Stanislav ?idek
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/13c887db/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 11:31:48 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 10:31:48 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-a76cc269ebf153dfc9377a5c127bc35c@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13939.1710844326.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1820666848

>     to import restricted private keys if they are stored in PKCS#8
>     format.
>  
> +** libgnutls: Fix side-channel in the constant-time RSA-PSK.

Sorry, this is not about RSA-PSK, but about deterministic ECDSA. Also, the issue is #1516 (not #1526) where Alexander is not the reporter.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1820666848
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/c631d423/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 11:39:36 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 10:39:36 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-0778164c1a9ea0af6aa842f6f7fa3c3e@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13940.1710844790.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1823 were resolved by Zolt?n Fridrich

https://gitlab.com/gnutls/gnutls/-/merge_requests/1823

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/d3df9823/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 11:39:29 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 10:39:29 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <note_1820682929@gitlab.com>
References: <reply-1d8850c097b9c0f943555ac408e54cc1@gitlab.com>
 <merge_request_289208525@gitlab.com> <note_1820666848@gitlab.com>
 <note_1820682929@gitlab.com>
Message-ID: <mailman.13941.1710844810.26742.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented on a discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1820685171

>     to import restricted private keys if they are stored in PKCS#8
>     format.
>  
> +** libgnutls: Fix side-channel in the constant-time RSA-PSK.

sorry, should be fixed now

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823#note_1820685171
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/aa4592b1/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 19 13:20:04 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Mar 2024 12:20:04 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.4 (!1823)
In-Reply-To: <merge_request_289208525@gitlab.com>
References: <reply-3478883f057652ad852217858b70171b@gitlab.com>
 <merge_request_289208525@gitlab.com>
Message-ID: <mailman.13944.1710850819.26742.gnutls-devel@lists.gnutls.org>



Merge request !1823 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1823
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240319/d5e9cd8a/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 20 11:21:59 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Mar 2024 10:21:59 +0000
Subject: [gnutls-devel] web-pages | add notes from 3.8.4 release (!12)
In-Reply-To: <merge_request_289693003@gitlab.com>
References: <reply-5241a06582254e6afe649dfc0949b475@gitlab.com>
 <merge_request_289693003@gitlab.com>
Message-ID: <mailman.13951.1710930164.26742.gnutls-devel@lists.gnutls.org>



Reassigned merge request 12

https://gitlab.com/gnutls/web-pages/-/merge_requests/12

Zolt?n Fridrich was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/12
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240320/d69acf6d/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 20 11:22:06 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Mar 2024 10:22:06 +0000
Subject: [gnutls-devel] web-pages | add notes from 3.8.4 release (!12)
References: <reply-3288374322bbc2f834569aac69ed7010@gitlab.com>
Message-ID: <mailman.13952.1710930170.26742.gnutls-devel@lists.gnutls.org>



Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/12

Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master
Author:   Zolt?n Fridrich
Assignee: Zolt?n Fridrich



Signed-off-by: Zoltan Fridrich <zfridric at redhat.com>

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/12
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240320/b3edfa38/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 20 11:33:46 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Mar 2024 10:33:46 +0000
Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket
 authentication algorithm (#1482)
In-Reply-To: <issue_127337459@gitlab.com>
References: <reply-b1978c4d8a9176ed82bfddf57101b80b@gitlab.com>
 <issue_127337459@gitlab.com>
Message-ID: <mailman.13953.1710930846.26742.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.5 (Mar 19, 2024?May 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/43 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240320/16b7fc12/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 20 11:34:00 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Mar 2024 10:34:00 +0000
Subject: [gnutls-devel] GnuTLS | aarch64/armv8 assembler files not
 supporting PAC/BTI (#1517)
In-Reply-To: <issue_139409484@gitlab.com>
References: <reply-3d5345f3d6544b50a982b517bcd01ecb@gitlab.com>
 <issue_139409484@gitlab.com>
Message-ID: <mailman.13954.1710930888.26742.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.5 (Mar 19, 2024?May 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/43 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1517
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240320/843a51f7/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 20 13:46:29 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Mar 2024 12:46:29 +0000
Subject: [gnutls-devel] web-pages | add notes from 3.8.4 release (!12)
In-Reply-To: <merge_request_289693003@gitlab.com>
References: <reply-488de577e5237825c7a2d22cd16cf1bf@gitlab.com>
 <merge_request_289693003@gitlab.com>
Message-ID: <mailman.13955.1710938803.26742.gnutls-devel@lists.gnutls.org>



Merge request !12 was approved by Hubert Kario (@mention me if you need reply)
Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/12
Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/12
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240320/5a80ac47/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 20 13:47:41 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Mar 2024 12:47:41 +0000
Subject: [gnutls-devel] web-pages | add notes from 3.8.4 release (!12)
In-Reply-To: <merge_request_289693003@gitlab.com>
References: <reply-c46dc47bf43b8b3daac866f5cdf29af6@gitlab.com>
 <merge_request_289693003@gitlab.com>
Message-ID: <mailman.13958.1710938911.26742.gnutls-devel@lists.gnutls.org>



Merge request !12 was merged
Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/12
Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/12
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240320/83bf4694/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 22 01:39:28 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 22 Mar 2024 00:39:28 +0000
Subject: [gnutls-devel] GnuTLS | Fixed DHE params output in
 gnutls-cli-debug (!1822)
In-Reply-To: <merge_request_289023457@gitlab.com>
References: <reply-46b210cf4f57ba94ec0ea400841e7ae9@gitlab.com>
 <merge_request_289023457@gitlab.com>
Message-ID: <mailman.13986.1711068017.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1822 were resolved by Ramesh Adhikari

https://gitlab.com/gnutls/gnutls/-/merge_requests/1822

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1822
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240322/328edfb6/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Mar 22 05:19:48 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 22 Mar 2024 04:19:48 +0000
Subject: [gnutls-devel] GnuTLS | Enable RIPEMD160 and PBES1-DES-SHA1 for
 compatibility (!1824)
References: <reply-69a787526e576628f942e0d2c33a4433@gitlab.com>
Message-ID: <mailman.13989.1711081238.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824

Project:Branches: dueno/gnutls:wip/dueno/legacy-algorithms to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This adds support for RIPEMD160 and PBES1-DES-SHA1 for backward compatibility with GCR, where we try to [support](https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/140) GnuTLS as an alternative crypto backend.

* x509: support PBES1-DES-SHA1

PBES1 with single DES backed by SHA-1 hash is used to parse legacy
PKCS#8 file in GCR.

Signed-off-by: Daiki Ueno <ueno at gnu.org>

* nettle: plumb RIPEMD160

RIPEMD160 is used by GCR to calculate fingerprint for an OpenPGP key
when displaying it:
https://gitlab.gnome.org/GNOME/gcr/-/blob/f3c95db45099dff288986aa367007da1e855a3d0/gcr/gcr-openpgp.c#L268

Signed-off-by: Daiki Ueno <ueno at gnu.org>

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240322/0e66fd77/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 23 10:05:46 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 23 Mar 2024 09:05:46 +0000
Subject: [gnutls-devel] GnuTLS | Enable RIPEMD160 and PBES1-DES-SHA1 for
 compatibility (!1824)
In-Reply-To: <merge_request_290285831@gitlab.com>
References: <reply-44a8ce92ab8b79df5750ec2175c82b2a@gitlab.com>
 <merge_request_290285831@gitlab.com>
Message-ID: <mailman.13999.1711184761.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824#note_1828691241

The context https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/140

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824#note_1828691241
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240323/7e137197/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 24 21:03:42 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 24 Mar 2024 20:03:42 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data frees output
 argument in some conditions (#1535)
References: <reply-3d42eac7e4e26342a31ece2ad146bfff@gitlab.com>
Message-ID: <mailman.14007.1711310669.26742.gnutls-devel@lists.gnutls.org>



Adrien B?raud created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1535



We were previously using `gnutls_privkey_decrypt_data` this way:

```c++
    gnutls_datum_t out;
    int err = gnutls_privkey_decrypt_data(key, 0, &dat, &out);
```
as the documentation for gnutls_privkey_decrypt_data makes no requirement for `out`.

However since the last release 3.8.4, this would cause a crash when the decryption fails,
because `gnutls_privkey_decrypt_data` would attempt to free the buffer pointed by `out`, which would be occasional crashes since out is uninitialized and might point to random values.

This can be easily fixed by initializing out to a null pointer,<br>
however I believe this is a GnuTLS bug because [the documentation](https://gnutls.org/reference/gnutls-abstract.html#gnutls-privkey-decrypt-data) specifies `plaintext`(`out`) as an output-only argument.
Best regards

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1535
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240324/3795d732/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 24 21:09:08 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 24 Mar 2024 20:09:08 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data frees
 output argument in some conditions (#1535)
In-Reply-To: <issue_143783622@gitlab.com>
References: <reply-927e92812b4f345e8b9365c7d26a860a@gitlab.com>
 <issue_143783622@gitlab.com>
Message-ID: <mailman.14008.1711310959.26742.gnutls-devel@lists.gnutls.org>




Adrien B?raud commented: https://gitlab.com/gnutls/gnutls/-/issues/1535#note_1829279185

Possibly related to https://gitlab.com/gnutls/gnutls/-/commit/bfb326f6e1ba155e1d7aa2a47fd9252edf92c147 and https://gitlab.com/gnutls/gnutls/-/merge_requests/1805

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1535#note_1829279185
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240324/cd1d5e49/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 24 22:55:40 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 24 Mar 2024 21:55:40 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data: don't free
 plaintext on failure (!1825)
References: <reply-ccec55a5861afaca30db7d88b3a4a446@gitlab.com>
Message-ID: <mailman.14009.1711317356.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1825

Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep-followup2 to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* gnutls_privkey_decrypt_data: don't free plaintext on failure

As _wrap_nettle_pk_decrypt uses a locally allocated buffer for the
plaintext, it doesn't need to free the plaintext given by the caller.

Fixes: #1535

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1825
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240324/6264d27a/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 24 22:56:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 24 Mar 2024 21:56:37 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data frees
 output argument in some conditions (#1535)
In-Reply-To: <issue_143783622@gitlab.com>
References: <reply-adea4515387cad8d2758ddaf352b3ee9@gitlab.com>
 <issue_143783622@gitlab.com>
Message-ID: <mailman.14012.1711317454.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1535#note_1829302155

Thank you for the report. Yes, there was a left-over code that frees the original plaintext. I'm trying to fix it through !1825.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1535#note_1829302155
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240324/9931f3cb/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 25 11:25:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 25 Mar 2024 10:25:33 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
References: <reply-4734d9e39f5e1805887bdf8918ce7849@gitlab.com>
Message-ID: <mailman.14016.1711362378.26742.gnutls-devel@lists.gnutls.org>



Alyssa Ross created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826

Project:Branches: qyliss/gnutls:rsa_compute_root_tr to gnutls/gnutls:master
Author:   Alyssa Ross




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Mangle/hide GNUTLS-built nettle_rsa_compute_root_tr()

Since bfb326f6e ("nettle: plumb RSA-OAEP in the Nettle crypto backend"),
building gnutls statically fails due to a duplicate definition of
nettle_rsa_compute_root_tr (which comes from "rsa_compute_root_tr" being
replaced by a preprocessor macro).

This patch fixes this by renaming the GNUTLS version, in the style of
previous fixes for Nettle backports and static builds like
a41d84699 ("mangle gnutls-built ecc_scalar_random").

Signed-off-by: Alyssa Ross <hi at alyssa.is>

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240325/56dec10e/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Mar 25 23:38:12 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 25 Mar 2024 22:38:12 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-9a96cbf56aa44961cdae090f3db0b39b@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14034.1711406341.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on devel/import-from-nettle.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831007443

>  	  $dst > $dst-t && mv $dst-t $dst
>  	;;
>      esac
> +    case $dst in
> +      */rsa-sign-tr.c)
> +	sed \
> +	  -e '/^#include <nettle\/rsa\.h>/a\
> +int\
> +gnutls_rsa_compute_root_tr(const struct rsa_public_key *pub,\
> +                    const struct rsa_private_key *key,\
> +                    void *random_ctx, nettle_random_func *random,\
> +                    mpz_t x, const mpz_t m);\
> +' \
> +	  -e 's/rsa_compute_root_tr/gnutls_rsa_compute_root_tr/' \
> +	  $dst > $dst-t && mv $dst-t $dst

Thank you for the MR. I wonder if this could be achieved by simply redefining the `rsa_compute_root_tr` macro as follows?

```suggestion:-9+0
	sed \
	  -e '/^#include <nettle\/rsa\.h>/a\
#undef rsa_compute_root_tr\
#define rsa_compute_root_tr _gnutls_nettle_rsa_compute_root_tr\
' \
	  $dst > $dst-t && mv $dst-t $dst
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831007443
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240325/34039d70/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 01:08:28 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 00:08:28 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data frees
 output argument in some conditions (#1535)
In-Reply-To: <issue_143783622@gitlab.com>
References: <reply-a47af536d3cb94d004892716715608da@gitlab.com>
 <issue_143783622@gitlab.com>
Message-ID: <mailman.14043.1711411723.26742.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.5 (Mar 19, 2024?May 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/43 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1535
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/2228079f/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 01:08:34 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 00:08:34 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data frees
 output argument in some conditions (#1535)
In-Reply-To: <issue_143783622@gitlab.com>
References: <reply-63dd6b0d2827373528cfb16967de67dd@gitlab.com>
 <issue_143783622@gitlab.com>
Message-ID: <mailman.14044.1711411762.26742.gnutls-devel@lists.gnutls.org>



Reassigned Issue 1535

https://gitlab.com/gnutls/gnutls/-/issues/1535

Daiki Ueno was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1535
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/8c3857ac/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 09:10:22 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 08:10:22 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data: don't free
 plaintext on failure (!1825)
In-Reply-To: <merge_request_290593813@gitlab.com>
References: <reply-4f619f0d61d439b8d0a792e7c6760501@gitlab.com>
 <merge_request_290593813@gitlab.com>
Message-ID: <mailman.14053.1711440645.26742.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1825#note_1831409343

Looks good.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1825#note_1831409343
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/b4f2370e/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 09:10:25 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 08:10:25 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data: don't free
 plaintext on failure (!1825)
In-Reply-To: <merge_request_290593813@gitlab.com>
References: <reply-a6d36aa0209df4b4f4f6813901e0b41c@gitlab.com>
 <merge_request_290593813@gitlab.com>
Message-ID: <mailman.14054.1711440668.26742.gnutls-devel@lists.gnutls.org>



Merge request !1825 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1825
Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep-followup2 to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1825
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/b586e9b4/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 09:56:06 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 08:56:06 +0000
Subject: [gnutls-devel] GnuTLS | Enable RIPEMD160 and PBES1-DES-SHA1 for
 compatibility (!1824)
In-Reply-To: <merge_request_290285831@gitlab.com>
References: <reply-0fc46718eb68067a053a47c3cf4dde58@gitlab.com>
 <merge_request_290285831@gitlab.com>
Message-ID: <mailman.14061.1711443382.26742.gnutls-devel@lists.gnutls.org>



Merge request !1824 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824
Project:Branches: dueno/gnutls:wip/dueno/legacy-algorithms to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/4d8138b6/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 09:56:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 08:56:05 +0000
Subject: [gnutls-devel] GnuTLS | Enable RIPEMD160 and PBES1-DES-SHA1 for
 compatibility (!1824)
In-Reply-To: <merge_request_290285831@gitlab.com>
References: <reply-8abd7d898c7cd0fc8b4266faac547ad8@gitlab.com>
 <merge_request_290285831@gitlab.com>
Message-ID: <mailman.14062.1711443411.26742.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824#note_1831493406

Looks good.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824#note_1831493406
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/cc295edf/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 09:56:06 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 08:56:06 +0000
Subject: [gnutls-devel] GnuTLS | Enable RIPEMD160 and PBES1-DES-SHA1 for
 compatibility (!1824)
In-Reply-To: <merge_request_290285831@gitlab.com>
References: <reply-13c7b5644793825971822abd0a6c1aff@gitlab.com>
 <merge_request_290285831@gitlab.com>
Message-ID: <mailman.14063.1711443419.26742.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1824 was reviewed by Zolt?n Fridrich

--
  
Zolt?n Fridrich started a new discussion on lib/x509/privkey_pkcs8_pbes1.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824#note_1831493385

> +			return gnutls_assert_val(ret);
> +
>  		if (i == 0) {

Would it be better for this to be outside of the loop and iterate from 1?




-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/4e93eac4/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 11:06:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 10:06:14 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-199785cff086ae6d6048c7d83b181796@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14067.1711447620.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1826 were resolved by Alyssa Ross

https://gitlab.com/gnutls/gnutls/-/merge_requests/1826

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/5f8b22dd/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 11:06:13 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 10:06:13 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <note_1831007443@gitlab.com>
References: <reply-ad60be9e0a78f37b3d37cbe05644f374@gitlab.com>
 <merge_request_290674102@gitlab.com> <note_1831007443@gitlab.com>
Message-ID: <mailman.14068.1711447626.26742.gnutls-devel@lists.gnutls.org>




Alyssa Ross commented on a discussion on devel/import-from-nettle.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831633690

>  	  $dst > $dst-t && mv $dst-t $dst
>  	;;
>      esac
> +    case $dst in
> +      */rsa-sign-tr.c)
> +	sed \
> +	  -e '/^#include <nettle\/rsa\.h>/a\
> +int\
> +gnutls_rsa_compute_root_tr(const struct rsa_public_key *pub,\
> +                    const struct rsa_private_key *key,\
> +                    void *random_ctx, nettle_random_func *random,\
> +                    mpz_t x, const mpz_t m);\
> +' \
> +	  -e 's/rsa_compute_root_tr/gnutls_rsa_compute_root_tr/' \
> +	  $dst > $dst-t && mv $dst-t $dst

It could!  I've updated the MR.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831633690
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/85db5f31/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 12:10:19 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 11:10:19 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data frees
 output argument in some conditions (#1535)
In-Reply-To: <issue_143783622@gitlab.com>
References: <reply-a434f046023eb9c1187de6bb5ad1fe25@gitlab.com>
 <issue_143783622@gitlab.com>
Message-ID: <mailman.14071.1711451433.26742.gnutls-devel@lists.gnutls.org>



Issue was closed by Daiki Ueno via merge request !1825 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1825)
Issue #1535: https://gitlab.com/gnutls/gnutls/-/issues/1535

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1535
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/65adc5b6/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 12:10:17 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 11:10:17 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_privkey_decrypt_data: don't free
 plaintext on failure (!1825)
In-Reply-To: <merge_request_290593813@gitlab.com>
References: <reply-505691f0a9757e23d5fb9085203813c0@gitlab.com>
 <merge_request_290593813@gitlab.com>
Message-ID: <mailman.14072.1711451463.26742.gnutls-devel@lists.gnutls.org>



Merge request !1825 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1825
Project:Branches: dueno/gnutls:wip/dueno/rsa-oaep-followup2 to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1825
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/160ece44/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 12:20:28 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 11:20:28 +0000
Subject: [gnutls-devel] GnuTLS | nettle: avoid potential memleak with GMP
 older than 6.2.0 (!1827)
References: <reply-d4868b207a2c5e7421599b8175435b31@gitlab.com>
Message-ID: <mailman.14073.1711452040.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1827

Project:Branches: dueno/gnutls:wip/dueno/deterministic-ecdsa-followup to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* nettle: avoid potential memleak with GMP older than 6.2.0

As GMP 6.1.0 or ealier eagerly allocates memory at mpz_init_set_str,
if the operand is already initialized, it will cause a small leak.

See also: https://gmplib.org/repo/gmp/rev/f049e75390fc

Signed-off-by: Daiki Ueno <ueno at gnu.org>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1827
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/91c59ed5/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 12:44:17 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 11:44:17 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default
 (!1828)
In-Reply-To: <merge_request_290981283@gitlab.com>
References: <reply-67c1c3566b05d4ea49d0e83af39877b8@gitlab.com>
 <merge_request_290981283@gitlab.com>
Message-ID: <mailman.14074.1711453472.26742.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1828

https://gitlab.com/gnutls/gnutls/-/merge_requests/1828

Zolt?n Fridrich was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/7ce33a8c/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 12:44:23 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 11:44:23 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default (!1828)
References: <reply-05eb261d4a21a9f9268e25ba005f2fef@gitlab.com>
Message-ID: <mailman.14075.1711453507.26742.gnutls-devel@lists.gnutls.org>



Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828

Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author:   Zolt?n Fridrich
Assignee: Zolt?n Fridrich



Signed-off-by: Zoltan Fridrich <zfridric at redhat.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/29278f30/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 12:47:21 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 11:47:21 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-6edd2c40aab6210f64aa1e64c1b185e2@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14078.1711453695.26742.gnutls-devel@lists.gnutls.org>



Merge request !1826 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
Project:Branches: qyliss/gnutls:rsa_compute_root_tr to gnutls/gnutls:master
Author: Alyssa Ross
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/590721bf/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 12:47:50 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 11:47:50 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-04d0d7ceb00acc47c2d6f8047a44ac6d@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14079.1711453714.26742.gnutls-devel@lists.gnutls.org>



Merge request !1826 was set to auto-merge by Daiki Ueno
Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
Project:Branches: qyliss/gnutls:rsa_compute_root_tr to gnutls/gnutls:master
Author: Alyssa Ross
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/25e6d803/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 12:47:59 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 11:47:59 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-f5eb229a373291d4f01e1b7081590a12@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14082.1711453720.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831823266

Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831823266
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/ccac3145/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 13:08:51 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 12:08:51 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-1c96c947014f5dfbfb62d8c64a28c9d7@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14083.1711454972.26742.gnutls-devel@lists.gnutls.org>




Alyssa Ross commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831856860

Ah, it still needs the prototype.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831856860
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/cc42fd49/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 13:14:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 12:14:05 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-1295fe3cfd12e4b94effe1fe674c6e27@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14084.1711455289.26742.gnutls-devel@lists.gnutls.org>




Alyssa Ross commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831865258

@dueno if I restore the prototype, do you think it's still worth doing the undef/define over a sed replacement?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1831865258
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/6a190a46/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 16:15:40 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 15:15:40 +0000
Subject: [gnutls-devel] GnuTLS | Enable RIPEMD160 and PBES1-DES-SHA1 for
 compatibility (!1824)
In-Reply-To: <merge_request_290285831@gitlab.com>
References: <reply-f289d17ef407c1a89e6faf74088fb813@gitlab.com>
 <merge_request_290285831@gitlab.com>
Message-ID: <mailman.14109.1711466152.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1824 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1824

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/a205adb3/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 16:15:46 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 15:15:46 +0000
Subject: [gnutls-devel] GnuTLS | nettle: avoid potential memleak with
 GMP older than 6.2.0 (!1827)
In-Reply-To: <merge_request_290974024@gitlab.com>
References: <reply-0e31ad316d66812c7763c745e2fc8c24@gitlab.com>
 <merge_request_290974024@gitlab.com>
Message-ID: <mailman.14110.1711466162.26742.gnutls-devel@lists.gnutls.org>



Merge request !1827 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1827
Project:Branches: dueno/gnutls:wip/dueno/deterministic-ecdsa-followup to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1827
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/bb5fec7a/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 16:15:39 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 15:15:39 +0000
Subject: [gnutls-devel] GnuTLS | Enable RIPEMD160 and PBES1-DES-SHA1 for
 compatibility (!1824)
In-Reply-To: <note_1831762518@gitlab.com>
References: <reply-2c1215f0d997ad20155a34a0ab875e28@gitlab.com>
 <merge_request_290285831@gitlab.com> <note_1831493385@gitlab.com>
 <note_1831762518@gitlab.com>
Message-ID: <mailman.14113.1711466185.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/x509/privkey_pkcs8_pbes1.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824#note_1832259132

> +	uint8_t tmp[20];
>  	unsigned i;
>  
>  	if (key_size > sizeof(tmp))
>  		abort();
>  
>  	for (i = 0; i < iter_count; i++) {
> -		md5_init(&ctx);
> +		gnutls_hash_hd_t hd;
> +		int ret;
> +
> +		ret = gnutls_hash_init(&hd, dig);
> +		if (ret < 0)
> +			return gnutls_assert_val(ret);
> +
>  		if (i == 0) {

Good idea, done.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824#note_1832259132
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/628e56bc/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 16:18:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 15:18:07 +0000
Subject: [gnutls-devel] GnuTLS | Enable RIPEMD160 and PBES1-DES-SHA1 for
 compatibility (!1824)
In-Reply-To: <merge_request_290285831@gitlab.com>
References: <reply-05f99eb2e02d660998fb6bd8a445682a@gitlab.com>
 <merge_request_290285831@gitlab.com>
Message-ID: <mailman.14114.1711466302.26742.gnutls-devel@lists.gnutls.org>



Merge request !1824 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824
Project:Branches: dueno/gnutls:wip/dueno/legacy-algorithms to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1824
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/1c68d8e5/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 16:30:29 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 15:30:29 +0000
Subject: [gnutls-devel] GnuTLS | nettle: avoid potential memleak with
 GMP older than 6.2.0 (!1827)
In-Reply-To: <merge_request_290974024@gitlab.com>
References: <reply-82e5ac32b66150dd0a8b24dc8dd0b063@gitlab.com>
 <merge_request_290974024@gitlab.com>
Message-ID: <mailman.14117.1711467044.26742.gnutls-devel@lists.gnutls.org>



Merge request !1827 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1827
Project:Branches: dueno/gnutls:wip/dueno/deterministic-ecdsa-followup to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1827
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/a041b2c3/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Mar 26 22:15:15 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 26 Mar 2024 21:15:15 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-1b56c35cbb9ab67bddf542bd89641f43@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14121.1711487763.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1832801210

Sorry for the wrong suggestion. I think we could work around this by renaming `nettle_rsa_compute_root_tr` instead:
```sh
    case $dst in
      */rsa-sign-tr.c)
	sed \
	  -e '/^#include <nettle\/rsa\.h>/i\
#define nettle_rsa_compute_root_tr _gnutls_nettle_backport_rsa_compute_root_tr\
' \
	  $dst > $dst-t && mv $dst-t $dst
	;;
    esac
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1832801210
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240326/13ffbb28/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 27 11:15:44 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 27 Mar 2024 10:15:44 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default
 (!1828)
In-Reply-To: <merge_request_290981283@gitlab.com>
References: <reply-d342eaef5fe5613c13f7672566814ed1@gitlab.com>
 <merge_request_290981283@gitlab.com>
Message-ID: <mailman.14123.1711534592.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1833608644

Looks good to me, except that we probably want to enable the `allow-rsa-pkcs1-encrypt` option by default.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1833608644
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240327/49911919/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 27 14:45:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 27 Mar 2024 13:45:07 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default
 (!1828)
In-Reply-To: <merge_request_290981283@gitlab.com>
References: <reply-f01e9650810b6dc8c1c8d0281465e039@gitlab.com>
 <merge_request_290981283@gitlab.com>
Message-ID: <mailman.14136.1711547163.26742.gnutls-devel@lists.gnutls.org>



Daiki Ueno was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240327/5a6e59e5/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 27 15:53:11 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 27 Mar 2024 14:53:11 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-6e187065ebee0eff6e140a00d3823bd8@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14138.1711551243.26742.gnutls-devel@lists.gnutls.org>




Alyssa Ross commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1834231588

Seems like that works.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1834231588
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240327/60d2c2b8/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 27 17:13:59 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 27 Mar 2024 16:13:59 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-00100875c1fb9e1c575b81657562c236@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14139.1711556086.26742.gnutls-devel@lists.gnutls.org>



Merge request !1826 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
Project:Branches: qyliss/gnutls:rsa_compute_root_tr to gnutls/gnutls:master
Author: Alyssa Ross

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240327/5ee26a9a/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 27 17:14:13 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 27 Mar 2024 16:14:13 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-81fc6ad368729c74c89bfe23d336854b@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14142.1711556095.26742.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.5 (Mar 19, 2024?May 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/43 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240327/deefbd95/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 27 17:14:08 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 27 Mar 2024 16:14:08 +0000
Subject: [gnutls-devel] GnuTLS | Mangle/hide GNUTLS-built
 nettle_rsa_compute_root_tr() (!1826)
In-Reply-To: <merge_request_290674102@gitlab.com>
References: <reply-59acf3d81c932d1910446f25e220a805@gitlab.com>
 <merge_request_290674102@gitlab.com>
Message-ID: <mailman.14143.1711556104.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1834430429

Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1826#note_1834430429
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240327/7a12f3ba/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Mar 27 23:16:19 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 27 Mar 2024 22:16:19 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default
 (!1828)
In-Reply-To: <merge_request_290981283@gitlab.com>
References: <reply-f088b291d396a837b7df6e841933bfd3@gitlab.com>
 <merge_request_290981283@gitlab.com>
Message-ID: <mailman.14144.1711577823.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1835039112

A couple of TODO items:

- The commit message should be updated to state that PKCS#1 v1.5 encryption is enabled by default but can be disabled
- It would be nice there is a test exercising the option, similar to `tests/system-override-*.sh`; you would need to create a test program though
- NEWS entry should be added for this

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1835039112
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240327/b61c8286/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Mar 28 17:12:35 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 28 Mar 2024 16:12:35 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default
 (!1828)
In-Reply-To: <note_1835039112@gitlab.com>
References: <reply-fc9649c60c7f55fa4599fa840931ed47@gitlab.com>
 <merge_request_290981283@gitlab.com> <note_1835039112@gitlab.com>
Message-ID: <mailman.14151.1711642399.26742.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1836840414

Should be fixed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1836840414
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240328/f547499e/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Mar 28 17:16:42 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 28 Mar 2024 16:16:42 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default
 (!1828)
In-Reply-To: <merge_request_290981283@gitlab.com>
References: <reply-11e7899d1173d3080c9d534ae99ddf48@gitlab.com>
 <merge_request_290981283@gitlab.com>
Message-ID: <mailman.14152.1711642612.26742.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1828 were resolved by Zolt?n Fridrich

https://gitlab.com/gnutls/gnutls/-/merge_requests/1828

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240328/658fb840/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Mar 28 17:30:51 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 28 Mar 2024 16:30:51 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default
 (!1828)
In-Reply-To: <merge_request_290981283@gitlab.com>
References: <reply-88e6c915fb0f948903ed8819046459e8@gitlab.com>
 <merge_request_290981283@gitlab.com>
Message-ID: <mailman.14153.1711643499.26742.gnutls-devel@lists.gnutls.org>



Merge request !1828 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240328/f426b21b/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 30 02:54:18 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 30 Mar 2024 01:54:18 +0000
Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default
 (!1828)
In-Reply-To: <merge_request_290981283@gitlab.com>
References: <reply-3f0c9d6a66991fe3dce2a5d9f4655927@gitlab.com>
 <merge_request_290981283@gitlab.com>
Message-ID: <mailman.14172.1711763711.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on doc/cha-config.texi: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1838589916

>  @subsection Enabling KTLS
>  When GnuTLS is build with -?enable-ktls configuration, KTLS is disabled by default.
>  This can be enabled by setting @code{ktls = true} in @code{[global]} section.
> +
> +
> + at node Enabling/Disabling RSAES-PKCS1-v1_5
> + at section Enabling/Disabling RSAES-PKCS1-v1_5
> +
> +This option can be used to enable/disable RSA PKCS1 v1.5 encryption and decryption
> +in GnuTLS. The RSAES-PKCS1-v1_5 is enabled by default.
> +
> +Below example shows how to explicitely disable the RSAES-PKCS1-v1_5.
> + at example
> +[global]
> +allow-rsa-pkcs1-encrypt = false

Sorry for the last minute request, but I think it's more natural to have it in the `[overrides]` section, with other algorithm specific controls.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1838589916
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240330/ef85e48f/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 30 09:51:39 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 30 Mar 2024 08:51:39 +0000
Subject: [gnutls-devel] GnuTLS | Building with nettle 3.9.1 does not work
 due to duplicated symbols (#1537)
References: <reply-33fc3127fe2357c21d8d9475c1a72901@gitlab.com>
Message-ID: <mailman.14173.1711788716.26742.gnutls-devel@lists.gnutls.org>



Ross Nicholson created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1537



## Description of problem:

The following duplicate symbol error occurs when building with nettle 3.9.1

```
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -Wl,-search_paths_first -L/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.4.sdk/usr/lib -arch arm64 -mmacosx-version-min=11.0 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.4.sdk -stdlib=libc++ -liconv -Wl,-dynamic,-search_paths_first -I/Users/phunkyfish/kodi-repos/xbmc-addon-inputstream/tools/depends/target/binary-addons/macosx14.4_arm64-target-debug/build/depends/include -L/Users/phunkyfish/kodi-repos/xbmc-addon-inputstream/tools/depends/target/binary-addons/macosx14.4_arm64-target-debug/build/depends/lib -framework Security -framework CoreFoundation -o /var/folders/1s/929h1v2s24gdjnhwsw58_4mr0000gn/T//ffconf.ia6Ft8JX/test /var/folders/1s/929h1v2s24gdjnhwsw58_4mr0000gn/T//ffconf.ia6Ft8JX/test.o -lgnutls -lgmp -lhogweed -lgmp -lnettle -lz
clang: warning: argument unused during compilation: '-stdlib=libc++' [-Wunused-command-line-argument]
ld: warning: ignoring duplicate libraries: '-lgmp'
duplicate symbol '_nettle_rsa_compute_root_tr' in:
    /Users/phunkyfish/kodi-repos/xbmc-addon-inputstream/tools/depends/target/binary-addons/macosx14.4_arm64-target-debug/build/depends/lib/libhogweed.a[23](rsa-sign-tr.o)
    /Users/phunkyfish/kodi-repos/xbmc-addon-inputstream/tools/depends/target/binary-addons/macosx14.4_arm64-target-debug/build/depends/lib/libgnutls.a[392](rsa-sign-tr.o)
ld: 1 duplicate symbols
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ERROR: gnutls not found using pkg-config
```

Need to patch out the offending function: https://github.com/xbmc/inputstream.ffmpegdirect/pull/286/commits/1c36487a3474204b1d6049526a94eab35a115ca7

## Version of gnutls used: 3.8.4


## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

N/A - building inputstream.ffmpegdirect for Kodi

## How reproducible:

Steps to Reproduce:

 * Build HEAD for ffmpegdirect

## Actual results:

Duplicate symbol error

## Expected results:

No duplicated symbol error.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1537
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240330/7b70c6dc/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Mar 30 11:01:12 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 30 Mar 2024 10:01:12 +0000
Subject: [gnutls-devel] GnuTLS | Building with nettle 3.9.1 does not
 work due to duplicated symbols (#1537)
In-Reply-To: <issue_144038557@gitlab.com>
References: <reply-7575b507ef14cc722480f40fcf1d1038@gitlab.com>
 <issue_144038557@gitlab.com>
Message-ID: <mailman.14176.1711792916.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1838754761

Yeah, I think that it should be fixed with !1826. Could you try that patch?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1838754761
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240330/829297bf/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 31 03:41:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 31 Mar 2024 01:41:07 +0000
Subject: [gnutls-devel] GnuTLS | Building with nettle 3.9.1 does not
 work due to duplicated symbols (#1537)
In-Reply-To: <issue_144038557@gitlab.com>
References: <reply-2944b382774cba40ffb569f1b492effe@gitlab.com>
 <issue_144038557@gitlab.com>
Message-ID: <mailman.14180.1711849317.26742.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.5 (Mar 19, 2024?May 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/43 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1537
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240331/884143e3/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 31 10:16:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 31 Mar 2024 08:16:05 +0000
Subject: [gnutls-devel] GnuTLS | Building with nettle 3.9.1 does not
 work due to duplicated symbols (#1537)
In-Reply-To: <issue_144038557@gitlab.com>
References: <reply-ae9bfd6ce46d5eee2e30bf5c1a93975c@gitlab.com>
 <issue_144038557@gitlab.com>
Message-ID: <mailman.14182.1711872980.26742.gnutls-devel@lists.gnutls.org>




Ross Nicholson commented: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1838996314

I tried to apply the patch as part of the build but it fails to apply as I don't appear to have to have the path `devel/import-from-nettle.sh`.

Am I missing something?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1838996314
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240331/f16d1047/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Mar 31 23:47:11 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 31 Mar 2024 21:47:11 +0000
Subject: [gnutls-devel] GnuTLS | Building with nettle 3.9.1 does not
 work due to duplicated symbols (#1537)
In-Reply-To: <issue_144038557@gitlab.com>
References: <reply-c0aad2871b07538a02500ecff2072d9d@gitlab.com>
 <issue_144038557@gitlab.com>
Message-ID: <mailman.14184.1711921681.26742.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1839164737

`devel/import-from-nettle.sh` is a script used by maintainers to import Nettle source code, so it's not part of distribution tarball, but only in the repository.

You can use the following patch, which directly modify the copied file:
```patch
--- rsa-sign-tr.c.orig	2024-04-01 06:45:19.472756820 +0900
+++ rsa-sign-tr.c	2024-04-01 06:43:41.834480100 +0900
@@ -40,6 +40,8 @@
 #include <assert.h>
 
 #include "gmp-glue.h"
+#define nettle_rsa_compute_root_tr _gnutls_nettle_backport_rsa_compute_root_tr
+
 #include <nettle/rsa.h>
 #include "rsa-internal.h"
 
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1839164737
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240331/c6c4dd86/attachment.html>