From gnutls-devel at lists.gnutls.org Fri Nov 1 03:16:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 02:16:31 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_session_supports_group: return boolean instead of error code (!1892) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892 Project:Branches: dueno/gnutls:wip/dueno/kem-group-ordering to gnutls/gnutls:master Author: Daiki Ueno * priority: give KEM groups precedence over EC(DH) groups in TLS 1.3 * key_share: detect overlap of PK types in hybrid groups * _gnutls_session_supports_group: return boolean instead of error code Fixes: #1602 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 06:56:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 05:56:09 +0000 Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types in hybrid groups (!1892) In-Reply-To: References: Message-ID: Reassigned merge request 1892 https://gitlab.com/gnutls/gnutls/-/merge_requests/1892 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 06:56:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 05:56:20 +0000 Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types in hybrid groups (!1892) In-Reply-To: References: Message-ID: Alexander Sosedkin and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 06:55:51 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 05:55:51 +0000 Subject: [gnutls-devel] GnuTLS | Update liboqs version requirement to 0.11.0 to support final version of ML-KEM (!1883) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/ext/supported_groups.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1883#note_2188808307 > break; > cli_dh_pos = i; > serv_dh_idx = j; > - } else if (IS_EC(group->pk)) { > + } else if (IS_EC(group->pk) || > + IS_KEM(group->pk)) { Could you check !1892, which should fix this ordering issue as well? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1883#note_2188808307 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 10:42:56 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 09:42:56 +0000 Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types in hybrid groups (!1892) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892#note_2188989332 Reviewed, no issues found. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892#note_2188989332 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 10:42:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 09:42:33 +0000 Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types in hybrid groups (!1892) In-Reply-To: References: Message-ID: Merge request !1892 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892 Project:Branches: dueno/gnutls:wip/dueno/kem-group-ordering to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 11:40:00 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 10:40:00 +0000 Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types in hybrid groups (!1892) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892#note_2189061305 Thanks for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892#note_2189061305 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 11:40:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 10:40:09 +0000 Subject: [gnutls-devel] GnuTLS | `--priority` mishandling with hybrid key exchanges (#1602) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !1892 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1892) Issue #1602: https://gitlab.com/gnutls/gnutls/-/issues/1602 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1602 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 11:40:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 10:40:08 +0000 Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types in hybrid groups (!1892) In-Reply-To: References: Message-ID: Merge request !1892 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892 Project:Branches: dueno/gnutls:wip/dueno/kem-group-ordering to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 1 12:09:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 11:09:58 +0000 Subject: [gnutls-devel] GnuTLS | Update liboqs version requirement to 0.11.0 to support final version of ML-KEM (!1883) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1883 was reviewed by Geert Hendrickx -- Geert Hendrickx commented on a discussion on lib/ext/supported_groups.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1883#note_2189104668 > - } else if (IS_EC(group->pk)) { > + } else if (IS_EC(group->pk) || > + IS_KEM(group->pk)) { Yes, that fixes it, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1883 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 2 00:54:44 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 01 Nov 2024 23:54:44 +0000 Subject: [gnutls-devel] GnuTLS | certtool - no x509v3 extensions copied from template file - honor_crq_extensions makes no difference (#1600) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1600#note_2189837626 Yeah, I think this is a generalization of #1550. It would make sense to have more control over which extensions are copied. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1600#note_2189837626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 2 04:14:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 02 Nov 2024 03:14:31 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.8 to gnutls/gnutls:master Author: Daiki Ueno * Release 3.8.8 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 2 08:29:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 02 Nov 2024 07:29:20 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893) In-Reply-To: References: Message-ID: Alexander Sosedkin and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 3 17:17:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 03 Nov 2024 16:17:58 +0000 Subject: [gnutls-devel] GnuTLS | multiple certificates containing wildcards - squid 5.7 error (#1599) In-Reply-To: References: Message-ID: Mihael Milea commented: https://gitlab.com/gnutls/gnutls/-/issues/1599#note_2191286209 This is the bug report related to squid and I was sent here: https://bugs.squid-cache.org/show_bug.cgi?id=5467 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1599#note_2191286209 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 4 11:25:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Nov 2024 10:25:33 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893#note_2191960209 @ZoltanFridrich @asosedkin could you review? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893#note_2191960209 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 4 11:40:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Nov 2024 10:40:48 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893) In-Reply-To: References: Message-ID: Merge request !1893 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.8 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 4 11:41:04 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 04 Nov 2024 10:41:04 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893#note_2191992736 Seems fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893#note_2191992736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 01:01:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 00:01:01 +0000 Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c (!1875) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 01:03:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 00:03:07 +0000 Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c (!1875) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875#note_2193257878 Patch included in !1893. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875#note_2193257878 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 01:03:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 00:03:08 +0000 Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c (!1875) In-Reply-To: References: Message-ID: Merge request !1875 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875 Project:Branches: d.meliksetyan/gnutls:master to gnutls/gnutls:master Author: David Meliksetyan Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 01:06:29 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 00:06:29 +0000 Subject: [gnutls-devel] GnuTLS | dlwrap: clarify the code generation is one time only [ci skip] (!1878) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878#note_2193260674 This is a doc-only change; merging without approval. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878#note_2193260674 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 01:06:36 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 00:06:36 +0000 Subject: [gnutls-devel] GnuTLS | dlwrap: clarify the code generation is one time only [ci skip] (!1878) In-Reply-To: References: Message-ID: Merge request !1878 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878 Project:Branches: dueno/gnutls:wip/dueno/dlwrap-doc to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 03:33:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 02:33:07 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893) In-Reply-To: References: Message-ID: Merge request !1893 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.8 to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 05:26:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 04:26:26 +0000 Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls version - 3.8.3) (#1578) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2193538775 Fixed as part of !1875 ? !1893. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2193538775 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 05:26:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 04:26:23 +0000 Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls version - 3.8.3) (#1578) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1578: https://gitlab.com/gnutls/gnutls/-/issues/1578 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 05:27:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 04:27:14 +0000 Subject: [gnutls-devel] GnuTLS | Dereference of null at privkey.c (gnutls version - 3.8.3) (#1579) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.9 (Nov 5, 2024?Jan 5, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/47 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 05:27:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 04:27:31 +0000 Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket authentication algorithm (#1482) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.9 (Nov 5, 2024?Jan 5, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/47 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 5 14:19:36 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 05 Nov 2024 13:19:36 +0000 Subject: [gnutls-devel] GnuTLS | Android build failing with latest NDK (`mktime_z`) (#1603) References: Message-ID: Arthur Khachaturov created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1603 ## Description of problem: `timezone_t` struct [was introduced](https://android.googlesource.com/platform/bionic/+/HEAD/docs/status.md) in NDK r27, but `mktime_z()` is only available for API >= 35. GnuTLS expects `mktime_z()` if target has `timezone_t` symbol. ## Version of gnutls used: 3.7.11, 3.8.8 ## How reproducible: Steps to Reproduce: * Download Android NDK r27c from Google website * Try to build GnuTLS with NDK toolchain with `-D__ANDROID_API__=34` or less ## Actual results: `./configure` correctly identifies that `timezone_t` struct exists, and build process then fails:
Build log
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:1195:17: error: call to undeclared function 'mktime_z'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
 1195 |             t = mktime_z (tz, <m);
      |                 ^
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:1195:17: note: did you mean 'mktime'?
/home/wzray/Projects/ics-openconnect/external/openconnect/android/x86_64-linux-android/sysroot/usr/../usr/include/time.h:159:8: note: 'mktime' declared here
  159 | time_t mktime(struct tm* _Nonnull __tm);
      |        ^
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:593:16: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  593 |          ? (a) < (tmax) / (b) \
      |            ~~~ ^ ~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant -922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:597:13: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  594 |          : ((INT_NEGATE_OVERFLOW (b) \
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  595 |              ? _GL_INT_CONVERT (b, tmax) >> (TYPE_WIDTH (+ (b)) - 1) \
      |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  596 |              : (tmax) / -(b)) \
      |              ~~~~~~~~~~~~~~~~
  597 |             <= -1 - (a))) \
      |             ^  ~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 9223372036854775807 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:601:35: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  601 |          : 0 < (a) && -1 - (tmin) < (a) - 1) \
      |                       ~~~~~~~~~~~ ^ ~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant -922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:602:22: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  602 |       : (tmin) / (b) < (a)) \
      |         ~~~~~~~~~~~~ ^ ~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 922337203685477580 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:609:22: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  609 |       : (tmax) / (b) < (a)))
      |         ~~~~~~~~~~~~ ^ ~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:593:16: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  593 |          ? (a) < (tmax) / (b) \
      |            ~~~ ^ ~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant -922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:597:13: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  594 |          : ((INT_NEGATE_OVERFLOW (b) \
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  595 |              ? _GL_INT_CONVERT (b, tmax) >> (TYPE_WIDTH (+ (b)) - 1) \
      |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  596 |              : (tmax) / -(b)) \
      |              ~~~~~~~~~~~~~~~~
  597 |             <= -1 - (a))) \
      |             ^  ~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 9223372036854775807 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:601:35: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  601 |          : 0 < (a) && -1 - (tmin) < (a) - 1) \
      |                       ~~~~~~~~~~~ ^ ~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant -922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:602:22: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  602 |       : (tmin) / (b) < (a)) \
      |         ~~~~~~~~~~~~ ^ ~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 922337203685477580 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:609:22: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  609 |       : (tmax) / (b) < (a)))
      |         ~~~~~~~~~~~~ ^ ~~~
10 warnings and 1 error generated.

## Expected results: A successful build This patch for NDK can help work around this issue:
Patch
--- a/include/time.h
+++ b/include/time.h
@@ -39,6 +39,7 @@

 __BEGIN_DECLS

+#if __ANDROID_API__ >= 35
 /* If we just use void* in the typedef, the compiler exposes that in error messages. */
 struct __timezone_t;

@@ -50,6 +51,7 @@
  * to remove the pointer.
  */
 typedef struct __timezone_t* timezone_t;
+#endif

 /** Divisor to compute seconds from the result of a call to clock(). */
 #define CLOCKS_PER_SEC 1000000
-- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:19:56 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:19:56 +0000 Subject: [gnutls-devel] GnuTLS | Android build failing with latest NDK (mktime_z) (#1603) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1603#note_2195813036 In GnuTLS, the corresponding code is mechanically [imported](https://www.gnu.org/software/gnulib/MODULES.html#module=time_rz) from Gnulib; could you report it to the [bug-gnulib](https://lists.gnu.org/mailman/listinfo/bug-gnulib) mailing list? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1603#note_2195813036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:29:37 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:29:37 +0000 Subject: [gnutls-devel] GnuTLS | fips: Mark gnutls_hash_fast as approved in FIPS SLI (!1888) In-Reply-To: References: Message-ID: All discussions on merge request !1888 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1888 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1888 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:29:46 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:29:46 +0000 Subject: [gnutls-devel] GnuTLS | fips: Mark gnutls_hash_fast as approved in FIPS SLI (!1888) In-Reply-To: References: Message-ID: Merge request !1888 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1888 Project:Branches: ayankov/gnutls:fips/gnutls_hash_fast_approved to gnutls/gnutls:master Author: Angel Yankov -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1888 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:32:13 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:32:13 +0000 Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys with modulus >= 2048 bits (!1889) In-Reply-To: References: Message-ID: Merge request !1889 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889 Project:Branches: ayankov/gnutls:fips/rsa2048 to gnutls/gnutls:master Author: Angel Yankov Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:32:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:32:41 +0000 Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys with modulus >= 2048 bits (!1889) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2195821761 Thanks; could you retrigger the CI? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2195821761 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:33:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:33:50 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1890) In-Reply-To: References: Message-ID: Merge request !1890 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890 Project:Branches: ayankov/gnutls:fips/no_dsa_selftest to gnutls/gnutls:master Author: Angel Yankov Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:33:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:33:53 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1890) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2195822484 Could you retrigger the CI? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2195822484 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:37:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:37:57 +0000 Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys with modulus >= 2048 bits (!1889) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2195824861 > bits = mpz_sizeinbase(pub.n, 2); > > /* In FIPS 140-3, RSA key size should be larger than > * 2048-bit or one of the known lengths (1024, 1280, The comment should be updated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2195824861 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:40:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:40:26 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1891) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2195826326 > > - /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy > + /* SHA-1 is not allowed for SigVer in FIPS 140-3 in legacy Maybe remove this comment entirely, as it was an excuse to keep SHA1 here. -- Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2195826329 > > + /* Only SHA-2 is allowed in FIPS 140-3 */ > + if (DIG_TO_MAC(sign_params->dsa_dig) == GNUTLS_MAC_SHA1) { I'd prefer to use `switch` and enumerate all SHA-2 algorithms, rather than special casing SHA-1. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:40:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:40:50 +0000 Subject: [gnutls-devel] GnuTLS | fips: Mark operations using P-192 as not approved (!1887) In-Reply-To: References: Message-ID: Merge request !1887 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1887 Project:Branches: ayankov/gnutls:fips/p192-disabled to gnutls/gnutls:master Author: Angel Yankov Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 06:42:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 05:42:50 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 Project:Branches: dueno/gnutls:wip/dueno/assorted-fixes to gnutls/gnutls:master Author: Daiki Ueno * gnulib: update gnulib submodule * dlwrap: regenerate files * gnutls_privkey_get_spki: avoid NULL dereference in invalid call * gnutls-cli-debug: skip GOST and X25519 tests in FIPS mode ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 09:19:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 08:19:54 +0000 Subject: [gnutls-devel] GnuTLS | Subnet mask analysis (#1596) In-Reply-To: References: Message-ID: dulanshuangqiao commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1596#note_2196061189 I used the provided test path and found that the use case passed the gnutls verification, but the Nameconstraint of the use case had an incorrect subnet mask. I executed certtool --verify --infile E_mask.pem --load-ca-certificate E_maskCA.pem And got the output Chain verification output: Verified. The certificate is trusted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1596#note_2196061189 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 09:51:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 08:51:20 +0000 Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys with modulus >= 2048 bits (!1889) In-Reply-To: References: Message-ID: Angel Yankov commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2196117555 > bits = mpz_sizeinbase(pub.n, 2); > > /* In FIPS 140-3, RSA key size should be larger than > * 2048-bit or one of the known lengths (1024, 1280, Updated to remove the false block sizes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2196117555 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 09:53:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 08:53:01 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1891) In-Reply-To: References: Message-ID: Angel Yankov commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2196121701 > if (hash_len > vdata->size) > hash_len = vdata->size; > > - /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy > + /* SHA-1 is not allowed for SigVer in FIPS 140-3 in legacy Good point, there is no reason for it now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2196121701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 11:48:45 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 10:48:45 +0000 Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys with modulus >= 2048 bits (!1889) In-Reply-To: References: Message-ID: All discussions on merge request !1889 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1889 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 11:49:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 10:49:26 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1891) In-Reply-To: References: Message-ID: All discussions on merge request !1891 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 11:49:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 10:49:05 +0000 Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys with modulus >= 2048 bits (!1889) In-Reply-To: References: Message-ID: Merge request !1889 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889 Project:Branches: ayankov/gnutls:fips/rsa2048 to gnutls/gnutls:master Author: Angel Yankov -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 6 11:50:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 06 Nov 2024 10:50:14 +0000 Subject: [gnutls-devel] GnuTLS | fips: Mark operations using P-192 as not approved (!1887) In-Reply-To: References: Message-ID: Merge request !1887 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1887 Project:Branches: ayankov/gnutls:fips/p192-disabled to gnutls/gnutls:master Author: Angel Yankov -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1887 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 7 14:15:02 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 07 Nov 2024 13:15:02 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 12:16:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 11:16:18 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973717 > +/* > + * This file is part of GNUTLS. Maybe also add the copyright line and author name? -- Zolt?n Fridrich started a new discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973735 > +#include "liboqs/sha3x4.h" > + > +#include "dlwrap/oqs.h" Includes could be sorted. -- Zolt?n Fridrich started a new discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973750 > + return; > + > + for (size_t i = 0; i < 4; i++) { I think we don't use the syntax of declaring vars in for loops. I am not sure if it matters though. -- Zolt?n Fridrich started a new discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973763 > + return; > + > + for (size_t i = 0; i < 4; i++) { maybe better to do something similar to `sizeof(p->hds) / sizeof(p->hds[0])` rather then hard coding. Also change this in other functions. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 12:16:19 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 11:16:19 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973776 Mostly nits. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973776 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 12:33:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 11:33:01 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200998447 > +/* > + * This file is part of GNUTLS. Good point. @d-Dudas, could you let me know what copyright header you would prefer? Is "Copyright (C) 2024 David Dudas" ok? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200998447 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 12:33:17 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 11:33:17 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200998830 > + * > + * This library is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +#include "config.h" > + > +#include "liboqs/sha3x4.h" > + > +#include "dlwrap/oqs.h" Fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200998830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 12:34:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 11:34:09 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200999999 > +#include "dlwrap/oqs.h" > +#include > +#include "gnutls_int.h" > +#include > +#include "attribute.h" > + > +struct sha3_x4_context_st { > + gnutls_hash_hd_t hds[4]; > +}; > + > +static void sha3_x4_context_deinit(struct sha3_x4_context_st *context) > +{ > + if (!context) > + return; > + > + for (size_t i = 0; i < 4; i++) { That should be OK, as long as CONTRIBUTING.md suggests C99. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200999999 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 12:35:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 11:35:08 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201001370 > +#include "dlwrap/oqs.h" > +#include > +#include "gnutls_int.h" > +#include > +#include "attribute.h" > + > +struct sha3_x4_context_st { > + gnutls_hash_hd_t hds[4]; > +}; > + > +static void sha3_x4_context_deinit(struct sha3_x4_context_st *context) > +{ > + if (!context) > + return; > + > + for (size_t i = 0; i < 4; i++) { The file is about 4-parallel SHAKE implementation, so I just defined a macro `SHA3_N` (= 4). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201001370 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 12:38:13 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 11:38:13 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: David Dudas commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201005728 > +/* > + * This file is part of GNUTLS. I think "Copyright (C) 2024 David Dudas" it's ok. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201005728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 13:08:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 12:08:08 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: All discussions on merge request !1894 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 14:00:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 13:00:38 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Simon Josefsson commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201146735 > +/* > + * This file is part of GNUTLS. It would be better if copyrights were assigned to the FSF, IMHO. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201146735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 14:21:12 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 13:21:12 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: David Dudas commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201181556 > +/* > + * This file is part of GNUTLS. For me it's ok if it's assigned to FSF. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201181556 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 15:15:52 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 14:15:52 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201280826 > +/* > + * This file is part of GNUTLS. TBH, I'm not sure if that would work. Do we need to follow the full copyright assignment [procedure](https://www.gnu.org/prep/maintain/html_node/Copyright-Papers.html#Copyright-Papers), or we can casually use "Copyright (C) 2024 Free Software Foundation, Inc."? In particular for a project like GnuTLS which [declared](https://lwn.net/Articles/529522/) to be not part of GNU? (I didn't participate in the decision process at the time, and I personally hope that GnuTLS will rejoin the GNU project at some point) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201280826 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 15:34:10 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 14:34:10 +0000 Subject: [gnutls-devel] GnuTLS | Draft: My master (!1895) References: Message-ID: Angel Yankov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895 Project:Branches: ayankov/gnutls:my_master to gnutls/gnutls:master Author: Angel Yankov ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 15:35:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 14:35:20 +0000 Subject: [gnutls-devel] GnuTLS | Draft: My master (!1895) In-Reply-To: References: Message-ID: Merge request !1895 was closed by Angel Yankov Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895 Project:Branches: ayankov/gnutls:my_master to gnutls/gnutls:master Author: Angel Yankov Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 15:36:02 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 14:36:02 +0000 Subject: [gnutls-devel] GnuTLS | Draft: My master (!1895) In-Reply-To: References: Message-ID: Angel Yankov commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895#note_2201320114 Please nevermind this, I mixed up where I was pushing.. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895#note_2201320114 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 15:38:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 14:38:05 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1891) In-Reply-To: References: Message-ID: Merge request !1891 was closed by Angel Yankov Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 Project:Branches: ayankov/gnutls:fips/sha1_sigver to gnutls/gnutls:master Author: Angel Yankov Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 15:38:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 14:38:07 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1890) In-Reply-To: References: Message-ID: Merge request !1890 was closed by Angel Yankov Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890 Project:Branches: ayankov/gnutls:fips/no_dsa_selftest to gnutls/gnutls:master Author: Angel Yankov Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 8 16:45:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 08 Nov 2024 15:45:23 +0000 Subject: [gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test. (!1896) References: Message-ID: Angel Yankov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1896 Project:Branches: ayankov/gnutls:fips/full_hash_sign to gnutls/gnutls:master Author: Angel Yankov This was required by our FIPS auditor. I couldn't get a handle on how it's mandated by changes in the standard, but apparently this is better, since it's not calling the crypto operations piece by piece. * Use full hash+sign operations in pct_test. pct_test inside fips uses low-level, separate primitves for some hasing and signing. Replace them with high-level, more specific APIs. Signed-off-by: Angel Yankov ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1896 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 10 08:49:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 10 Nov 2024 07:49:39 +0000 Subject: [gnutls-devel] GnuTLS | error: initializer element is not a compile-time constant (#1604) References: Message-ID: Ryan Carsten Schmidt created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1604 gnutls 3.8.8 does not build on macOS 14 or earlier: ``` libtool: compile: /usr/bin/clang -DHAVE_CONFIG_H -I. -I../.. -I./../../gl -I./../../gl -I./../includes -I./../includes -I./../../gl -I./.. -I/opt/local/include -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX14.sdk -Wtype-limits -Wall -Wbad-function-cast -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wextra -Winit-self -Winvalid-pch -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnull-dereference -Wold-style-definition -Wpacked -Wpointer-arith -Wshadow -Wstrict-prototypes -Wuninitialized -Wunknown-pragmas -Wvariadic-macros -Wwrite-strings -Wformat=2 -Wno-missing-field-initializers -Wno-unused-parameter -fdiagnostics-show-option -fno-builtin-strcmp -I/opt/local/include/p11-kit-1 -pipe -Os -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX14.sdk -arch x86_64 -c mac.c -fno-common -DPIC -o .libs/mac.o groups.c:93:2: error: initializer element is not a compile-time constant group_x25519, ^~~~~~~~~~~~ 1 error generated. make[4]: *** [groups.lo] Error 1 ``` Full log: https://build.macports.org/builders/ports-14_x86_64-builder/builds/50991/steps/install-port/logs/stdio Regression; 3.8.7 built ok. Presumably caused by 806dd5e3d459e7ca73ba0756286b095e655d82e2 (@dueno) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 10 11:35:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 10 Nov 2024 10:35:16 +0000 Subject: [gnutls-devel] GnuTLS | error: initializer element is not a compile-time constant (#1604) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1604#note_2202522937 Also reported in https://lists.gnupg.org/pipermail/gnutls-help/2024-November/004866.html As I couldn't reproduce it with Clang 18 on Fedora (and the element is really a compile-time constant), so using a newer Clang might work around the issue. We could expand the definition of `group_x25519` in the initializer, though it would also pose a problem when compiled with --with-liboqs.. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1604#note_2202522937 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 10 13:09:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 10 Nov 2024 12:09:16 +0000 Subject: [gnutls-devel] GnuTLS | Clarification on stable/unstable version numbering (#1605) References: Message-ID: Ryan Carsten Schmidt created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1605 [In the manual](https://www.gnutls.org/manual/html_node/Downloading-and-installing.html) it says: > GnuTLS uses a development cycle where even minor version numbers indicate a stable release and a odd minor version number indicate a development release. For example, GnuTLS 1.6.3 denote a stable release since 6 is even, and GnuTLS 1.7.11 denote a development release since 7 is odd. This is contracted by [the download page](https://www.gnutls.org/download.html) which says: > | Release | Version | ? > | -------------- | ------- | - > | Next? | 3.8.x | ? > | Current stable | 3.7.x | ? Which is correct? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 10 13:48:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 10 Nov 2024 12:48:18 +0000 Subject: [gnutls-devel] GnuTLS | error: initializer element is not a compile-time constant (#1604) In-Reply-To: References: Message-ID: Ryan Carsten Schmidt commented: https://gitlab.com/gnutls/gnutls/-/issues/1604#note_2202542748 We had build failure on macOS 14 with Apple clang version 15.0.0 (clang-1500.3.9.4) from Xcode 15.4 (which is based on llvm 16.0.0) and earlier, and build success on macOS 15 with Apple clang version 16.0.0 (clang-1600.0.26.3) from Xcode 16.0 (which is based on llvm 17.0.6). So yes, I suspect using llvm.org clang 17 or later would work. But clang 17 is pretty new; it was released September 2023. Requiring it may cause problems for some users whose distributions do not have a compiler that new. Does gnutls have a documented C language version or set of compiler features that it aims to remain compatible with? I didn't find it in the documentation and all I found in the configure script was a check for C99. Increasing the requirement from C99 to clang 17 would be drastic, especially in a bugfix release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1604#note_2202542748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 07:01:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 06:01:14 +0000 Subject: [gnutls-devel] GnuTLS | 3.8.8 fails to compile system/ktls (#1606) References: Message-ID: ????? ???????? created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1606 > ./configure --disable-ssl2-support --with-unbound-root-key-file=/usr/local/etc/unbound/root.key --with-default-trust-store-file=/etc/openssl/certs/ca-bundle.crt --with-default-trust-store-dir=/etc/openssl/certs --enable-ktls && make results with gcc 14.2.1 ``` make[4]: Entering directory '/src/gnutls-3.8.8/lib' CC system/ktls.lo system/ktls.c: In function '_gnutls_ktls_set_keys': system/ktls.c:662:68: error: storage size of 'crypto_info' isn't known 662 | struct tls12_crypto_info_chacha20_poly1305 crypto_info; | ^~~~~~~~~~~ system/ktls.c:666:33: error: 'TLS_CIPHER_CHACHA20_POLY1305' undeclared (first use in this function); did you mean 'GNUTLS_CIPHER_CHACHA2 0_POLY1305'? 666 | TLS_CIPHER_CHACHA20_POLY1305; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ | GNUTLS_CIPHER_CHACHA20_POLY1305 system/ktls.c:666:33: note: each undeclared identifier is reported only once for each function it appears in In file included from ./mbuffers.h:28, from ./buffers.h:26, from ./record.h:27, from system/ktls.c:32: system/ktls.c:668:32: error: 'TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE' undeclared (first use in this function); did you mean 'GNUTLS_CIPHE R_CHACHA20_POLY1305'? 668 | TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ system/ktls.c:674:40: error: 'TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE' undeclared (first use in this function); did you mean 'GNUTLS_CIPHER _CHACHA20_POLY1305'? 674 | TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | GNUTLS_CIPHER_CHACHA20_POLY1305 system/ktls.c:678:40: error: 'TLS_CIPHER_CHACHA20_POLY1305_SALT_SIZE' undeclared (first use in this function); did you mean 'GNUTLS_CIPH ER_CHACHA20_POLY1305'? 678 | TLS_CIPHER_CHACHA20_POLY1305_SALT_SIZE + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ system/ktls.c:690:32: error: 'TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE' undeclared (first use in this function); did you mean 'TLS_CIPH ER_AES_GCM_128_REC_SEQ_SIZE'? 690 | TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE system/ktls.c:662:68: warning: unused variable 'crypto_info' [-Wunused-variable] 662 | struct tls12_crypto_info_chacha20_poly1305 crypto_info; | ^~~~~~~~~~~ system/ktls.c:837:68: error: storage size of 'crypto_info' isn't known 837 | struct tls12_crypto_info_chacha20_poly1305 crypto_info; | ^~~~~~~~~~~ system/ktls.c:837:68: warning: unused variable 'crypto_info' [-Wunused-variable] ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 09:51:15 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 08:51:15 +0000 Subject: [gnutls-devel] Guile-GnuTLS | doc/gnutls-guile: Update "Anonymous Authentication Guile Example" (!26) In-Reply-To: References: Message-ID: Merge request !26 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/26 Project:Branches: a_v_p/guile-gnutls:avp-update-anonymous-authentication-guile-example to gnutls/guile:master Author: Artyom V_ Poptsov -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/26 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 10:30:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 09:30:06 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Do not list unimplemented public-key algorithms in pk-algorithm-list (!27) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/27 Branches: fix-macos-build to master Author: Vivien Kraus Would Rather Not Be On Gitlab_com It looks like pk-algorithm-list includes things that are not recognized as pk-algorithms in the Macos build. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 10:33:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 09:33:27 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Do not list unimplemented public-key algorithms in pk-algorithm-list (!27) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203180483 Please disregard this, it should be solved at configure time instead. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203180483 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 10:44:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 09:44:39 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key algorithms returned by gnutls have an enumeration value in gnutls-guile (!27) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !27 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 10:58:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 09:58:16 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key algorithms returned by gnutls have an enumeration value in gnutls-guile (!27) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203226540 https://gitlab.com/gnutls/guile/-/jobs/8322133379#L1118 It looks like on macos, there is a public-key algorithm number 13. Is it a new algorithm? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203226540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:00:29 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:00:29 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key algorithms returned by gnutls have an enumeration value in gnutls-guile (!27) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203230295 13 is GNUTLS_PK_RSA_OAEP which is new, does macos really have it? Then maybe something is wrong with the configure.ac detection logic. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203230295 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:02:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:02:39 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key algorithms returned by gnutls have an enumeration value in gnutls-guile (!27) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203234110 Yes, seems like brew has 3.8.4 which has OAEP. So I wonder why the configure.ac check works on all GNU/Linux platforms but not mac?! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203234110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:04:04 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:04:04 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key algorithms returned by gnutls have an enumeration value in gnutls-guile (!27) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203237188 (sorry I clicked the wrong button and it displays a review and not a comment) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203237188 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:05:12 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:05:12 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key algorithms returned by gnutls have an enumeration value in gnutls-guile (!27) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203239372 All tests fail with the compiler chocking at `#include ` (`conftest.c:47:10: fatal error: 'gnutls/gnutls.h' file not found`) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203239372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:10:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:10:39 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key algorithms returned by gnutls have an enumeration value in gnutls-guile (!27) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203250538 Oh. I think configure.ac should reject that as a broken setup, rather than accepting it and then failing to detect all the symbols it wants to check for. However since compilation succeeds, it doesn't look like a broken setup, but a bug in the configure.ac setting? Probably missing CFLAGS's. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203250538 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:11:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:11:58 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key algorithms returned by gnutls have an enumeration value in gnutls-guile (!27) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203252706 I had a bad copy-paste when I added gnutls feature checks, so the GNUTLS_CFLAGS and GNUTLS_LIB from pkg-config were evicted from CFLAGS and LIBS too early. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203252706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:19:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:19:23 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Fix macos build (!27) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !27 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:21:37 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:21:37 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Fix macos build (!27) In-Reply-To: References: Message-ID: Simon Josefsson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203267288 Thank you! Looks good. I'll merge once the pipeline is happy -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203267288 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:29:13 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:29:13 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Sometimes really slow 'make check' in pipeline (#26) References: Message-ID: Simon Josefsson created an issue: https://gitlab.com/gnutls/guile/-/issues/26 Maybe a /dev/random related delay? Canceling a job gives a backtrace like this: ``` Terminated FAIL: tests/x509-auth.scm ====================================================== Guile-GnuTLS 4.0.0.18-b2b0: guile/test-suite.log ====================================================== # TOTAL: 23 # PASS: 22 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: tests/x509-auth.scm ========================= throw to `gnutls-error' with args (# handshake) [PID 14806] 14 (primitive-load "/builds/gnutls/guile/guile/./tests/x50?") In ice-9/eval.scm: 155:9 13 (_ _) In ice-9/boot-9.scm: 1731:15 12 (with-exception-handler # ?) 1736:10 11 (with-exception-handler _ _ #:unwind? _ # _) 142:2 10 (dynamic-wind _ _ #) In ice-9/eval.scm: 155:9 9 (_ _) 279:15 8 (_ #(#(# ?))) 619:8 7 (_ #(#(#(# # ?)) ?)) In unknown file: 6 (handshake #) In ice-9/boot-9.scm: 1669:16 5 (raise-exception _ #:continuable? _) 1764:13 4 (_ #<&compound-exception components: (#<&error> #<&irri?>) In ice-9/eval.scm: 619:8 3 (_ #(#(#) ?)) In ice-9/boot-9.scm: 142:2 2 (dynamic-wind # ?) In ice-9/eval.scm: 159:9 1 (_ #(#(# ?))) In unknown file: 0 (make-stack #t) FAIL tests/x509-auth.scm (exit status: 143) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/26 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:33:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:33:54 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Fix macos build (!27) In-Reply-To: References: Message-ID: Merge request !27 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/27 Branches: fix-macos-build to master Author: Vivien Kraus Would Rather Not Be On Gitlab_com -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:46:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:46:58 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: X509 auth test: do not use the same file for certificate and trust file (!28) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/28 Branches: read-race-in-x509-auth-test to master Author: Vivien Kraus Would Rather Not Be On Gitlab_com It seems like on old versions (used in the Ubuntu20.04-git and Trisquel10-git CI jobs), some sort of a read race is happening. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 11:50:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 10:50:27 +0000 Subject: [gnutls-devel] Guile-GnuTLS | New release: Guile-GnuTLS 4.0.1 - v4.0.1 Message-ID: A new Release v4.0.1 for Guile-GnuTLS was published. Visit the Releases page to read more about it: https://gitlab.com/gnutls/guile/-/releases Assets: - Download zip: https://gitlab.com/gnutls/guile/-/archive/v4.0.1/guile-v4.0.1.zip - Download tar.gz: https://gitlab.com/gnutls/guile/-/archive/v4.0.1/guile-v4.0.1.tar.gz - Download tar.bz2: https://gitlab.com/gnutls/guile/-/archive/v4.0.1/guile-v4.0.1.tar.bz2 - Download tar: https://gitlab.com/gnutls/guile/-/archive/v4.0.1/guile-v4.0.1.tar Release notes: https://gitlab.com/gnutls/guile/-/blob/v4.0.1/NEWS [guile-gnutls-4.0.1.tar.gz](/uploads/f80b3a30cfc66c988775edc4ce3fb546/guile-gnutls-4.0.1.tar.gz) [guile-gnutls-4.0.1.tar.gz.sig](/uploads/dfab0dfed009502d31fed0770afe23db/guile-gnutls-4.0.1.tar.gz.sig) -- View it on GitLab: https://gitlab.com/gnutls/guile/-/releases You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 12:21:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 11:21:54 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: X509 auth test: do not use the same file for certificate and trust file (!28) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/28#note_2203361580 After these tests, I would be surprised if it were concurrent reads of the certificate file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/28#note_2203361580 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 12:22:45 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 11:22:45 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: X509 auth test: do not use the same file for certificate and trust file (!28) In-Reply-To: References: Message-ID: Merge request !28 was closed by Vivien Kraus Would Rather Not Be On Gitlab_com Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/28 Branches: read-race-in-x509-auth-test to master Author: Vivien Kraus Would Rather Not Be On Gitlab_com Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 11 12:27:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 11 Nov 2024 11:27:05 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Sometimes really slow 'make check' in pipeline (#26) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/issues/26#note_2203369202 It looks suspiciously similar to https://gitlab.com/gnutls/guile/-/issues/22 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/26#note_2203369202 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 12 14:09:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Nov 2024 13:09:20 +0000 Subject: [gnutls-devel] GnuTLS | incomplete error checking with hybrid ML-KEM key exchange groups (#1607) References: Message-ID: Alicja Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1607 ## Description of problem: When GnuTLS server is configured to enable the `x25519mlkem768` and `secp256r1mlkem768` groups, some malformed key shares from the client aren't handled correctly. ## Version of gnutls used: gnutls-3.8.8-1.el10.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: Steps to Reproduce: * run the tlsfuzzer `test-tls13-mlkem.py` script ## Actual results: The following tests fail: * `secp256r1mlkem768: invalid ECDH point format: compressed` * `secp256r1mlkem768: invalid ECDH point format: hybrid` * `secp256r1mlkem768: invalid ECDH point format: raw` * `secp256r1mlkem768: malformed pqc part, variable 0` * `secp256r1mlkem768: malformed pqc part, variable 1` * `secp256r1mlkem768: malformed pqc part, variable 2` * `secp256r1mlkem768: malformed pqc part, variable 3` * `x25519mlkem768: malformed pqc part, variable 0` * `x25519mlkem768: malformed pqc part, variable 1` * `x25519mlkem768: malformed pqc part, variable 2` * `x25519mlkem768: malformed pqc part, variable 3` ## Expected results: The tests should pass (reject the queries with malformed pqc part and reject the invalid ECDH parts with `illegal_parameter`) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 12 14:17:37 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Nov 2024 13:17:37 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: All discussions on merge request !1894 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 12 14:17:43 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Nov 2024 13:17:43 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Merge request !1894 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 Project:Branches: dueno/gnutls:wip/dueno/assorted-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Alicja Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 12 14:43:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Nov 2024 13:43:33 +0000 Subject: [gnutls-devel] Guile-GnuTLS | pipeline: Add debian testing job. (!29) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/29 Branches: debian-testing-job to master Author: Simon Josefsson This will add testing against latest GnuTLS in Debian, sometimes more recent versions break things (compare #25). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 12 14:47:34 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Nov 2024 13:47:34 +0000 Subject: [gnutls-devel] Guile-GnuTLS | SRP build option (#4) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/issues/4#note_2205931679 Lack of better handling of this now breaks 'make distcheck' on any platform that lack GnuTLS with SRP: ``` make[6]: *** No rule to make target 'tests/srp-base64.scm', needed by 'tests/srp-base64.scm.log'. Stop. ``` I think the SRP stuff be conditionalized like the existing crypto on/off handling. Maybe something extra is needed because this was in libgnutls-extra. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/4#note_2205931679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 12 15:01:19 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 12 Nov 2024 14:01:19 +0000 Subject: [gnutls-devel] Guile-GnuTLS | pipeline: Add debian testing job. (!29) In-Reply-To: References: Message-ID: Merge request !29 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/29 Branches: debian-testing-job to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/29 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 14 10:12:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Nov 2024 09:12:31 +0000 Subject: [gnutls-devel] GnuTLS | keyusage extension parsing (#1608) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1608 ## Description of problem: Parse the certificate using certtool -i --inraw --infile fd.der ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * certtool -i --inraw --infile fd.der ## Actual results: ![image](/uploads/ba24e73fd5661075a38924e3137e0868/image.png) ## Expected results: I parse the certificate which has a keyusage extension with an empty value. gnutls throws a tag error, while openssl successfully parses and displays a null value ![image](/uploads/8218bebff0161d782fa31f8491b0adf2/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1608 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 14 11:12:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Nov 2024 10:12:14 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Publish PGP signed minimal tarball a'la git-archive (#27) References: Message-ID: Simon Josefsson created an issue: https://gitlab.com/gnutls/guile/-/issues/27 For inspiration and background see: https://blog.josefsson.org/2024/04/01/towards-reproducible-minimal-source-code-tarballs-please-welcome-src-tar-gz/ https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/27 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 14 11:12:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Nov 2024 10:12:47 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Produce a reproducible source tarball and verify that in pipeline (#28) References: Message-ID: Simon Josefsson created an issue: https://gitlab.com/gnutls/guile/-/issues/28 For inspiration and background see: https://blog.josefsson.org/2024/04/01/towards-reproducible-minimal-source-code-tarballs-please-welcome-src-tar-gz/ https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/28 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 14 14:05:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Nov 2024 13:05:41 +0000 Subject: [gnutls-devel] GnuTLS | does not abort the connection when client does not send uncompressed format in ECPointFormatList or sends an epmty ECPointFormatList (#1609) References: Message-ID: AnnaStarovojtova created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1609 ## Description of problem: The server does not abort the connection when: - the client sends an ECPointFormatList without the uncompressed format in it; - the client sends an empty ECPointFormatList. ## Version of gnutls used: gnutls-cli 3.8.6 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora ## How reproducible: Steps to Reproduce: run the tlsfuzzer `test-point-extension.py` script ## Actual results: The following tests fail: - ECDHE uncompressed extension missing - ECDHE empty list extension ## Expected results: - When the client sends the ECPointForamtList with only compressed values, the server must abort the handshake and return illegal_parameter alert. * RFC8422 - 5.1.2. Supported Point Formats Extension >>> If the client sends the extension and the extension does not contain the uncompressed point format, and the client has used the Supported Groups extension to indicate support for any of the curves defined in this specification, then the server MUST abort the handshake and return an illegal_parameter alert. >>> - When the client sends an empty ECPointFormatList, the client should abort the handshake and return a decode_error alert. * RFC8422 - 5.1.2. Supported Point Formats Extension > struct { ECPointFormat ec_point_format_list\<1..2^8-1\> } ECPointFormatList; -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 14 14:16:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Nov 2024 13:16:01 +0000 Subject: [gnutls-devel] GnuTLS | keyusage extension parsing (#1608) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1608#note_2210585857 > I parse the certificate which has a keyusage extension with an empty value. Sorry, I don't think that's a valid certificate. https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3: > When the keyUsage extension appears in a certificate, at least one of the bits MUST be set to 1. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1608#note_2210585857 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 14 15:00:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 14 Nov 2024 14:00:54 +0000 Subject: [gnutls-devel] GnuTLS | keyusage extension parsing (#1608) In-Reply-To: References: Message-ID: dulanshuangqiao commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1608#note_2210695293 openssl gives other views on this While RFC 5280 states that "at least one of the bits MUST be set to 1," X.509 does not. X.509 just says that if the extension is present and all bits are zero, then the key is intended for a purpose other than the ones listed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1608#note_2210695293 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 15 08:54:22 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 15 Nov 2024 07:54:22 +0000 Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894) In-Reply-To: References: Message-ID: Merge request !1894 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 Project:Branches: dueno/gnutls:wip/dueno/assorted-fixes to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Alicja Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 15 20:55:59 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 15 Nov 2024 19:55:59 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) References: Message-ID: William Roberts created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1610 Fedora 40 ``` git clone --depth 1 --branch 3.8.8 https://gitlab.com/gnutls/gnutls.git cd gnutls ./bootstrap ./configure --with-included-unistring make dist-xz ``` Fails with: ``` make ./errcodes make[4]: Entering directory '/home/bill/tmp/gnutls/doc' CC errcodes.o CC common.o make[4]: *** No rule to make target '../lib/libgnutls.la', needed by 'errcodes'. Stop. make[4]: Leaving directory '/home/bill/tmp/gnutls/doc' make[3]: *** [Makefile:6239: error_codes.texi] Error 2 ``` I would expect it to work or to apprise me of a missing option. If make dist depends on the library isn't their some way to inform them of that dependency in a way that will trigger it to build? This is beyond mu automake knowledge as I thought LDADD would do it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 15 21:01:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 15 Nov 2024 20:01:20 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: William Roberts commented: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2214155270 After issuing `make`, it avoids that error but still errors: ``` make[3]: *** No rule to make target 'libdane/libgnutls-dane.la', needed by 'abi-check-latest'. Stop. ``` This looks enabled by default and I can't identify the target to build this? I have a pile of questions on how the tarball is created for the fedora package as well and why make asm-sources fails with a missing `.s` file: ``` make: *** No rule to make target 'lib/accelerated/aarch64/coff/ghash-aarch64.s', needed by 'asm-sources'. Stop. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2214155270 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 16 07:22:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Nov 2024 06:22:03 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2214420941 Running a regular "make" before running make dist on a the fresh checkout (or after running `git clean -fxd && git reset --hard`) works for me. ``` ./bootstrap && ./configure --with-included-unistring && make && make dist-xz ``` I suspect you either had a dirty checkout or "make" already threw an error. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2214420941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 16 19:27:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 16 Nov 2024 18:27:27 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS mode (!1897) References: Message-ID: Po-Hsing Wu created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897 Project:Branches: 0140454/gnutls:fips/mark-eddsa-approved to gnutls/gnutls:master Author: Po-Hsing Wu FIPS 186-5 approves EdDSA. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 01:48:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 00:48:06 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS mode (!1897) In-Reply-To: References: Message-ID: Merge request !1897 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897 Project:Branches: 0140454/gnutls:fips/mark-eddsa-approved to gnutls/gnutls:master Author: Po-Hsing Wu Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 01:48:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 00:48:03 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS mode (!1897) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2214723179 @0140454 This looks great; thank you for also adding the self-tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2214723179 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 01:49:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 00:49:53 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1891) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2214723336 @ayankov Same here as https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2214723286 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2214723336 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 01:49:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 00:49:23 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1890) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2214723286 @ayankov This MR seems to have been mistakenly closed as the source project has been removed. Could you resurrect it somehow, e.g., as as new MR? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2214723286 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 06:29:56 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 05:29:56 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS mode (!1897) In-Reply-To: References: Message-ID: Po-Hsing Wu commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2214757237 @dueno Tests have been updated to make CI pipeline succeed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2214757237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 09:01:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 08:01:21 +0000 Subject: [gnutls-devel] GnuTLS | key usage extension Parse (#1611) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1611 ## Description of the feature: The X.509 description of the keyusage extension states that? If the extension is present with all bits set to zero,the key is intended for a purpose other than those listed above. In this case, openssl's parsing result is presented as... while gnutls's parsing result is empty ![image](/uploads/e9bf59d384254389fb46b0cab2b90a9e/image.png){width=272 height=47} ## Applications that this feature may be relevant to: Parse certificate ## Is this feature implemented in other libraries (and which) openssl implemented ![image](/uploads/dc4e1027c8a2cbe58706559d1782d88a/image.png){width=272 height=64} -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 12:49:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 11:49:26 +0000 Subject: [gnutls-devel] GnuTLS | fips: only perform DSA selftest if DSA enabled (!1898) References: Message-ID: Po-Hsing Wu created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898 Project:Branches: 0140454/gnutls:fips/only-run-dsa-sleftest-if-enabled to gnutls/gnutls:master Author: Po-Hsing Wu When building with `--disable-dsa`, DSA selftest is not defined in the `gnutls_pk_self_test` function. Finally, it causes selftest failed with error `GNUTLS_E_NO_SELF_TEST` ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 12:58:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 11:58:06 +0000 Subject: [gnutls-devel] GnuTLS | fips: only perform DSA selftest if DSA enabled (!1898) In-Reply-To: References: Message-ID: Po-Hsing Wu commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898#note_2214852894 Close this because there already have another MR !1890 that seems to be just closed accidentally. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898#note_2214852894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 17 12:58:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 17 Nov 2024 11:58:06 +0000 Subject: [gnutls-devel] GnuTLS | fips: only perform DSA selftest if DSA enabled (!1898) In-Reply-To: References: Message-ID: Merge request !1898 was closed by Po-Hsing Wu Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898 Project:Branches: 0140454/gnutls:fips/only-run-dsa-sleftest-if-enabled to gnutls/gnutls:master Author: Po-Hsing Wu Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 18 18:53:30 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 18 Nov 2024 17:53:30 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2216580176 Even with that, how come the Makefile isn't setup to correctly track the dependencies so the tools that need the library for make dist properly build them? Ie this should work, "`./bootstrap && ./configure --with-included-unistring && make dist-xz`" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2216580176 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 18 18:57:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 18 Nov 2024 17:57:47 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2216585255 Even cleaning and doing as you described still yields: make[3]: *** No rule to make target 'libdane/libgnutls-dane.la', needed by 'abi-check-latest'. Stop. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2216585255 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 03:34:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 02:34:33 +0000 Subject: [gnutls-devel] GnuTLS | Parse repeated extension (#1612) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1612 ## Description of the feature: Try parsing a certificate with duplicate extensions ## Applications that this feature may be relevant to: In the interests of predictability, it is probably better to reject certificates with duplicated extensions during validation, but not refuse to parse them. ## Is this feature implemented in other libraries (and which) OpenSSL allows parsing of certificates with repeated extensions, in order to meet predictability openssl x509 -in Cert17319379201A1.der -noout -text Certificate: X509v3 extensions: X509v3 Authority Key Identifier: keyid:8C:AE:A9:CD:18:10:47:48:33:5D:C6:AC:2B:6A:29:BB:5F:B4:7D:29 DirName:/CN=RandomIssuer-1763/C=US/O=RandomOrg-1011 serial:02:18:94:68:C7 X509v3 Authority Key Identifier: keyid:8C:AE:A9:CD:18:10:47:48:33:5D:C6:AC:2B:6A:29:BB:5F:B4:7D:29 DirName:/CN=RandomIssuer-1763/C=US/O=RandomOrg-1011 serial:02:18:B9:68:C7 certtool -i --inraw --infile Cert17319379201A1.der import error: Duplicate extension in X.509 certificate. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 14:11:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 13:11:05 +0000 Subject: [gnutls-devel] GnuTLS | wrong server behaviour with different encodings in ECPointFormatList (#1609) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1609#note_2218144188 Test script: https://github.com/tlsfuzzer/tlsfuzzer/pull/955 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1609#note_2218144188 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 14:15:32 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 13:15:32 +0000 Subject: [gnutls-devel] GnuTLS | key usage extension Parse (#1611) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich Issue #1611: https://gitlab.com/gnutls/gnutls/-/issues/1611 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 14:15:34 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 13:15:34 +0000 Subject: [gnutls-devel] GnuTLS | key usage extension Parse (#1611) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1611#note_2218155444 Seems like a duplicate of https://gitlab.com/gnutls/gnutls/-/issues/1608 closing this issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1611#note_2218155444 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 18:15:59 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 17:15:59 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218684139 William Robert wrote > Even cleaning and doing as you described still yields: make[3]: *** No rule to make target 'libdane/libgnutls-dane.la', needed by 'abi-check-latest'. Stop. Could you attach a complete log of the whole process? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218684139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 20:07:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 19:07:33 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218913237 make dist-xz 2>&1 | tee [gnutls-build.txt](/uploads/a2d16d317c70c91502a1e3e52b7d5339/gnutls-build.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218913237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 20:56:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 19:56:20 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218989353 That is just `make dist-xz`. ```sh git clean -fxd && git reset --hard && ./bootstrap && ./configure --disable-silent-rules- -with-included-unistring && make && make dist-xz ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218989353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 21:25:46 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 20:25:46 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/30 Branches: eddsa-keys-without-y to master Author: Vivien Kraus Would Rather Not Be On Gitlab_com I noticed that Ed25519 keys do not have a two-coordinate public key, and gnutls expects the Y parameter to always be NULL (in and out). In Guile, we should pass #f instead, don?t you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 21:36:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 20:36:06 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/guile/-/merge_requests/30 was reviewed by Simon Josefsson -- Simon Josefsson started a new discussion on guile/tests/eddsa-key-without-y.scm: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219031846 > +;;; GnuTLS --- Guile bindings for GnuTLS > +;;; Copyright (C) 2011-2022 Free Software Foundation, Inc. Add 2023+2024? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 21:36:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 20:36:54 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219032880 Sounds good generally, no strong opinion nor particularly careful review by me, but I'm happy to merge it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219032880 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 22:11:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 21:11:33 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Draft: ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !30 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 22:12:32 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 21:12:32 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !30 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 22:13:24 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 21:13:24 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/tests/eddsa-key-without-y.scm: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219091302 > +;;; GnuTLS --- Guile bindings for GnuTLS > +;;; Copyright (C) 2011-2022 Free Software Foundation, Inc. Sorry I copied the file without changing the date. I also removed some unused imports, so it is not a copy-paste anymore. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219091302 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 22:14:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 21:14:54 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219093942 It kind of works without this change, because gnutls accepts an empty datum instead of NULL (the manual says you should pass NULL). But it?s less confusing if we allow #f from guile. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219093942 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 22:16:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 21:16:40 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: Simon Josefsson commented on a discussion on guile/tests/eddsa-key-without-y.scm: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219096342 > +;;; GnuTLS --- Guile bindings for GnuTLS > +;;; Copyright (C) 2011-2022 Free Software Foundation, Inc. Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219096342 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 22:19:46 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 21:19:46 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: All discussions on merge request !30 were resolved by Simon Josefsson https://gitlab.com/gnutls/guile/-/merge_requests/30 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 19 22:20:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 19 Nov 2024 21:20:54 +0000 Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for ed25519 keys. (!30) In-Reply-To: References: Message-ID: Merge request !30 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/30 Branches: eddsa-keys-without-y to master Author: Vivien Kraus Would Rather Not Be On Gitlab_com -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 20 08:37:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Nov 2024 07:37:09 +0000 Subject: [gnutls-devel] GnuTLS | Certificate parsing differences (#1613) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1613 ## Description of problem: The results of parsing the certificate using gnutls_x509_crt_import are different from those of parsing the certificate using certtool -i --inraw --infile fd.der ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * one Parse the certificate using gnutls_x509_crt_import * two Parse the certificate using certtool -i --inraw --infile Cert1731937920100M2.der [Cert1731937920100M2.der](/uploads/916d89d6e6698f9c4036db86b169bace/Cert1731937920100M2.der) ## Actual results: gnutls_x509_crt_import success,return GNUTLS_E_SUCCESS (0) certtool -i --inraw --infile fd.der throws error:gnutls_x509_ext_import_authority_key_id: ASN1 parser:Error in DER parsing ## Expected results: gnutls_x509_crt_import Returns an error value -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1613 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 20 12:26:00 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Nov 2024 11:26:00 +0000 Subject: [gnutls-devel] GnuTLS | Update errors.c (!1899) References: Message-ID: Kazooba B Lawrence created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899 Project:Branches: kazlaw/gnutls:kazlaw-master-patch-06071 to gnutls/gnutls:master Author: Kazooba B Lawrence * Update errors.c ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 20 12:28:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Nov 2024 11:28:54 +0000 Subject: [gnutls-devel] GnuTLS | Update errors.c (!1899) In-Reply-To: References: Message-ID: Kazooba B Lawrence commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220034801 Hello, It looked like a typo and try to track this repo down and see if it can be fixed! ![image](/uploads/4cbbce3aadde4d9d7fc35b9e5a27c747/image.png){width=1209 height=361} -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220034801 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 20 13:07:04 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Nov 2024 12:07:04 +0000 Subject: [gnutls-devel] GnuTLS | Update errors.c (!1899) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220098061 Not sure what the best replacement would be though, since both "was not properly terminated" and "was not terminated properly" increase ambiguity by including the possibility that it wasn't terminated at all. "Was terminated improperly"? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220098061 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 20 14:13:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Nov 2024 13:13:39 +0000 Subject: [gnutls-devel] GnuTLS | Update errors.c (!1899) In-Reply-To: References: Message-ID: Kazooba B Lawrence commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220215060 https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220098061 I definitely see your point -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220215060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 20 18:29:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Nov 2024 17:29:20 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220727792 Ahh you wanted all of the commands :-p attached. ```bash git clean -fxd && (git reset --hard && ./bootstrap && ./configure --disable-silent-rules- -with-included-unistring && make && make dist-xz) 2>&1 | tee gnutls-build-2.txt ``` [gnutls-build-2.txt](/uploads/8c4acc9386540dca2b1473e581d9d48f/gnutls-build-2.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220727792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 20 19:53:37 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Nov 2024 18:53:37 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220830673 This ends with: > make[3]: *** No rule to make target 'libdane/libgnutls-dane.la', needed by 'abi-check-latest'. Stop. Which is caused by ``` checking for unbound library... no configure: WARNING: *** *** libunbound was not found. Libdane will not be built. *** ```` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220830673 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 20 21:02:43 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 20 Nov 2024 20:02:43 +0000 Subject: [gnutls-devel] GnuTLS | make dist fails (#1610) In-Reply-To: References: Message-ID: William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220906616 You should never get through configure and have a mystery error in a make target, patch incoming for that. The other issue here, is that the errcodes build that depends on the library should trigger the build of the library, but it's not. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220906616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 21 08:13:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 21 Nov 2024 07:13:03 +0000 Subject: [gnutls-devel] GnuTLS | Certificate verification error (#1614) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1614 ## Description of problem: A malformed subnet mask in a name constraints extension passes validation with gnutls ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: certtool --verify --infile E_mask.pem --load-ca-certificate E_maskCA.pem [CA.pem](/uploads/f0c8c31a4ca2183268e21a719ea13402/CA.pem) [cert.pem](/uploads/c614d24ec414d01009cbc53713ed2113/cert.pem) ## Actual results: Chain validation output: Verified. The certificate is trusted. ## Expected results: verify failed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1614 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 21 08:16:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 21 Nov 2024 07:16:40 +0000 Subject: [gnutls-devel] GnuTLS | Name constraints extension parsing failed (#1615) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1615 ## Description of problem: The certtool -i command failed to successfully parse the Nameconstrains extension ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: certtool -i --infile test.pem ## Actual results: ![image](/uploads/f20b030a45ecea99a589a772895987dc/image.png) ## Expected results: ![image](/uploads/1b8be4d237eb5bedc2b15a0dc0ef8509/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 22 01:31:19 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Nov 2024 00:31:19 +0000 Subject: [gnutls-devel] GnuTLS | --with-included-tasn1 broken (#1616) References: Message-ID: Joshua Hudson created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1616 ## Description of problem: Configure command that should work but doesn't: CC=/home/DEXTER2/jhudson/musl/musl-1.2.5-build/bin/musl-gcc CFLAGS='-O3 -ffunction-sections -static -I/home/DEXTER2/jhudson/certtool/include -L/home/DEXTER2/jhudson/certtool/lib -L/home/DEXTER2/jhudson/certtool/lib64' LDFLAGS='-static -Wl,-gc-sections -L/home/DEXTER2/jhudson/certtool/lib -L/home/DEXTER2/jhudson/certtool/lib64' ./configure --disable-shared --prefix=/home/DEXTER2/jhudson/certtool --with-included-unistring --with-included-libtasn1 --disable-cxx --disable-hardware-acceleartion --without-tpm --without-zlib --without-brotli --without-zstd Workaround: CC=/home/DEXTER2/jhudson/musl/musl-1.2.5-build/bin/musl-gcc CFLAGS='-O3 -ffunction-sections -static -I/home/DEXTER2/jhudson/certtool/include -I/home/DEXTER2/jhudson/certtool/gnutls-3.7.11/lib/minitasn1 -L/home/DEXTER2/jhudson/certtool/lib -L/home/DEXTER2/jhudson/certtool/lib64' LDFLAGS='-static -Wl,-gc-sections -L/home/DEXTER2/jhudson/certtool/lib -L/home/DEXTER2/jhudson/certtool/lib64' ./configure --disable-shared --prefix=/home/DEXTER2/jhudson/certtool --with-included-unistring --with-included-libtasn1 --disable-cxx --disable-hardware-acceleartion --without-tpm --without-zlib --without-brotli --without-zstd The workaround: injecting another -I into the include path because the makefile misgenerated. ## Version of gnutls used: gnutls-3.7.11 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) direct ## How reproducible: Try to build from source without libtasn1-dev installed ## Actual results: Compiler error at #include ## Expected results: No compiler error -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1616 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 22 14:25:32 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Nov 2024 13:25:32 +0000 Subject: [gnutls-devel] GnuTLS | Verify command error output (#1617) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1617 ## Description of the feature: Shows the reason why the verification failed For certificate validation failures caused by incorrect extensions, GnuTLS reports the reason as an invalid signature, while OpenSSL attributes the failure to issues with the extensions. ## Applications that this feature may be relevant to: certtool --verify --load-ca-certificate CA.pem --infile fd.pem ## Is this feature implemented in other libraries (and which) openssl error:0580009E:x509 certificate routines:ossl_x509v3_cache_extensions:reason(158):../crypto/x509/v3_purp.c:635: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 22 19:55:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Nov 2024 18:55:09 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add cfg.mk srcdist target, to create git-archive tarball. (!31) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/31 Project:Branches: jas/guile-gnutls:srcdist to gnutls/guile:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/31 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 22 19:55:35 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 22 Nov 2024 18:55:35 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Add cfg.mk srcdist target, to create git-archive tarball. (!31) In-Reply-To: References: Message-ID: Merge request !31 was merged Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/31 Project:Branches: jas/guile-gnutls:srcdist to gnutls/guile:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/31 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 25 15:09:15 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Nov 2024 14:09:15 +0000 Subject: [gnutls-devel] libtasn1 | cicd: Use OracleLinux7 instead of EOL'd CentOS7. (!101) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/101 Project:Branches: jas/libtasn1:fix-cicd to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 25 16:27:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 25 Nov 2024 15:27:31 +0000 Subject: [gnutls-devel] libtasn1 | cicd: Use OracleLinux7 instead of EOL'd CentOS7. (!101) In-Reply-To: References: Message-ID: Merge request !101 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/101 Project:Branches: jas/libtasn1:fix-cicd to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/101 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 26 08:53:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Nov 2024 07:53:26 +0000 Subject: [gnutls-devel] libtasn1 | Update gnulib (!102) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/102 Project:Branches: jas/libtasn1:gnulib-update to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 26 08:54:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 26 Nov 2024 07:54:05 +0000 Subject: [gnutls-devel] libtasn1 | Update gnulib (!102) In-Reply-To: References: Message-ID: Merge request !102 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/102 Project:Branches: jas/libtasn1:gnulib-update to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 27 13:35:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Nov 2024 12:35:40 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1890) In-Reply-To: References: Message-ID: Angel Yankov commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2230366554 Okay, re-opening these did not work so I will open them as new PRs -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2230366554 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 27 13:55:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Nov 2024 12:55:58 +0000 Subject: [gnutls-devel] GnuTLS | consider add cmake build system (#1618) References: Message-ID: Tal Regev created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1618 To continue this issue that open 7 years ago, and last comment 4 year ago. I want to focused to add cmake build system (with autoconf) that allow user to port gnutls to other os (such a windows). On the old issue there are some alternative include cmake, and the advantages to add such a build system in gnutls. https://gitlab.com/gnutls/gnutls/-/issues/320 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 27 14:42:34 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Nov 2024 13:42:34 +0000 Subject: [gnutls-devel] GnuTLS | consider add cmake build system (#1618) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2230494115 GnuTLS supports Windows fine via ./configure today. What is the actual problem? Supporting two, or changing, build systems is a lot of work for little gain. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2230494115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 27 15:55:28 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Nov 2024 14:55:28 +0000 Subject: [gnutls-devel] GnuTLS | consider add cmake build system (#1618) In-Reply-To: References: Message-ID: Tal Regev commented: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2230675102 when compile libgnutls with vcpkg on windows: [build-x64-windows-dbg-err.log](/uploads/f6b410b6b9facd6d7996eafaeb1424fc/build-x64-windows-dbg-err.log) [build-x64-windows-dbg-out.log](/uploads/13e02bb872c19c23065801ce39553d0e/build-x64-windows-dbg-out.log) ``` ../.././../src/v3.8.7.1-e7d3823e53.clean/lib/x509/verify-high2.c(436): error C2065: '_TDIR': undeclared identifier ../.././../src/v3.8.7.1-e7d3823e53.clean/lib/x509/verify-high2.c(436): error C2065: 'dirp': undeclared identifier ``` and more. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2230675102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 27 15:58:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Nov 2024 14:58:07 +0000 Subject: [gnutls-devel] GnuTLS | consider add cmake build system (#1618) In-Reply-To: References: Message-ID: Tal Regev commented: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2230682145 compile mingw on linux and compile on windows it not the same. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2230682145 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 27 15:59:30 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 27 Nov 2024 14:59:30 +0000 Subject: [gnutls-devel] GnuTLS | consider add cmake build system (#1618) In-Reply-To: References: Message-ID: Tal Regev commented: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2230685909 And it not just support windows. You can port it for more possible os. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2230685909 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 28 07:39:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 06:39:47 +0000 Subject: [gnutls-devel] GnuTLS | consider add cmake build system (#1618) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2231538409 Closing as duplicate of #320. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1618#note_2231538409 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 28 07:39:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 06:39:47 +0000 Subject: [gnutls-devel] GnuTLS | consider add cmake build system (#1618) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1618: https://gitlab.com/gnutls/gnutls/-/issues/1618 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 28 10:05:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 09:05:07 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1900) References: Message-ID: Angel Yankov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900 Project:Branches: ayankov/gnutls:fips/sha1_sigver_disable to gnutls/gnutls:master Author: Angel Yankov During FIPS-140-3 prep we were told that SHA-1 cannot be CAVP tested anymore. Thus, Mark it as not approved for signature verification. Signed-off-by: Angel Yankov ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code Note: This is just re-opening https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 as it was accidentally deleted. Code should be the same, but please advise if the switch approving only SHA-2* family is correct. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 28 10:06:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 09:06:47 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1901) References: Message-ID: Angel Yankov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1901 Project:Branches: ayankov/gnutls:fips/no_dsa_selfcheck to gnutls/gnutls:master Author: Angel Yankov As DSA is not-approved in FIPS 140-3, there is no need to run a self test on it. Signed-off-by: Angel Yankov ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code Note: This is re-opening: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1901 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 28 10:24:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 09:24:50 +0000 Subject: [gnutls-devel] GnuTLS | memleak in wrap_nettle_mpi_init (#1328) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1328#note_2231771045 As the description from https://gitlab.com/gnutls/gnutls/-/issues/1328#note_1651254565 indicates that the issue is caused by incorrect use of API, I'm going to close this issue. If this is not the case, please file a separate ticket -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1328#note_2231771045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 28 10:24:51 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 09:24:51 +0000 Subject: [gnutls-devel] GnuTLS | memleak in wrap_nettle_mpi_init (#1328) In-Reply-To: References: Message-ID: Issue was closed by Alicja Kario (@mention me if you need reply) Issue #1328: https://gitlab.com/gnutls/gnutls/-/issues/1328 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1328 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 29 00:37:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 23:37:23 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1901) In-Reply-To: References: Message-ID: Merge request !1901 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1901 Project:Branches: ayankov/gnutls:fips/no_dsa_selfcheck to gnutls/gnutls:master Author: Angel Yankov Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 29 00:37:35 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 23:37:35 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1901) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1901#note_2233100758 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1901#note_2233100758 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 29 00:37:42 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 23:37:42 +0000 Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS mode. (!1901) In-Reply-To: References: Message-ID: Merge request !1901 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1901 Project:Branches: ayankov/gnutls:fips/no_dsa_selfcheck to gnutls/gnutls:master Author: Angel Yankov -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1901 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 29 00:41:36 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 23:41:36 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1900) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1900 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900#note_2233101792 > > - /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy > + /* SHA-1 is not allowed for SigVer in FIPS 140-3 in legacy As mentioned previously, this comment no longer makes sense and should be removed. -- Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900#note_2233101795 > /* In FIPS 140-3, RSA key size should be larger than 2048-bit. > - * In addition to this, only SHA-1 and SHA-2 are allowed > + * In addition to this, SHA-2 is allowed I'd keep "only" here -- Daiki Ueno started a new discussion on lib/pubkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900#note_2233101797 > /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy Remove this comment as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 29 00:41:34 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 23:41:34 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1900) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900#note_2233101801 Code-wise, it looks good to me. Please fix indentation error at https://gitlab.com/ayankov/gnutls/-/jobs/8492392607#L63 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900#note_2233101801 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 29 00:43:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 23:43:03 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS mode (!1897) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2233102149 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2233102149 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 29 00:43:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 28 Nov 2024 23:43:07 +0000 Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS mode (!1897) In-Reply-To: References: Message-ID: Merge request !1897 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897 Project:Branches: 0140454/gnutls:fips/mark-eddsa-approved to gnutls/gnutls:master Author: Po-Hsing Wu -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 29 14:36:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 29 Nov 2024 13:36:53 +0000 Subject: [gnutls-devel] GnuTLS | Client side: unable to detect early data size of UINT32_MAX (#1619) References: Message-ID: Stefan Eissing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1619 Working on curl's QUIC support using gnutls + ngtcp2, I seem to be unable to distinguish between a server wihout Early Data support and the many implementations (Caddy, nghttpx) that announce a max early data of UINT32_MAX. `session->security_parameters.max_early_data_size` is initialized on the client side as UINT32_MAX and, if the server does not send the extension in the tickets, it is not set to 0. I fail to find an alternative way of detecting that the server does not support it. Given that, would it not be correct to set the value to 0 when receiving a session ticket that does not carry the extension? Many thanks for the help. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1619 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 30 03:34:24 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 30 Nov 2024 02:34:24 +0000 Subject: [gnutls-devel] GnuTLS | Certificate verification: validity period format check (#1620) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1620 ## Description of problem: Gnutls mistakenly validated a certificate that does not comply with RFC5280 RFC5280 stipulates: CAs conforming to this profile MUST always encode certificate validity dates through the year 2049 as UTCTime; certificate validity dates in 2050 or later MUST be encoded as GeneralizedTime. Cryptography performs this check and treats the use case that does not conform to the format as a verification failure ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * certtool --verify --load-ca-certificate RootCA.pem --infile Cert17319380403.pem [validity.zip](/uploads/4dbc367f07393cab83aa8dd566213647/validity.zip) ## Actual results: Chain verification output: Verified. The certificate is trusted. ## Expected results: validation failed: validity dates between 1950 and 2049 must be UtcTime -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: